New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers

[upnorth]

Content source

https://thehackernews.com/2020/05/air-gap-malware-power-speaker.html

A researcher from Israel's Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive data from air-gapped and audio-gapped systems using a novel acoustic quirk in power supply units that come with modern computing devices.

Dubbed 'POWER-SUPPLaY,' the latest research builds on a series of techniques leveraging electromagnetic, acoustic, thermal, optical covert channels, and even power cables to exfiltrate data from non-networked computers. "Our developed malware can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker with limited capabilities," Dr. Mordechai Guri outlined in a paper published today and shared with The Hacker News.

New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers

This new malware can jump air-gapped and audio-gapped computers or IoT devices by turning their power-supplies into speakers.

thehackernews.com

 

[marcopaone]

What the hell

 

[show-Zi]

When this becomes widespread, I think it will be necessary to use expressions such as pandemics and clusters.

 

[Antus67]

This is a new twist for sure..............what's next???

 

[Ink]

.............what's next???

Avast Anti-Airgap Protection Premium

 

[MacDefender]

Luckily this is not in-the-wild malware but a proof of concept. There was a similar attack demonstrated a week or so ago: How one security researcher used radio signals to hop an air gap - CyberScoop

That one found a way to change the GPU clock speed simply using unprivileged code that just taxes the GPU more when it wants the GPU to run faster, and the resulting GPU RF noise could be received 50ft away.

As receivers become more sensitive, these kinds of attacks that conspiracy theorists loved to talk about are now becoming reality. Clock/frequency/power being dynamically adjusted is common on modern machines but those actions definitely generate leakage. I've had laptops with such bad capacitor whine before that you could tell when the machine was idle vs when it was working by whether it's whining or squealing -- almost gave me a 6th sense about when a video game was done loading or a job was done compiling

 

[Burrito]

Yeah, not good.

Some entities have been dealing with this for a long time.

Some refer to it as TEMPEST.

And all sorts of mitigation takes place to address it.

 

[MacDefender]

Yeah, not good.

Some entities have been dealing with this for a long time.

Some refer to it as TEMPEST.

And all sorts of mitigation takes place to address it.

Ah that was the term that was slipping my mind. Back when this threat was greatest with CRT screen radiation, some tools like PGP had a TEMPEST viewer mode. For example:

They removed this functionality a long time ago, mainly because that became an irrelevant threat.