Andrea Danti - Fotolia
Researchers from Israel's Ben-Gurion University of the Negev showed how a power cable could enable hackers to steal data from air-gapped computers. What is this vulnerability, and how can it be exploited?
PowerHammer is a proof-of-concept malware program the researchers created to take advantage of a vulnerability in power lines that enables attackers to exfiltrate data from air-gapped computers. When the PowerHammer proof of concept is implanted on an air-gapped computer, it monitors and measures the fluctuations in the current flow being transmitted through the power lines.
The researchers showed that the malware can transmit data by regulating the system's power consumption by controlling the workload of the CPU; an attacker would be able to receive the exfiltrated data by monitoring changes in the current flow along the power line. Binary data is modulated, encoded and transmitted through the power lines in the form of current flow fluctuations.
The researchers demonstrated data exfiltration from a PC powered by an Intel Haswell-era quad-core processor, achieving a transfer rate of 1,000 bits per second (bps). When targeting a server running an Intel Xeon E5-2620 processor, the researchers were able to exfiltrate data at 100 bps.
Depending on where powerhammering attacks against air-gapped computers occur, the speed at which attackers can exfiltrate data ranges from 10 to 1,000 bps. Higher exfiltration speeds are possible when using power lines attached to electrical outlets inside the target building. This type of attack is known as line-level powerhammering.
Power lines that are outside the building are attached to a main electrical service panel that divides electrical power into subsidiary phases. In these cases, the attack offers much lower throughput.
The researchers showed that the powerhammering attack is still possible if the power line is tapped at the phase level, but exfiltration would occur at up to 10 bps. The slower speed is due to background noise on the exterior cables caused by the sharing of the power supply with appliances, lights and any other electrical devices connected to the power supply. This type of attack is known as phase-level powerhammering.
In both cases, attackers measure emissions on power lines to exfiltrate data.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Judith Myerson
FragmentSmack, a DDoS vulnerability first discovered in Linux, affects Windows as well as nearly 90 Cisco products. Discover how it can be exploited ... Continue Reading
New speculative execution vulnerabilities have been found affecting Intel processors. Learn how these flaws can lead to side-channel attacks with ... Continue Reading
Qihoo 360 Netlab researchers found that TZSP traffic was being redirected from vulnerable routers. Learn what this type of traffic is and how this ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.