This Wild Malware Attack Can Wirelessly Slurp Data Through Your PC's Power Supply
There are multiple ways to sneakily extract data from a PC, and not all of them involve directly tapping into the storage device. Even a PC that is not connected to a network is vulnerable. These are referred to as air gapped systems, and security researcher Mordechai Guri from Israel's Ben Gurion University of the Negev found yet another way to siphon data from them, this time by interpreting sounds from the power supply.
Guri is a bit of a specialist in this area. Last month, he outlined a clever method of extracting data from an air gapped PC by manipulating and interpreting case fan vibrations. He referred to this method as 'AiR-ViBeR' in a whitepaper. While limited in scope, if a person is able to infect a local PC—like a co-worker's system, for example—they could then plop their smartphone on the same table as the infected PC (or one that is nearby) and use the phone's built in sensors to steal data from subtly manipulated vibrations caused by the fans.
Earlier this year, Guri also demonstrated how it would be possible to swipe data by manipulating a PC monitor's brightness. The sneaky scheme would go unnoticed to the naked eye, allowing for an attacker to covertly swipe sensitive information by decoding small changes in brightness.
The power supply presents yet another covert attack vector. Guri calls this approach 'POWER-SUPPLaY' in a whitepaper on the topic (PDF), and like the other two methods outlined, is an air gapped vulnerability of sorts.
"Our developed malware can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker with limited capabilities. The malicious code manipulates the internal switching frequency of the power supply and hence controls the sound waveforms generated from its capacitors and transformers," the whitepaper explains.
Leveraging this method, audio tones between 0-24kHz get produced and transmit binary data to a nearby receiver, like a smartphone. These binary bits can represent files, keystrokes (effectively making it a keylogger), encryption keys, and so forth.
This works even with a PC's audio is disabled and/or there are no speakers attached. It's just a matter of placing a smartphone within 2.5 meter of the target system.
"We show that malware running on a computer can use the power supply as an out-of-band speaker. A code executed in the system can intentionally regulate the internal switching frequency of the power supply, and hence control the waveform generated from its capacitors and transformers," the whitepaper states.
As with other air gapped attacks, this is not something that the average user needs to worry about. However, it's definitely something to keep in mind for people who handle sensitive data, be it at a government agency or a major business.