Q
Manage Learn to apply best practices and optimize your operations.

Powerhammering: Can a power cable be used in air-gapped attacks?

Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power cables.

Researchers from Israel's Ben-Gurion University of the Negev showed how a power cable could enable hackers to steal...

data from air-gapped computers. What is this vulnerability, and how can it be exploited?

PowerHammer is a proof-of-concept malware program the researchers created to take advantage of a vulnerability in power lines that enables attackers to exfiltrate data from air-gapped computers. When the PowerHammer proof of concept is implanted on an air-gapped computer, it monitors and measures the fluctuations in the current flow being transmitted through the power lines.

The researchers showed that the malware can transmit data by regulating the system's power consumption by controlling the workload of the CPU; an attacker would be able to receive the exfiltrated data by monitoring changes in the current flow along the power line. Binary data is modulated, encoded and transmitted through the power lines in the form of current flow fluctuations.

The researchers demonstrated data exfiltration from a PC powered by an Intel Haswell-era quad-core processor, achieving a transfer rate of 1,000 bits per second (bps). When targeting a server running an Intel Xeon E5-2620 processor, the researchers were able to exfiltrate data at 100 bps.

Depending on where powerhammering attacks against air-gapped computers occur, the speed at which attackers can exfiltrate data ranges from 10 to 1,000 bps. Higher exfiltration speeds are possible when using power lines attached to electrical outlets inside the target building. This type of attack is known as line-level powerhammering.

Power lines that are outside the building are attached to a main electrical service panel that divides electrical power into subsidiary phases. In these cases, the attack offers much lower throughput.

The researchers showed that the powerhammering attack is still possible if the power line is tapped at the phase level, but exfiltration would occur at up to 10 bps. The slower speed is due to background noise on the exterior cables caused by the sharing of the power supply with appliances, lights and any other electrical devices connected to the power supply. This type of attack is known as phase-level powerhammering.

In both cases, attackers measure emissions on power lines to exfiltrate data.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

This was last published in July 2018

Dig Deeper on Emerging cyberattacks and threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How does your enterprise keep an air-gapped computer safe?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close