PowerHammer

I recently watched a Tom Clancy based film called   ‘Jack Ryan: Shadow Recruit’ starring Chris Pine who portrays a CIA operative trying to disrupt a sinister Russian plot over attacking the US and crushing the US economy.  There’s a scene in the movie in which the character Ryan sneaks into a high security area (snicker) and plugs a device into an electrical outlet.  The device then infiltrates the air-gapped target computer and Ryan is able to get the incriminating data and understands the plot against the US.  I remember thinking to myself – that’s probably not very realistic.   I have to rethink that thought process.

I reviewed cyber related news this morning and saw an article on ‘The Hacker News’ that has me changing my mind.  ‘Hacker can Steal Data from Air-Gapped Computers Through Power Lines’ by Swati Khandelwal caught my attention.

According to Khandelwal, Researchers from Israel’s Ben Gurion University of the Negev—who majorly focus on finding clever ways to exfiltrate data from an isolated or air-gapped computer—have now shown how fluctuations in the current flow “propagated through the power lines” could be used to covertly steal highly sensitive data.

This is fascinating.  Especially since Khandelwal also claims researches from this same University has previously demonstrated various out-of-band communication methods to steal data from a compromised air-gapped computer using light, sound, heat, electromagnetic and ultrasound waves.

A simple security technique to protect classified information is to air-gap a computer to avaois infiltration by hackers via the internet.   The problem in this attack is two-fold; you need to get a device near the air-gapped computer and then you have to actually exfiltrate the data.  These are significant problems to overcome but who knows what the near future holds.

This is actually a malware attack called PowerHammer.  Rather than try to abbreviate the attack and technical details in my own words, here is the Abstract of the research paper describing the attack:

“Abstract—In this paper we provide an implementation, evaluation, and analysis of PowerHammer, a malware (bridgeware [1]) that uses power lines to exfiltrate data from air-gapped computers. In this case, a malicious code running on a compromised computer can control the power consumption of the system by intentionally regulating the CPU utilization. Data is modulated, encoded, and transmitted on top of the current flow fluctuations, and then it is conducted and propagated through the power lines. This phenomena is known as a ’conducted emission’. We present two versions of the attack. Line level powerhammering: In this attack, the attacker taps the in-home power lines1 that are directly attached to the electrical outlet. Phase level power-hammering: In this attack, the attacker taps the power lines at the phase level, in the main electrical service panel. In both versions of the attack, the attacker measures the emission conducted and then decodes the exfiltrated data. We describe the adversarial attack model and present modulations and encoding schemes along with a transmission protocol. We evaluate the covert channel in different scenarios and discuss signal-to-noise (SNR), signal processing, and forms of interference. We also present a set of defensive countermeasures. Our results show that binary data can be covertly exfiltrated from air-gapped computers through the power lines at bit rates of 1000 bit/sec for the line level power-hammering attack and 10 bit/sec for the phase level power-hammering attack.”

This paper was literally just published and is linked below if you’d like to learn more. In the near future, air-gapped computers will likely be at risk – if they already aren’t.

https://thehackernews.com/2018/04/hacking-airgap-computers.html

https://arxiv.org/pdf/1804.04014.pdf

 

Leave a Reply

Your email address will not be published. Required fields are marked *