back to article OK, so you've air-gapped that PC. Cut the speakers. Covered the LEDs. Disconnected the monitor. Now, about the data-leaking power supply unit...

Israeli cyber-security side-channel expert Mordechai Guri has devised a way to pilfer data from devices that have been air-gapped and silenced. Organizations with extreme security needs may keep certain computer hardware disconnected from any network, a practice known as air-gapping, to preclude the possibility of miscreants …

  1. Dinanziame

    I remember I used to draw fractals when I was learning Java. The computer would stop drawing regularly for garbage collecting, and I eventually noticed a squeaky sound coming out of the tower and stopping at exactly the same moment. I've never really figured what was causing the sound, but I guess it could technically be used as exfiltration mechanism...

    1. Anonymous Coward
      Anonymous Coward

      It was probably the hamster in the wheel objecting to the workload.

      1. TechnicalBen Silver badge

        Oh. I see you have used Java too. 3% cpu use for the code 87% for the garbage collection. Garbage garbage in...

  2. Brian Miller Silver badge

    Yes we know they squeak

    We've all known for years that power supplies can squeak. Not news. And of course you'll have to be using SSDs intead of HDDs, and make sure that the fans always run at max because you don't want data exfiltrated through RPM changes.

    At some point, we just can't have nice things out in public. Just the way it is nowadays.

    1. TechnicalBen Silver badge

      Re: Yes we know they squeak

      Even black hiles might be scuttled at some point as we figure out quantum gravity. So just like entropy you can never win.

      1. gobaskof

        Re: Yes we know they squeak

        Just your air gapped PC in a room with incredibly loud white noise right across the audio spectrum. That won't annoy anyone.

    2. MrDamage

      Re: Yes we know they squeak

      Well all know who is to blame for us not being able to have nice things.

      Users.

  3. HildyJ Silver badge
    Devil

    SecureFiles (TM)

    So, basically, you toss your monitor and keyboard, remove the fans and power supply, and disconnect the power cable.

    My new SecureFiles hardware will mount to the top of your PC and allow you to store paper files in a stack. Perfect security.

    1. Maelstorm
      Trollface

      Re: SecureFiles (TM)

      Sometimes these security buffoons are just that...buffoons. If you toss the monitor and keyboard, then what's the point of having a computer? Can't use it.

      1. Anonymous Coward
        Anonymous Coward

        Re: SecureFiles (TM)

        *wooooosh*?

    2. Schultz Silver badge
      Flame

      Re: SecureFiles (TM)

      At some point we have to accept that an all-purpose computation and communication device (aka, a personal computer) is not the right device to handle and store sensitive information. If it should really stay secret, then you have to invest some more money, effort and time. Paper copies might still be a large part of that effort :). And they are easy to destroy.

      A big part of our modern problem is the proliferation of "sensitive data". If everything is labeled secret and a million people should have access to it, the the system is designed to fail. But our modern governments, for some reason, like to declare lots of things secret. It'll only get worse with the US-China tensions and the predictable claims of stolen technology that we'll hear as Chinese companies continue to grow.

  4. martinusher Silver badge

    Of course you've got to know what you're looking for

    Anything that can be modulated by a peice of software can transmit data. I'm not quaking in my boots too much about this, though. At 50 bits/sec it'll take a bit under 2 days to transmit a megabyte ("MiB")(if you insist). I reckon the chances of extracting a usable amount of data would be low to nil (even if the software used on both the system and the phone were optimized). Not that I wouldn't take notice -- there's a reason why Tempest was invented -- but I'd be more likely to asking awarkward questions like "where's that unauthorized transmssion coming from?" and "why is there a cellphone in this facility?" (and you can be pretty sure that there aren't any SmartThings, 5G or WiFi, within a mile of the place.....).

    1. Dave 126 Silver badge

      Re: Of course you've got to know what you're looking for

      > I reckon the chances of extracting a usable amount of data would be low to nil

      A single word might be of huge tactical or strategic importance... the name of a human agent, or the date and location of the planned invasion. A password.

