Jumping air gaps over powerlines.

At the upper end of security practices there is isolation. Disconnecting a computer from the network and of course the Internet provides a layer of physical control to system access. This air-gap is used to provide a barrier to information theft on individual computers and networks that contain very sensitive data by militaries and organisations. Finding ways to overcome this limitation and secretly extract, or exfiltrate data is important for defenders and adversaries alike.

In the latest in a series of research looking into viable methods from air-gapped computers the group at the Ben-Gurion University of the Negev in Israel have looked at power lines as a medium. They tried two approaches; ‘line level power-hammering’ and ‘phase-level’ power hammering. Of the two phase level is perhaps more interesting as it require the placement of the device at a local distribution board rather than at the computer itself as with line level. The data rates are slow but there are no obvious signs that the transfer is taking place.

The point of interest here is that no additional hardware is required at the machine to implement this. The installation of a device at a place that may be less scrutinised and the transfer of malware to a protected network (e.g. USB drop) seems feasible at least. Defenders should consider the potential impact of power networks when designing air-gapped systems. This paper also contains a good review of other methods of exfiltrating from air-gapped systems.

 

Source:

https://arxiv.org/abs/1804.04014