‘POWER-SUPPLaY’ allows data to be lifted from air-gapped systems

A security researcher has developed an leftfield technique for extracting data from air-gapped systems that relies on hacking power supplies. The Mission Impossible-style approach, dubbed ‘POWER-SUPPLaY’, relies on creating an acoustic covert channel by turning a PC’s power supplies into speakers. The technique, developed by Israeli security researcher Dr Mordechai Guri, is capable of working on secure air-gapped PCs, even in cases where the owners have taken the extra precaution of disabling audio hardware and forbidding the use of loudspeakers. Providing attackers can first get the POWER-SUPPLaY malware onto the hardware then servers, PCs and IoT devices might still leak data – even if cases where they are both air-gapped and audio-gapped, as Dr Guri explains in a paper. “Our developed malware can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker with limited capabilities,” the researcher explains. “The malicious code manipulates the internal ‘switching frequency’ of the power supply and hence controls the sound waveforms generated from its capacitors and transformers.”

Source: Daily Swig

The post ‘POWER-SUPPLaY’ allows data to be lifted from air-gapped systems appeared first on IT Security Guru.