Side-Channel Attack Turns Power Supply Into Speakers

May 11, 2020 by 12 Comments

If you work in a secure facility, the chances are pretty good that any computer there is going to be stripped to the minimum complement of peripherals. After all, the fewer parts that a computer has, the fewer things that can be turned into air-gap breaching transducers, right? So no printers, no cameras, no microphones, and certainly no speakers.

Unfortunately, deleting such peripherals does you little good when [Mordechai Guri] is able to turn a computer power supply into a speaker that can exfiltrate data from air-gapped machines. In an arXiv paper (PDF link), [Guri] describes a side-channel attack of considerable deviousness and some complexity that he calls POWER-SUPPLaY. It’s a two-pronged attack with both a transmitter and receiver exploit needed to pull it off. The transmitter malware, delivered via standard methods, runs on the air-gapped machine, and controls the workload of the CPU. These changes in power usage result in vibrations in the switch-mode power supply common to most PCs, particularly in the transformers and capacitors. The resulting audio frequency signals are picked up by a malware-infected receiver on a smartphone, presumably carried by someone into the vicinity of the air-gapped machine. The data is picked up by the phone’s microphone, buffered, and exfiltrated to the attacker at a later time.

Yes, it’s complicated, requiring two exploits to install all the pieces, but under the right conditions it could be feasible. And who’s to say that the receiver malware couldn’t be replaced with the old potato chip bag exploit? Either way, we’re glad [Mordechai] and his fellow security researchers are out there finding the weak spots and challenging assumptions of what’s safe and what’s vulnerable.

Continue reading “Side-Channel Attack Turns Power Supply Into Speakers”

Fear Of Potato Chips: Samy Kamkar’s Side-Channel Attack Roundup

March 9, 2020 by 13 Comments

What do potato chips and lost car keys have in common? On the surface, it would seem not much, unless you somehow managed to lose your keys in a bag of chips, which would be embarrassing enough that you’d likely never speak of it. But there is a surprising link between the two, and Samy Kamkar makes the association in his newly published 2019 Superconference talk, which he called “FPGA Glitching and Side-Channel Attacks.

Continue reading “Fear Of Potato Chips: Samy Kamkar’s Side-Channel Attack Roundup”

Take Security Up A Notch By Adding LEDs

January 12, 2020 by 14 Comments

All computers are vulnerable to attacks by viruses or black hats, but there are lots of steps that can be taken to reduce risk. At the extreme end of the spectrum is having an “air-gapped” computer that doesn’t connect to a network at all, but this isn’t a guarantee that it won’t get attacked. Even transferring files to the computer with a USB drive can be risky under certain circumstances, but thanks to some LED lights that [Robert Fisk] has on his drive, this attack vector can at least be monitored.

Using a USB drive with a single LED that illuminates during a read OR write operation is fairly common, but since it’s possible to transfer malware unknowingly via USB drives, one that has a separate LED specifically for writing operations will help alert a user to any write operations that might be trying to fly under the radar. A recent article by [Bruce Schneier] pointed out this flaw in USB drives, and [Robert] was up to the challenge. His build returns more control to the user by showing them when their drive is accessed and in what way, which can also be used to discover unique quirks of one’s chosen operating system.

[Robert] is pretty familiar with USB drives and their ups and downs as well. A few years ago he built a USB firewall that was able to decrease the likelihood of BadUSB-type attacks. Be careful going down the rabbit hole of device security, though, or you will start seeing potential attacks hidden almost everywhere.

Twelve Circuit Sculptures We Can’t Stop Looking At

January 15, 2019 by 25 Comments

Circuits are beautiful in their own way, and a circuit sculpture takes that abstract beauty and makes it into a purposeful art form. Can you use the wires of the circuits themselves as the structure of a sculpture, and tell a story with the use and placement of every component? Anyone can exercise their inner artist using this medium and we loved seeing so many people give it a try. Today we announce the top winners and celebrate four score of entries in the Hackaday Circuit Sculpture Contest.