      Tinker, Tailor, Soldier Spy is named because the head of MI5 wants an agent to discover a mole and then report back using a single word.

    2. Fred Flintstone Gold badge

      Re: Of course you've got to know what you're looking for

      Ah, that explains why U2 never went into the spy business..

  5. Ghostman

    All you gotta do is---

    play some bagpipe music, very loudly.

    1. My other car WAS an IAV Stryker Bronze badge
      Thumb Up

      Re: All you gotta do is---

      My then-fiancée and I were in Edinburgh the day after her sister and Scots bro-in-law got married (mid-Sep 2006) and I heard some awesome bagpipe-rock-and-roll in a shop. We bought a copy right then and there: "Parallel Tracks" by the Scottish Royal Dragoon Guards.

      1. My other car WAS an IAV Stryker Bronze badge
        Thumb Down

        Re: All you gotta do is---

        Thanks for the upvotes, but you shouldn't have because I got the name wrong: Royal Scots Dragoon Guards. I apologize for the error.

        (And on the subject of getting things wrong, please excuse my spelling "apologise" due to being a born-and-raised Yankee.)

  6. Bitsminer

    SIOP

    Only 50 bits/sec? I imagine SIOP https://en.m.wikipedia.org/wiki/Single_Integrated_Operational_Plan was only 200 pages or so.

    So just a few hours.

  7. Anonymous Coward
    Anonymous Coward

    Do not feed the security-theater trolls

    Please, just don't.

    Otherwise I'm cancelling my subscription.

  8. Herby

    Hours???

    So, if you have a program that is running for hours at a time MIGHT transmit something. Makes me wonder, what program will last that long to execute something. If you believe that it will run on a Windows box, I'll let you believe your fantasy!

    1. Ken Hagan Gold badge

      Re: Hours???

      Windows Update can take a while, especially for the six-monthlies.

    2. Def Silver badge

      Re: Hours???

      This Windows 10 PC of mine has been running for a little under 15 days at the time of typing. It won't be restarted until updates are resumed in three weeks time. Most applications I use on a daily basis (Thunderbird, Vivaldi, Visual Studio, et al.) have been running just as long.

    3. Paul Shirley

      Re: Hours???

      You've apparently never tried to kill Cortana in Win10...

  9. Anonymous Coward
    Anonymous Coward

    Go back to the less efficient linear PSUs and turn off all the tree hugging power savings?

    1. Dave 126 Silver badge

      Just introduce some noise, randomly ramp the CPU up to 100%, monitor the CPU usage for unnatural patterns...

      1. TechnicalBen Silver badge

        Or battery power. If you can average out the load spikes the possibility and power modulation is much less. You can have that bit of advice for free.

    2. EnviableOne Silver badge

      was going to say, exertanlly rectified DC power solves the issue.

  10. Maelstorm
    Black Helicopters

    In Langley, Virginia, USA...

    The CIA main headquarters in Langley, Virginia, USA has a building within a building. The outer "shell" is the normal perimeter glass...the inner building as well. However, the CIA plays music between the two buildings so someone with a laser bounce device cannot recover any conversation happening inside the inner building. I also understand that the inner building is a Faraday cage to suppress any and all signals.

    1. Dave 126 Silver badge

      Re: In Langley, Virginia, USA...

      Ideally there would be some randomn noise amongst the music, otherwise someone with the exact same recording could attempt to subtract it from the signal.

      Given that the CIA employ bright people, they likely already do.

      1. Maelstorm

        Re: In Langley, Virginia, USA...

        Probably. It's just something that I was told. They didn't get into the specifics about it. Probably random white noise from a natural source.

        1. ben kendim

          Re: In Langley, Virginia, USA...

          ... and elsewhere... From almost 5 centuries ago...

