Hackers have found a way to steal data from a PC through its power supply. It’s a complex process that requires a lot of explaining, but it’s also an impressive display of electrical engineering knowledge.
The core of this situation is that these computers are “air-gapped”. An air gap is a computer or system of computers that never connects to the internet, nor another device that connects to the internet. This makes air-gapped computers desirable in situations involving extremely important information, like military bases and financial institutions. The lack of an IP address or any outgoing data means these machines can only transmit information through physical media.
Most people would assume that means USB drives, speakers, and monitors, but the research and development team at the Ben Gurion University of the Negev in Israel has expanded that definition to its literal meaning. In a research paper sent to ZDNet, the team’s leader, Mordechai Guri, explains that they can now extract data from a computer by using its power supply to create sound. As ridiculous as it may seem, this is an important ability to have as speakers have been compromised in the past, after being instructed to expose data via malicious software.
Guri’s team has spent years turning every physical component of a PC into a tool that can leak information. In this case, the process begins with malware that tells the machine’s power supply to generate a soundwave that another device can pick up. The sounds themselves are triggered by the changing frequencies of electric currents traveling through a system’s capacitors. Binary data can be interpreted through this method, presumably by assigning each frequency to a sound. Hypothetically, a “1” would produce one sound, and a “0” would produce another. The sequence of 1’s and 0’s being relayed to the attacking device would tell its owner short-form information like passwords or encryption keys.
This is incredibly granular stuff, transmitting only 50 bits per second at maximum (far less data than a calculator handles to produce an image of a single number). Additionally, the system is limited to about five meters right now. Guri suggests this setup would take minutes to produce a single password. However, it’s also practically anonymous. Since it doesn’t need any permissions from an operating system, it can exfiltrate data unbeknownst to the user, and do so from any interaction on the machine, as they all would trigger an interaction with the system’s capacitors. The trickiest part is likely getting the software onto a device to then be installed on the machine itself.
Guri and the university’s R&D team have found similar processes of hacking machines using physics, and they’re all astounding. In one case, they managed to hack a computer to give away text typed into a word processor by using the heat generated inside the PC. They’ve also managed this using the LEDs on a keyboard, tricking them into relaying information via a Morse code-adjacent system. The goal in all of this is to improve the security of air-gapped machines, but that doesn’t make it any less terrifying.