Researchers Demonstrate Data Theft via PC Power Cable

Researchers from Ben-Gurion University of the Negev (Israel) have published a report titled “PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines.” The article describes a method of installing malware that regulates CPU usage to create fluctuations in electrical current, which can then be modulated and encoded to transmit data.

Depending on the attacker’s approach, data can be extracted at speeds ranging from 10 to 1,000 bits per second. The extraction speed is higher if the attacker gains access to the computer’s power cable, and lower if they can only connect to the building’s electrical network.

The researchers developed malware called PowerHammer, which increases CPU load by selecting processor cores that are not currently used by user operations, helping to avoid detection. To modulate the data, the specialists used a frequency manipulation method, allowing them to transmit frequencies with specific amplitude fluctuations to represent binary 1s and 0s.

“The data is modulated, encoded, and transmitted over the existing current fluctuations, then redirected and propagated through power lines. This phenomenon is known as ‘conducted emission,’” the researchers added.