Side-Channel Attack Turns Power Supply Into Speakers

If you work in a secure facility, the chances are pretty good that any computer there is going to be stripped to the minimum complement of peripherals. After all, the fewer parts that a computer has, the fewer things that can be turned into air-gap breaching transducers, right? So no printers, no cameras, no microphones, and certainly no speakers.

Unfortunately, deleting such peripherals does you little good when [Mordechai Guri] is able to turn a computer power supply into a speaker that can exfiltrate data from air-gapped machines. In an arXiv paper (PDF link), [Guri] describes a side-channel attack of considerable deviousness and some complexity that he calls POWER-SUPPLaY. It’s a two-pronged attack with both a transmitter and receiver exploit needed to pull it off. The transmitter malware, delivered via standard methods, runs on the air-gapped machine, and controls the workload of the CPU. These changes in power usage result in vibrations in the switch-mode power supply common to most PCs, particularly in the transformers and capacitors. The resulting audio frequency signals are picked up by a malware-infected receiver on a smartphone, presumably carried by someone into the vicinity of the air-gapped machine. The data is picked up by the phone’s microphone, buffered, and exfiltrated to the attacker at a later time.

Yes, it’s complicated, requiring two exploits to install all the pieces, but under the right conditions it could be feasible. And who’s to say that the receiver malware couldn’t be replaced with the old potato chip bag exploit? Either way, we’re glad [Mordechai] and his fellow security researchers are out there finding the weak spots and challenging assumptions of what’s safe and what’s vulnerable.

Thanks to [ttl] for the tip.

12 thoughts on “Side-Channel Attack Turns Power Supply Into Speakers

    1. Could squirt the information back up the mains cable by the same means. Of course that’s been thought of too and there will be BP filters on the mains supply to said facility.

  1. Let’s not ignore the elephant in the room. Why hack a power supply that a little background noise, or even background process, will ruin your result when you have a giant display to play with.

  2. Hm. 50 baud over five meters and streaming; yeah; sounds more like the “sound-your-RAM”-hack on the PDP-8. Even though I see the potential vulnerability, I also question the real feasibility. What is this “all secure” about? Only no-computer is a secure computer on that. A bit weird, isn’t it?

  3. if its a SMARTphone then its already recording and uploading audio to a server in another country being held under a foriegn set of laws of which the content creator has no legal basis to delete or even copy! read your user agreements!

    our free societey is only free when you carry a dumb-phone, otherwise be VERY careful who you piss off… they know your passwords because you mumbled them once one day in the privacy of your own home a long-long time ago, et. al.

      1. If they have no WiFi and can just have plain phone connections, it’s a lot harder to transmit any data.
        Sure it’s possible, but too much effort for a generic attack or general spying.

        There is also not nearly enough storage to keep recording what you say, when your phone is not in use.

        The always online phone, that has lots and lots of traffic, is almost impossible to control, in comparison.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.