Just two weeks ago Dr. Mordechai Guri from the Ben Girion University in Israel published a paper detailing how to steal data from a PC through fan vibrations, and now he's found another way to snoop on your computer. This time, the reserarcher's done it by making a power supply sing data in ultrasonic [PDF (opens in new tab)].
The attack is used to siphon data from a totally air-gapped system. For those not familiar, an air-gapped computer is essentially one that's not connected to the internet, Wi-Fi, Bluetooth, or any other remote data connection, such as speakers, and is typically considered impossible to extract data from.
Guri's hack for extracting data through your best power supply is called, quite simply, POWER-SUPPLaY, and works in an equally simple manner. Malware present on the target PC reads out system data, and then alters the CPU's workload to cause changes in the system's load on the power supply. Although you can't hear the power supply, changing loads on it does alter the ultrasonic frequencies they produce, which the attacker then reads out using a mobile phone capable of recording the frequencies at a maximum distance of 5m (16.4 feet). The attack doesn't require any special hardware privileges to work.
The noise generated by the power supply comes from its transformers and capacitors, typically somewhere in the 20 kHz to 20 MHz range, according to the researcher. It is kind of like coil whine but beyond the audible range of human hearing.
However, this attack wouldn't be particularly effective in a real-life scenario. Although the success rate is high, the data rate of the attack is a measly 50 bits per second, or equivalent to about 22.5 kB per hour. That works out to about 10,000 words stored in plain text.
Another factor limiting the attack is that it requires malware to be installed on the target computer, as well as access to a nearby mobile phone for recording the data. It's also worth noting that if an attacker had access to all these devices, there'd be easier and more effective ways to extract data.
Therefore, we wouldn't worry about going to extreme measures to prevent this type of attack. Guri's research is meant primarily to showcase what could be done by attackers were they so inclined, with his work showing how to extract data when there are no viable alternatives, due to extreme security.
Next to siphoning your PC's data through its power supply, Guri's past methods for overcoming the security of air-gapped PCs include extracting data through fan vibrations, monitor brightness changes, HDD activity LEDs, data transmission through your PC's internal buzzer and keylogging through reading electromagnetic signals.
Heck, the SARS-CoV-2 virus is only 30k base-pairs. If I'm not mistaken, that would take only 10 minutes to copy. And the key molecules in a vaccine could be much smaller, depending on the data format.
Basically, you need a vector to get malware into the target machine, such as an infected USB stick used by a witting or unwitting insider.
However, especially if the insider is unwitting, just because you can get malware onto the target doesn't mean you can get data off of it. That's where these sorts of exploits come into the picture.
And before someone brings this up (which I'm sure they will, anyhow): if you're not in possession of data that a government agency or extremely motivated non-state actors would want, the exploit should be of no concern to you.
At some point in its life, even an air-gapped system must be installed. The malware could even have been incorporated into the installation image, or perhaps into some updates/drivers/etc. that get installed at some later point in the machine's life.
Oh, you're not being nearly paranoid enough. No, I submit that the machine and its windowless room should be in a two-layer Faraday cage, so it remains protected even while the operator is entering & exiting. The machine, itself should be locked in another cage, that prevents physical access.
...not to mention lasers - you gotta protect it with lasers! And thermal cameras, drones, and drones with thermal cameras. And maybe an access tunnel that you can only reach when the tide is out. Because it's guarded by sharks, of course. Sharks with lasers. And probably thermal imaging implants, as well.
And no Lady Gaga fans should be allowed near it. That should've been a red flag, right there!
Something is simple as a mechanism for blowing a dog whistle automatically
https://en.wikipedia.org/wiki/Dog_whistleFrom the quick google research I've read most speakers tap out at 20khz.
I am unsure if speakers are capable of going above 100khz or even into the 1Mhz range, but if we are securing nuclear codes, let's assume we spent the money to develop some 20khz - 20Mhz 0hz - 20Mhz speakers.
If we are spending millions of dollars developing super speakers we might as well allow them to play Bohemian Rhapsody in all its glory.
Of course our white noise 20khz - 20Mhz would still be playing in the inaudible background during our music.
Solution 2Place the computer in a vacuum.
You can't hear coil whine or screams in space.
Keeping components cool in a vacuum could be difficult but satellites appear to have no issue, even nuclear powered ones.
According to https://physics.stackexchange.com/questions/149832/cooling-a-satellite/149836Applying a black coating and using an ammonia in a loop heat pipe should be sufficient.
Peltier cooling also comes to mind.
Solution 3Mine bitcoin/altcoins to keep your power supply at a steady power state.
Not a maxed out power supply (that would be bad) but one that is incapable of being given any more work due to GPU and CPU being at 100%.
Something like a 500 watt load on a Corsair AX1600i, which also has the benefit of no fan noise/vibration when below 640 watts.
https://www.kitguru.net/wp-content/uploads/2018/01/L1003218.jpgBitcoin saves the world!!!
Now you're talkin'! And put a Xenomorph in there, to guard it, in case the intruder gets past the sharks.
But take care not to fry the guard-alien.
This is good, except requires network connectivity. However, plenty of workloads don't, such as computing digits of Pi.
Just keep the CPU continuously at max TDP by scheduling a low-priority task for each hyperthread. Then, buy a PSU with plenty of excess capacity.
Not working, for me.
I would be willing to wager that if "they" were listening and recording my PSU vibes, I would be locked away for a very long time.