Following reports from The Daily Swig, it was found that a security researcher has developed an leftfield technique for extracting data from air-gapped systems that relies on hacking power supplies. The Mission Impossible-style approach, dubbed ‘POWER-SUPPLaY’, relies on creating an acoustic covert channel by turning a PC’s power supplies into speakers. The technique, developed by Israeli security researcher Dr Mordechai Guri, is capable of working on secure air-gapped PCs, even in cases where the owners have taken the extra precaution of disabling audio hardware and forbidding the use of loudspeakers. Providing attackers can first get the POWER-SUPPLaY malware onto the hardware then servers, PCs and IoT devices might still leak data – even if cases where they are both air-gapped and audio-gapped, as Dr Guri explains in a paper. “Our developed malware can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker with limited capabilities,” the researcher explains. “The malicious code manipulates the internal ‘switching frequency’ of the power supply and hence controls the sound waveforms generated from its capacitors and transformers.”

May 08, 2020

Martin Jartelius

+ Follow Me - UnFollow Me

CSO

Outpost24

This is again very niche, and an impractical, hack. There is no using of this as a means of bidirectional communication, and someone would still need to place other units, devices or infections into the area which would read the results, listen on the audio and so on. It carries a novelty value. The practical value is still, for pretty much every organisation in the world, less serious than the risks imparted by users reading email. It does not take away in anyway the novelty value of the.....Read More

This is again very niche, and an impractical, hack. There is no using of this as a means of bidirectional communication, and someone would still need to place other units, devices or infections into the area which would read the results, listen on the audio and so on. It carries a novelty value. The practical value is still, for pretty much every organisation in the world, less serious than the risks imparted by users reading email. It does not take away in anyway the novelty value of the research, but it is for almost every application a novelty.  Read Less

Like(1)  (0)

×

Linkedin Message

@Martin Jartelius, CSO , provides expert commentary at @Information Security Buzz.
"It does not take away in anyway the novelty value of the research, but it is for almost every application a novelty...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/hacking-power-supplies-allows-data-to-be-lifted-from-air-gapped-systems-expert-reaction

Copy this message and share on your Linkedin profile. Thanks! COPY

×

Facebook Message

@Martin Jartelius, CSO , provides expert commentary at @Information Security Buzz.
"It does not take away in anyway the novelty value of the research, but it is for almost every application a novelty...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/hacking-power-supplies-allows-data-to-be-lifted-from-air-gapped-systems-expert-reaction

Copy this message and share on your Facebook profile. Thanks! COPY

Please login to comment.

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *

Your Registered Email *

Notification Email (If different from your registered email)

* By using this form you agree with the storage and handling of your data by this web site.

SUBMIT

Thank you, your expert comments have been submitted for review.

×

Upload Content

Youtube Link  

Image  

---

Youtube Link (Ex: https://www.youtube.com/watch?v=eUxUUarTRW4 )

Add

Uploading the content. Please wait....

Submit

×