Scientists eavesdrop on PCs by manipulating frequency of power supplies
Scientists at Ben Gurion University in Israel have developed malware that can eavesdrop on a computer on an air-gapped network by manipulating its power supply. The power supplies thus sent out their own audio signal, which could be picked up.
The scientists call their malware Power-Supplay. This allows them to leak data from an air-gapped computer. These are devices that are not connected to outgoing networks such as the Internet. Power-Supplay is malware that can manipulate a computer’s power supply so that it makes a certain sound. This is done by a phenomenon called a singing capacitor, where a capacitor makes a high-frequency sound when different amounts of current are passed through it.
The malware the scientists built can manipulate the power supply of the PSUs in such a way that they can determine which sounds the capacitors ‘sing’.
The malware on the PC can then convert binary data into associated power supply, which then triggers a specific audio frequency to be transmitted by the capacitors. Someone who can eavesdrop on the acoustic signals in the vicinity of the computer can therefore steal the binary data from the PC based on the audio. According to the scientists, this could be done, for example, with a smartphone.
Filtering out the data can be done up to a maximum of six meters from the computer, depending on the ambient noise, the scientists say. The malware can generate a maximum of 40bit per second of data that can be listened to at a distance of up to one meter. At a greater distance, the maximum is 10bit per second.
The scientists of the university in Negev are led by Mordechai Guri. He has been working on ways to eavesdrop on air-gapped networks for some time. Guri previously published research on computer eavesdropping by manipulating screen brightness, reading the infrared lens of surveillance cameras and adjusting the sound ports of the PC. The research is mainly academic and has few practical applications.