One of the most secure system arrangements today consists of air-gapped PCs. The reason being their total disconnection from the internet. However, there are times when they too can be breached in various ways, a few involving the use of the computer’s speakers through sound waves.
Such exploits have prompted cybersecurity experts to even remove audio equipment from air-gapped computers essentially making them audio-gapped. In February this year, it was reported that hackers can steal data from air-gapped PC using screen brightness and now the same can be done through their power supply.
See: 8 Technologies That Can Hack Into Your Offline Computer & Phone
Mordechai Guri, a cybersecurity researcher from the Israeli Ben Gurion of the Negev University has conducted an experiment that shows how power supply units(PSUs) can be exploited to extract information from both an air-gapped & audio-gapped computer.
Termed as POWER-SUPPLaY; the malware exploits the PSU using it as an “out-of-band, secondary speaker with limited capabilities”.
The data that can be extracted includes different files & information of the user’s keystrokes transmittable up to 1 meters away along with passwords and encryption keys that the attacker could receive with a device that is five meters away from such as a smartphone as shown in the picture below (B).
Further, different types of computers can be exploited in this way including PC workstations, servers, embedded systems, and IoT devices making a whole range of devices vulnerable.
Elaborating on the specifics, Mordechai stated in their malware extract gapped through power supply
