We all have seen “in case of cyber attack, pull the Ethernet cables” meme. That wont stop hackers from accessing your PC anymore. Disconnecting your pc from network means no data leak or cyber attack right? No, A team of academics developed and tested malware that can exfiltrate data from computers via power lines. The team – from the Ben-Gurion University of the Negev in Israel, named theirs data exfiltration technique PowerHammer.
How PowerHammer works ?
PowerHammer works by infecting a computer with malware that alters CPU utilization levels to make the victim’s computer consume more or less electrical power. Computers usually draws power from grid in a uniform manner but, this malware can encode any binary data and fluctuate the utilization similar to Morse code. High utilization represents 1 and low represents 0. This sequential code flow is decoded and data is extracted.
Attacker needs a hardware plugged in to power grid that will sense the variation in conduction emission. The tapping device consist of a split-core current transformer. This can output a square wave (Binary) which is later decoded.
Types of powerhammer attacks
There are two different types of attacks with slightly different methods and speed.
line level power-hammering: Attacker manages to tap the power cable between the air-gapped computer and the electrical socket. The speed for a line level hammering is around 1,000 bits/second.
phase level power-hammering: Attacker taps the power lines at the phase level, in electrical grid. This version of the PowerHammer attack is more stealthy but can recover data at only 10 bits/second, mainly due to greater amount of “noise” at the power line phase level.
This technique can be used to attack PCs, Servers or pretty much any IoT device. Exfiltration speed gets better with the more cores a CPU possesses. Find more info on their research paper – PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines