Products > Dodgy Technology

Rubbish Claim - Data leak through power line by throttling CPU cores.

(1/6) > >>

Vendicar Decarian:
PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines

Mordechai Guri, Boris Zadov, Dima Bykhovsky, Yuval Elovici

10 Apr 2018

In this paper we provide an implementation, evaluation, and analysis of PowerHammer, a malware (bridgeware [1]) that uses power lines to exfiltrate data from air-gapped computers. In this case, a malicious code running on a compromised computer can control the power consumption of the system by intentionally regulating the CPU utilization. Data is modulated, encoded, and transmitted on top of the current flow fluctuations, and then it is conducted and propagated through the power lines. This phenomena is known as a 'conducted emission'. We present two versions of the attack. Line level powerhammering: In this attack, the attacker taps the in-home power lines1 that are directly attached to the electrical outlet. Phase level power-hammering: In this attack, the attacker taps the power lines at the phase level, in the main electrical service panel. In both versions of the attack, the attacker measures the emission conducted and then decodes the exfiltrated data. We describe the adversarial attack model and present modulations and encoding schemes along with a transmission protocol. We evaluate the covert channel in different scenarios and discuss signal-to-noise (SNR), signal processing, and forms of interference. We also present a set of defensive countermeasures. Our results show that binary data can be covertly exfiltrated from air-gapped computers through the power lines at bit rates of 1000 bit/sec for the line level power-hammering attack and 10 bit/sec for the phase level power-hammering attack.

ebastler:
Why do you think this is "rubbish"?
Have you read the full paper? It seems viable to me. https://arxiv.org/pdf/1804.04014.pdf

Please elaborate on why you think this won't work.

Marco:
It's not rubbish, but it's also not terribly significant.

An air gap crossing side channel which can run on two rooted but otherwise unmodified computers can be useful, something which requires you to put a current monitor somewhere in the building and even then only manages 1 bit/s ... less so.

ebastler:

--- Quote from: Marco on April 14, 2018, 01:46:07 pm ---It's not rubbish, but it's also not terribly significant.

An air gap crossing side channel which can run on two rooted but otherwise unmodified computers can be useful, something which requires you to put a current monitor somewhere in the building and even then only manages 1 bit/s ... less so.

--- End quote ---

I think this could very well be used in practice. Not if physical access to the whole target building is controlled, of course; but if you want to tap into a flat or an office floor, and have access e.g. to the electricity meters in the basement?

And somewhat more than 1 bit/s seems feasible -- 10 bit/s minus some margin for error-correcting checksums, to deal with the 4% bit error rate. Certainly enough for a keylogger, for example, or for slowly trickling out some file contents.

ogden:

--- Quote from: ebastler on April 14, 2018, 02:07:20 pm ---And somewhat more than 1 bit/s seems feasible -- 10 bit/s minus some margin for error-correcting checksums, to deal with the 4% bit error rate. Certainly enough for a keylogger, for example, or for slowly trickling out some file contents.

--- End quote ---

Conclusion chapter: The results show that data can be exfiltrated from air-gapped computers through the power lines at bit rates of 1000 bit/sec for line level powerhammering, and 10 bit/sec for phase level power-hammering.

Particular approach is good when use of faster, but requiring close proximity transmitters such as AirHopper, is not possible.

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version