An Israeli hacker group managed to access data of an air-gapped PC by converting Power unit to a speaker
In the current era, it is difficult to safeguard our data from hackers as they have numerous techniques to breach our systems. Here comes a new way of hacking user systems that can affect air-gapped systems. This time, it is the “POWER-SUPPLaY” Attack that exploits the power supply of the target devices to steal data. Researchers from an Israeli university have shared insights into their findings in a detailed white paper.
A hacker group hacked into a PC with the help of PC’s Power Unit. They converted the Power Unit into a Speaker, as they hacked into the system using Sound. However, the PC did not have any speakers on the board. The Process is complex and requires lots of explanation, but an impressive method to hack into a System. The main process leads from the air gap in the PC, that is the PC come with “air-gapped”.
What is an Air-Gapped PC?
An air-gap is a computer or system of computers that never connects to the internet, nor another device that connects to the internet. This makes air-gapped computers desirable in situations involving extremely important information, like military bases and financial institutions. The lack of an IP address or any outgoing data means these machines can only transmit information through physical media.
How a Power Unit of your PC can leak Data?
Everyone reading this article must be thinking about how anyone can hack into a System using PC’s Power Unit. However, there is a team named Guri that tests every component of a PC into a tool to leak data.
As of the Power Unit, the process begins with malware that tells the machine’s power supply to generate a soundwave that another device can pick up. The sounds themselves are triggered by the changing frequencies of electric currents traveling through a system’s capacitors.
Binary data can be interpreted through this method, presumably by assigning each frequency to a sound. Hypothetically, a “1” would produce one sound, and a “0” would produce another. The sequence of 1’s and 0’s being relayed to the attacking device would tell its owner short-form information like passwords or encryption keys.
However, it can transmit only 50 bits per second at maximum (far less data than a calculator handles to produce an image of a single number). Additionally, the system is limited to about five meters right now. Guri suggests this setup would take minutes to produce a single password.
Air-gapped systems are considered a necessity in environments where sensitive data is involved in an attempt to reduce the risk of data leakage. The devices typically have their audio hardware disabled so as to prevent adversaries from leveraging the built-in speakers and microphones to pilfer information via sonic and ultrasonic waves.
The malware in the compromised computer, then, not only amasses sensitive data (files, URLs, keystrokes, encryption keys, etc.), it also transmits data in WAV format using the acoustic sound waves emitted from the computer’s power supply, which is decoded by the receiver — in this case, an app running on an Android smartphone.
What do you think about this? Share your views in the Comment Section below.