If you work in a secure facility, the chances are pretty good that any computer there is going to be stripped to the minimum complement of peripherals. After all, the fewer parts that a computer has, the fewer things that can be turned into air-gap breaching transducers, right? So no printers, no cameras, no microphones, and certainly no speakers.
Unfortunately, deleting such peripherals does you little good when [Mordechai Guri] is able to turn a computer power supply into a speaker that can exfiltrate data from air-gapped machines. In an arXiv paper (PDF link), [Guri] describes a side-channel attack of considerable deviousness and some complexity that he calls POWER-SUPPLaY. It’s a two-pronged attack with both a transmitter and receiver exploit needed to pull it off. The transmitter malware, delivered via standard methods, runs on the air-gapped machine, and controls the workload of the CPU. These changes in power usage result in vibrations in the switch-mode power supply common to most PCs, particularly in the transformers and capacitors. The resulting audio frequency signals are picked up by a malware-infected receiver on a smartphone, presumably carried by someone into the vicinity of the air-gapped machine. The data is picked up by the phone’s microphone, buffered, and exfiltrated to the attacker at a later time.
Yes, it’s complicated, requiring two exploits to install all the pieces, but under the right conditions it could be feasible. And who’s to say that the receiver malware couldn’t be replaced with the old potato chip bag exploit? Either way, we’re glad [Mordechai] and his fellow security researchers are out there finding the weak spots and challenging assumptions of what’s safe and what’s vulnerable.
Thanks to [ttl] for the tip.
A facility that didn’t allow speakers, microphones, or cameras wouldn’t allow smartphones either. Because of the speaker, microphone, and camera.
Nor permit such devices anywhere near enough to receive the emissions from an infected system, the risks have been known for some while: https://en.wikipedia.org/wiki/Tempest_%28codename%29
Fun to develop the technique though :)
Could squirt the information back up the mains cable by the same means. Of course that’s been thought of too and there will be BP filters on the mains supply to said facility.
There are almost certainly air-gapped systems where management is only worried about online attacks and not employee exfiltration.
Bradley Manning checking in, ladies and gentleman! He was filming a special across the hall.
Hit “enter” too soon: The NSA and the DNC learned to their regret that “employee exfiltration” is actually a thing.
Let’s not ignore the elephant in the room. Why hack a power supply that a little background noise, or even background process, will ruin your result when you have a giant display to play with.
True, and not only that, why not hire or train an operative with photographic memory? Seems like an easier tactic.
Hm. 50 baud over five meters and streaming; yeah; sounds more like the “sound-your-RAM”-hack on the PDP-8. Even though I see the potential vulnerability, I also question the real feasibility. What is this “all secure” about? Only no-computer is a secure computer on that. A bit weird, isn’t it?
if its a SMARTphone then its already recording and uploading audio to a server in another country being held under a foriegn set of laws of which the content creator has no legal basis to delete or even copy! read your user agreements!
our free societey is only free when you carry a dumb-phone, otherwise be VERY careful who you piss off… they know your passwords because you mumbled them once one day in the privacy of your own home a long-long time ago, et. al.
Dumbphones are made in those same countries so they are a no go as well but thanks for playing.
If they have no WiFi and can just have plain phone connections, it’s a lot harder to transmit any data.
Sure it’s possible, but too much effort for a generic attack or general spying.
There is also not nearly enough storage to keep recording what you say, when your phone is not in use.
The always online phone, that has lots and lots of traffic, is almost impossible to control, in comparison.