Following reports from The Daily Swig, it was found that a security researcher has developed an leftfield technique for extracting data from air-gapped systems that relies on hacking power supplies. The Mission Impossible-style approach, dubbed ‘POWER-SUPPLaY’, relies on creating an acoustic covert channel by turning a PC’s power supplies into speakers. The technique, developed by Israeli security researcher Dr Mordechai Guri, is capable of working on secure air-gapped PCs, even in cases where the owners have taken the extra precaution of disabling audio hardware and forbidding the use of loudspeakers. Providing attackers can first get the POWER-SUPPLaY malware onto the hardware then servers, PCs and IoT devices might still leak data – even if cases where they are both air-gapped and audio-gapped, as Dr Guri explains in a paper. “Our developed malware can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker with limited capabilities,” the researcher explains. “The malicious code manipulates the internal ‘switching frequency’ of the power supply and hence controls the sound waveforms generated from its capacitors and transformers.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.