Tuesday, May 5th 2020
POWER-SUPPLaY Cyberattack Steals Data From Air-Gapped PC via Power Supply
It was only a few weeks ago when we reported that Dr. Mordechai Guri and his team had devised a new cyberattack known as Air-ViBeR which could use the vibrations of a PC's fans to steal data by regulating fan speed and recording the sounds on a nearby smartphone. This time Dr. Mordechai and his team have discovered a way to silently transmit data from the ultrasonic frequencies put out by a PC power supply they have dubbed this new attack POWER-SUPPLaY. The cyberattack involves a piece of malware that can alter system load by changing the CPU workload, this causes the PC power supply to change its ultrasonic frequencies which can be detected by a smartphone at a maximum distance of 5 m.
While this cyberattack is certainly technologically impressive, it is unlikely to ever be used out of anything but a Hollywood movie due to some fatal limitations. The attack requires the computer to be compromised and for a mobile device to be within listening distance for a prolonged time, the transmission rate of the attack is only 50 bits per second, or equivalent to about 22.5 kB per hour. With such a low transmission rate the only data that could be feasibly transmitted would be plain text at a rate of 10,000 words an hour.
Dr. Mordechai Guri and his team have posted a demonstration video of the cyberattack in action.
Source:
Air-Gap Research Page
While this cyberattack is certainly technologically impressive, it is unlikely to ever be used out of anything but a Hollywood movie due to some fatal limitations. The attack requires the computer to be compromised and for a mobile device to be within listening distance for a prolonged time, the transmission rate of the attack is only 50 bits per second, or equivalent to about 22.5 kB per hour. With such a low transmission rate the only data that could be feasibly transmitted would be plain text at a rate of 10,000 words an hour.
9 Comments on POWER-SUPPLaY Cyberattack Steals Data From Air-Gapped PC via Power Supply
And these people call themselves "scientists", what a joke. "Dr. Mordechai Guri and his team"...just wow, impressive work indeed.
Between these and the vulnerabilities of mainstream desktop CPUs, that affect pretty much nobody ever using a PC for mainstream purposes, like media consumption, gaming, editing and such, the entire field oif people finding "vulnerabilities" in modern PCs is becoming a joke.
PS: I like Legos too.
Air Supplay? Viber? :twitch:
But in order to fully protect a PC from this stuff; or any device, just shield it out. That simple. This demonstration however could lead to future devices that could listen to a PC in general, and pretty much all it's doing. We're not far from this really.
Seriously, while these aren't vulnerabilities in the traditional sense, that does not mean they are useless. Those who need them, pay for them.Sensitivity wise... we kinda are.