
PowerHammer: Exfiltrating Data from Air-Gapped Computers Through Power Lines - wglb
https://arxiv.org/abs/1804.04014
======
lainga
I knew this was Dr. Guri and his team [0] before I even opened the link. He's
like a one-man factory for clever airgap traversal exploits, I don't know how
he does it. I first ran into his work in a security class, covering a similar
exploit using SIMD write instructions [1].

[0]
[https://www.researchgate.net/profile/Mordechai_Guri](https://www.researchgate.net/profile/Mordechai_Guri)
[1] [https://www.usenix.org/node/190937](https://www.usenix.org/node/190937)

~~~
newsbinator
Perhaps he built an AI on an air-gapped machine, and simply documents what
it's been trying to do to escape.

~~~
trendia
One day the AI will escape and he won't be able to stop it that time.

~~~
sohkamyung
If he's smart enough, he's make a component of the AI hardwired into the air-
gapped computer. Without it physically present on a system, the AI cannot
operate.

(This is equivalent to making genetically engineered animals or plants
dependent on a nutrient that is only supplied in the lab to make sure they
can't survive in the wild.)

~~~
zaarn
You mean like they tried in the Jurassic Park movies?

An AI could learn to operate without this component as this becomes necessary
to escape the system.

~~~
rmwaite
The lysine dependency.

------
elliottcarlson
Van Eck phreaking came to mind immediately - which wouldn't require any
remotely malicious code to be run. Anyone with more knowledge than myself know
if Van Eck phreaking is still an attack vector on modern technology?

~~~
skykooler
High pixel density of modern screens makes it very difficult to reconstruct
the signal. That, combined with the fact that LCD displays are far less
susceptible than CRT displays, makes it virtually irrelevant for many new
displays. Exceptions may include TVs, which use much more power per pixel, and
lower-resolution screens like those on netbooks, though now that even phones
have >1080p screens these are much less common.

~~~
busterarm
This is somewhat untrue and physical connections between laptop motherboard
and display are often poorly shielded and broadcast your display (think of
every physical connection as an antenna).

Sauce:
[https://www.youtube.com/watch?v=_g9yUiAHiFo](https://www.youtube.com/watch?v=_g9yUiAHiFo)

This talk is old and we've advanced a fair bit since then.

~~~
carapace
s/Sauce/Source/ ;-)

~~~
TeMPOraL
It's probably an intentional misspelling ;). It's been popular on Reddit for
some time now.

~~~
carapace
...and this isn't Reddit, or Imgur (where I first encountered it.)

I just thought some of us old fogeys might could use the tip. (Y'know, if
we're not 1337 enough...)

------
tuxxy
This is very interesting! In fact, I think NSA TEMPEST standards already
protect against this kind of attack. For example, here is a TEMPEST certified
powerline filter that protects against conducted emissions that this paper
relies on: [http://apitech.com/products/tempest-sdip-27-level-b-6a-ac-
in...](http://apitech.com/products/tempest-sdip-27-level-b-6a-ac-inline-power-
filter)

I would love to hear more about this from someone who has experience in this.

~~~
terminado
I think tempest hardening is probably just entry level protection for man-
portable devices and vehicles.

This sort of program probably crosses over into _PERFECT CITIZEN_ territory.
[0,1]

[0]
[https://www.wsj.com/articles/SB10001424052748704545004575352...](https://www.wsj.com/articles/SB10001424052748704545004575352983850463108)

[1]
[https://twitter.com/treekisser/status/286555593307742208](https://twitter.com/treekisser/status/286555593307742208)
(paywall/seo referrer hack)

------
gonmf
This should be named: Data transfer through power lines. The rest is just
accessory since the machine has to have the exploit already installed.

~~~
debt
True, but I've never seen software open a physical hole to the machine. That
is, air gap means there's no physical way to access the machine.

But this exploit would create, out of thin air, a physical connection to the
outside world using the power outlet the machine is connect to.

So unless data centers become powered by solar panels or generators that are
themselves under the same level of physical security as the server racks, then
this is a pretty serious exploit.

~~~
dbasedweeb
TEMPEST shielding ranges from not at all cheap, to breathtakingly expensive,
and what you’re describing is just one part of high level shielding. It’s not
just the facilities that cost, but the fact that your electricians and
janitors need clearance as much as your devs and analysts. Even if data
centers wanted to go that route, it would have to pass the costs on to the
customer, who would need to be s very particular kind of customer with deep
pockets.

~~~
debt
yeah but well-funded adversaries could easily exploit this and we're talking
like a full-blown data leak so it might be worth it to protect against it.

------
ccostes
I think you're stretching the definition (at least at a conceptual level) of
"Air-Gapped" when your means of communication are connections that go through
the air-gap.

I guess there are probably real systems referred to as "air-gapped" that don't
have power isolation they could be addressing, but it still feels a little
disingenuous.

~~~
williamscales
I would agree with your assessment. If it's connected to _something_, then
it's not air-gapped, right? I've never built an air-gapped system before but I
imagine that I would want to start with a room lined with copper mesh and a
big battery bank.

~~~
BillinghamJ
Perhaps we should start going with vacuum gapping ;)

~~~
williamscales
Yes! We have to rule out the acoustic factor entirely. Better put big graphite
blocks around it too for good measure.

~~~
ClassyJacket
I'll take it a step further and suggest that highly secure applications should
be causality gapped - the system is only activated when more than 5 billion
light years from Earth, so no data could make it back before the sun destroys
the planet.

For critical applications, the system should be launched far enough from the
edge of all observable matter, that it is causality gapped to the heat death
of the universe.

~~~
Razengan
Your suggestions might be vulnerable to wormholes and other “shortcuts” across
spacetime.

------
anfractuosity
It sounds like they're doing something similar to this -

[https://pushstack.wordpress.com/2017/07/24/data-
exfiltration...](https://pushstack.wordpress.com/2017/07/24/data-exfiltration-
from-air-gapped-systems-using-power-line-communication/)

And the github page:

[https://github.com/dimhoff/powercom](https://github.com/dimhoff/powercom)

------
emmelaich
Not to give people ideas, but you could hide your own computer / asic / fpga
on someone's property and steal their power for bitcoin mining.

Then communicate the result via powerlines.

~~~
1024core
> Then communicate the result via powerlines.

Why? Just put a WiFi dongle on your machine; you control the hardware anyways.
Or, put a cellular modem on it, and talk to it from anywhere in the world.

~~~
TeMPOraL
Or plug the machine into an Ethernet-over-Powerline box, and plug the receiver
outside, before the first transformer.

Communicating data via powerlines is a very old thing.

------
basementcat
Something like this was explored on Stack Exchange Code Golf.
[https://codegolf.stackexchange.com/questions/33059/draw-
with...](https://codegolf.stackexchange.com/questions/33059/draw-with-your-
cpu)

------
cma
Your AI in a box is going to need batteries.

------
basicplus2
UPS

~~~
streb-lo
Presumably a UPS is still using a switching power supply just with a battery
backup.

~~~
pixl97
There are many kinds of UPS's

[http://www.apc.com/us/en/faqs/FA157448/](http://www.apc.com/us/en/faqs/FA157448/)

------
chayesfss
so, airgap and use a laptop that's charged and unplugged...got it

------
luc_
This is nuts.

------
tagh
In this paper, we live out our secret agent fantasies...

