POWER-SUPPLaY Cyberattack Steals Data From Air-Gapped PC via Power Supply

Uskompuf · May 6, 2020

It was only a few weeks ago when we reported that Dr. Mordechai Guri and his team had devised a new cyberattack known as Air-ViBeR which could use the vibrations of a PC's fans to steal data by regulating fan speed and recording the sounds on a nearby smartphone. This time Dr. Mordechai and his team have discovered a way to silently transmit data from the ultrasonic frequencies put out by a PC power supply they have dubbed this new attack POWER-SUPPLaY. The cyberattack involves a piece of malware that can alter system load by changing the CPU workload, this causes the PC power supply to change its ultrasonic frequencies which can be detected by a smartphone at a maximum distance of 5 m.

While this cyberattack is certainly technologically impressive, it is unlikely to ever be used out of anything but a Hollywood movie due to some fatal limitations. The attack requires the computer to be compromised and for a mobile device to be within listening distance for a prolonged time, the transmission rate of the attack is only 50 bits per second, or equivalent to about 22.5 kB per hour. With such a low transmission rate the only data that could be feasibly transmitted would be plain text at a rate of 10,000 words an hour.

Dr. Mordechai Guri and his team have posted a demonstration video of the cyberattack in action.

View at TechPowerUp Main Site

Alexandrus · May 6, 2020

Who the heck pays for these so called studies ? I mean, seriously..
And these people call themselves "scientists", what a joke. "Dr. Mordechai Guri and his team"...just wow, impressive work indeed.

Between these and the vulnerabilities of mainstream desktop CPUs, that affect pretty much nobody ever using a PC for mainstream purposes, like media consumption, gaming, editing and such, the entire field oif people finding "vulnerabilities" in modern PCs is becoming a joke.

metalslaw · May 6, 2020

Apparently it's the 1st of April.

moproblems99 · May 6, 2020

Alexandrus said:
Who the heck pays for these so called studies ? I mean, seriously..
And these people call themselves "scientists", what a joke. "Dr. Mordechai Guri and his team"...just wow, impressive work indeed.

Between these and the vulnerabilities of mainstream desktop CPUs, that affect pretty much nobody ever using a PC for mainstream purposes, like media consumption, gaming, editing and such, the entire field oif people finding "vulnerabilities" in modern PCs is becoming a joke.

It may not be feasible but it is still fundamentally interesting. It's ok that these things aren't for you, the Legos are over there.

PS: I like Legos too.

Vayra86 · May 6, 2020

Imagine if you're English language and you see it constantly mangled like this.

Air Supplay? Viber? :twitch:

DeathtoGnomes · May 6, 2020

Vayra86 said:
Imagine if you're English language and you see it constantly mangled like this.

Air Supplay? Viber?

IT could be worse...

Caring1 · May 6, 2020

Secure your air gapped PC, fill it with expanding foam.

rutra80 · May 6, 2020

There's ongoing patch from all major CPU vendors that will run a 100% busy task in the background all the time to render this vulnerability useless. Researchers expect that it might affect performance of our systems significantly.

Jism · May 7, 2020

Everything in a way is based on RF signals inside a PC. This was already obvious with the 70's and the 27mc thing. If you can find a way to 'listen' to those signals it's pretty much easy to obfuscate on what a PC is doing. I mean coilwhine in a way is a RF based signal too. You could extract the data a GPU is processing if you knew how to build the tools for it. As far as i know, a AMD cpu encrypts the stuff that it's doing.

But in order to fully protect a PC from this stuff; or any device, just shield it out. That simple. This demonstration however could lead to future devices that could listen to a PC in general, and pretty much all it's doing. We're not far from this really.

R-T-B · May 7, 2020

Alexandrus said:
Who the heck pays for these so called studies ? I mean, seriously..

If you are in the USA, most likely your tax dollars. Thank the Military Industrial complex...

Seriously, while these aren't vulnerabilities in the traditional sense, that does not mean they are useless. Those who need them, pay for them.

Jism said:
We're not far from this really.

Sensitivity wise... we kinda are.

System Name	Wut?
Processor	3900X
Motherboard	ASRock Taichi X570
Cooling	Water
Memory	32GB GSkill CL16 3600mhz
Video Card(s)	Vega 56
Storage	2 x AData XPG 8200 Pro 1TB
Display(s)	3440 x 1440
Case	Thermaltake Tower 900
Power Supply	Seasonic Prime Ultra Platinum

System Name	Tiny the White Yeti
Processor	7800X3D
Motherboard	MSI MAG Mortar b650m wifi
Cooling	CPU: Thermalright Peerless Assassin / Case: Phanteks T30-120 x3
Memory	32GB Corsair Vengeance 30CL6000
Video Card(s)	ASRock RX7900XT Phantom Gaming
Storage	Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s)	Gigabyte G34QWC (3440x1440)
Case	Lian Li A3 mATX White
Audio Device(s)	Harman Kardon AVR137 + 2.1
Power Supply	EVGA Supernova G2 750W
Mouse	Steelseries Aerox 5
Keyboard	Lenovo Thinkpad Trackpoint II
VR HMD	HD 420 - Green Edition ;)
Software	W11 IoT Enterprise LTSC
Benchmark Scores	Over 9000

System Name	Dumbass
Processor	AMD Ryzen 7800X3D
Motherboard	ASUS TUF gaming B650
Cooling	Artic Liquid Freezer 2 - 420mm
Memory	G.Skill Sniper 32gb DDR5 6000
Video Card(s)	GreenTeam 4070 ti super 16gb
Storage	Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s)	1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case	Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s)	onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply	Corsair HX1000i
Mouse	Steeseries Esports Wireless
Keyboard	Corsair K100
Software	windows 10 H
Benchmark Scores	https://i.imgur.com/aoz3vWY.jpg?2

System Name	H7 Flow 2024
Processor	AMD 5800X3D
Motherboard	Asus X570 Tough Gaming
Cooling	Custom liquid
Memory	32 GB DDR4
Video Card(s)	Intel ARC A750
Storage	Crucial P5 Plus 2TB.
Display(s)	AOC 24" Freesync 1m.s. 75Hz
Mouse	Lenovo
Keyboard	Eweadn Mechanical
Software	W11 Pro 64 bit

System Name	Pioneer
Processor	Ryzen R9 9950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64 / Windows 11 Enterprise IoT 2024