A team of academics has successfully developed and tested malware that can exfiltrate data from air-gapped computers via power lines. The team —from the Ben-Gurion University of the Negev in Israel— named their data exfiltration technique PowerHammer.
PowerHammer works by infecting an air-gapped computer with malware that intentionally alters CPU utilization levels to make the victim's computer consume more or less electrical power.
By default, computers extract power from the local network in a uniform manner. A PowerHammer attack produces a variation of the amount of power a victim's PC sucks from the local electrical network. This phenomena is known as a "conducted emission."
By altering the high and low power consumption levels, PowerHammer malware can encode binary data from a victim's computer into the power consumption pattern.
There are two types of PowerHammer attacks
To retrieve this data, an attacker must tap a victim's electrical network so it can read the power consumption variation and decode the binary data hidden inside.
Based where the attacker places his tapping rig, two types of PowerHammer attacks exists, with two different exfiltration speeds.
.......
.......
.......