          "The large fireplace with gilded hood (ocak) stands opposite a two-tiered fountain (çeşme), skilfully decorated in coloured marble. The flow of water was meant to prevent any eavesdropping,[65] while providing a relaxed atmosphere to the room. "

          https://en.wikipedia.org/wiki/Topkap%C4%B1_Palace#Privy_Chamber_of_Murat_III

  11. Mike 137 Silver badge

    Elementary ...

    So you only need specific malware on the "airgapped" computer (how did it get there?), compatible malware on a "nearby" mobile phone, a quiet enough environment to pick up the signals, some prior knowledge of the transfer function of power supply load to switching frequency (this varies a lot) and the ability to make sense of the results. How hard can this be?

    I suspect that professional vulnerability reseachers sometimes lose touch with the practicalities of the real world, or maybe. like most academic researchers these days, they're obliged to keep publishing to stay employed.

    1. Dave 126 Silver badge

      Re: Elementary ...

      > how did it get there?

      As per the article, they use an Evil Maid attack. The point is, the maid, or cleaner or whoever, only has to act once - to plant the malware. After that information can be extracted.

      Look, security researchers need to research potential attack vectors before deciding whether or not they could be used by genuine bad actors. Note that the research comes before the decision, which is the correct way round.

  12. Stuart Castle Silver badge

    Interesting article, but totally impractical vulnerability. If you can get close enough to the machine to install this, you can probably get close enough to install malware to ex-filtrate data via another method, even if that method is just a concealed USB stick or single board computer somewhere. This is hard to do, but bear in mind that the organisations most likely to need to do it (the various secret services such as the CIA, MI5 etc) have decades of experience of getting physical things in and out of secure areas..

  13. Captain Boing

    the vid proves nothing. it would never keep up. the speed most people type and the data was arriving at about 1cps on the mobe

    never trust a man with a top-knot in 2020

  14. batfink Silver badge

    Evil maid is the real problem

    Really, if someone has physical access to your machine, then you're fucked anyway. The actual exfiltration method is then just the fun bit.

  15. Arthur the cat Silver badge
    Unhappy

    spaf was right

    The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.

    Said in 1989.

  16. keith_w Bronze badge
    Thumb Up

    thumbs up

    For the Harlan Ellison reference.

  17. TechnicalBen Silver badge

    Information theory.

    I guess this is a practical application. But I'm certain some information theory certainly applies. So where do I apply to get paid to point out where security risks are and what possible mitigations are?

  18. Amused Bystander

    It is theoretically possible

    A decade or three ago I went on a course at a certain establishment in Cheltemham where we learned to read what golf-ball printers were printing by looking at the spikes on the mains. It was fun, looking up the spike and comparing with letter-frequency tables (E being the most common etc.)

    As a demonstration of why TEMPEST was (is) neccessary, it worked.

    However in the real world Google / Facebook / Twitter are much more profitable data sources.

    Somewhat related: NCSC (GCHQ) have launched their anti-phishing scam address (report@phishing.gov.uk) - you can simply forward a scam email to them, and they investigate the scammer.

    Except... GCHQ's Amazon AWS has blacklisted 1and1's email server.

    So my forwards bounce... 1and1 host a couple of million domains.

    And those emails we forward to them probably contain open distribution lists, company registration numbers, addresses in the signature.

    And its going to an Amazon AWS instance...

    Jeff must be delighted - slurp.

    1. Lunatic Looking For Asylum

      Re: It is theoretically possible

      > Except... GCHQ's Amazon AWS has blacklisted 1and1's email server.

      And so they should. Definitely a provider that doesn't give a flying fig about their email reputation. They let anybody on and send all sorts of shiz then have they have the cheek to complain when they appear at Spamhaus et. al. Monkeys & Tripewriters spring to mind.

      AWS are marginally better.

  19. Anonymous Coward
    Anonymous Coward

    It's already known switching power supplies pollute power lines. Anyone using power line communication can attest to that.

    So if miscreants can cause the power supply to change switching frequencies, theoretically the frequency can be detected on the power lines.

    The solution is to attenuate the amplitude of the noise by adding an EMI/surge protector or a UPS.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020