Let’s take a look at twelve outstanding projects that caught (and held) our eye:

Continue reading “Twelve Circuit Sculptures We Can’t Stop Looking At”

Wireless Charging Without So Many Chargers

January 15, 2019 by 11 Comments

[Nikola Tesla] believed he could wirelessly supply power to the world, but his calculations were off. We can, in fact, supply power wirelessly and we are getting better but far from the dreams of the historical inventor. The mainstream version is the Qi chargers which are what phones use to charge when you lay them on a base. Magnetic coupling is what allows the power to move through the air. The transmitter and receiver are two halves of an air-core transformer, so the distance between the coils exponentially reduces efficiency and don’t even think of putting two phones on a single base. Well, you could but it would not do any good. [Chris Mi] at San Diego State University is working with colleagues to introduce receivers which feature a pass-through architecture so a whole stack of devices can be powered from a single base.

Efficiency across ten loads is recorded at 83.9% which is phenomenal considering the distance between each load is 6 cm. Traditional air-gap transformers are not designed for 6 cm, much less 60 cm. The trick is to include another transmitter coil alongside the receiving coil. By doing this, the coils are never more than 6 cm apart, even when the farthest unit is a long ways from the first supply. Another advantage to this configuration is that tuned groups continue to work even when a load changes in the system. For this reason, putting ten chargeables on a single system is a big deal because they don’t need to be retuned when one finishes charging.

We would love to see more of this convenient charging and hope that it catches on.

Via IEEE Spectrum.

A Cleverly Concealed Magnetic Loop Antenna

June 23, 2018 by 39 Comments

We’re sure all radio amateurs must have encountered the problem faced by [Alexandre Grimberg PY1AHD] frequently enough that they nod their heads sagely. There you are, relaxing in the sun on the lounger next to the crystal-blue pool, and you fancy working a bit of DX. But the sheer horror of it all, a tower, rotator, and HF Yagi would ruin the aesthetic, so what can be done?

[Alexandre]’s solution is simple and elegant: conceal a circular magnetic loop antenna beneath the rim of a circular plastic poolside table. Construction is the usual copper pipe with a co-axial coupling loop and a large air-gapped variable capacitor, and tuning comes via a long plastic rod that emerges as a discreet knob on the opposite side of the table. It has a 10 MHz to 30 MHz bandwidth, and should provide a decent antenna for such a small space. We can’t help some concern about how easy to access that capacitor is, on these antennas there is induced a surprisingly large RF voltage across its vanes, and anyone unwary enough to sit at the table to enjoy a poolside drink might suffer a nasty RF burn to the knee. Perhaps we’d go for a remotely tuned model instead, for this reason.

[Alexandre] has many unusual loop projects under his belt, as well as producing commercial loops. Most interesting to us on his YouTube feed is this one with a capacitor formed from co-axial soft drink cans.

Thanks [Geekabit] for the tip.

A TEMPEST In A Dongle

November 26, 2017 by 27 Comments

If a couple of generations of spy movies have taught us anything, it’s that secret agents get the best toys. And although it may not be as cool as a radar-equipped Aston Martin or a wire-flying rig for impossible vault heists, this DIY TEMPEST system lets you snoop on computers using secondary RF emissions.

If the term TEMPEST sounds familiar, it’s because we’ve covered it before. [Elliot Williams] gave an introduction to the many modalities that fall under the TEMPEST umbrella, the US National Security Agency’s catch-all codename for bridging air gaps by monitoring the unintended RF, light, or even audio emissions of computers. And more recently, [Brian Benchoff] discussed a TEMPEST hack that avoided the need for thousands of dollars of RF gear, reducing the rig down to an SDR dongle and a simple antenna. There’s even an app for that now: TempestSDR, a multiplatform Java app that lets you screen scrape a monitor based on its RF signature. Trouble is, getting the app running on Windows machines has been a challenge, but RTL-SDR.com reader [flatfishfly] solved some of the major problems and kindly shared the magic. The video below shows TempestSDR results; it’s clear that high-contrast images at easiest to snoop on, but it shows that a $20 dongle and some open-source software can bridge an air gap. Makes you wonder what’s possible with deeper pockets.

RF sniffing is only one of many ways to exfiltrate data from an air-gapped system. From power cords to security cameras, there seems to be no end to the ways to breach systems.

Continue reading “A TEMPEST In A Dongle”