A computer that is powered off the network can be used by hackers to steal data from it. Is it incredible? A research team at Ben Gurion University in Israel really did! Utilize the fluctuation of the electric current in the computer power cord to steal the sensitive data stored on the computer. It sounded like a fantasy, but the team had already invented several methods. In the event of a broken network, it could steal data from the computer. They thought of using light, sound, heat, and electromagnetic waves to steal computers from the data.
In general, disconnected computers are considered to be the most secure. Hackers cannot obtain data over the Internet. They can only adopt social engineering methods to infect computers through internal ghosts or physical connection devices, but they want to remotely disconnect from computers. Getting data information is quite difficult.
Now known as “PowerHammer” technology is to install specific malicious software on a broken network computer, use the computer’s CPU to generate a Morse code-like signal, through the power line data into binary code for transmission.
In order to obtain this binary information, a hacker needs to install a special device on the power supply in advance to monitor the current fluctuation when the power line transmits data. Malware installed on the computer can adjust the power consumption of the computer according to the workload of the CPU. When the data is transmitted through the power line, the data is decoded by monitoring the fluctuation of the electrical signal in the power line, and finally, the data is obtained. The research team stated that data signals can be decoded at a speed of 10 to 1000 bps. Of course, theoretically, the highest decoding speed can only be achieved by a hacker directly connected to a computer’s power cord. This attack is called line-level powerhammering. The lowest decoding speed is that hackers obtain data through other power supply devices outside the device. This attack mode is called phase-level powerhammering.
The Line-level PowerHammering attack is applicable to computers with Intel Haswell chips and Intel Xeon E5-2620 chips. The former can read data at speeds up to 1000 bps, and the latter can read data at speeds up to 100 bps with zero error. The performance of Phase-level powerhammering attack is far from satisfactory. Due to the electrical signal interference from other devices, the speed of data read zero error rate is only 3bps. If the speed rises to 10bps, the error rate reaches 4.2%.
This result shows that phase-level powerhammering can only be used to obtain a small amount of data, such as passwords, keys, and so on. You can read the “PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines” report here.
