In the absence of speakers, the PC power supply can be used to extract information from a PC using sound waves. In a new technique published by security researchers, they show how they can get data from a computer using something seemingly as naive as power. Of course, he has significant difficulties.
As collected by ZDNet, the technique is based on transform the power supply into a kind of “speaker” for undetectable sounds for the human ear but for microphones in, for example, a telephone. The latter is not new, for years it has been shown how it is possible to send information by ultrasound to the microphones of the smartphones.
In this case, the interesting question is how the researchers managed to achieve this through the power supply. The technique is called POWER-SUPPLaY and was developed at Ben Gurion University in Israel. Frequency manipulation of a power supplyThey can generate sound waves varied enough to send a message.
the malware, which first requires infecting the computer, it can modulate the binary information it collects and send it in the form of audio waves. Of the a nearby device like a smartphone catch the waves and decipher the message.
Extract information from computers that are completely isolated from the network
There are downsides to consider, such as the fact that a nearby device is needed to “listen” to food, at a maximum of 6 meters. On the other hand, this technique is much slower than the others must modulate each bytes information it sends and wait for it to pass through the pseudo-speaker in which the power supply becomes. They explain that the speed varies between 0 and 40 bits per second over distances of one meter and between 0 and 10 bits per second over distances of more than two meters.
The video shows how far the device “listens” from the victim’s computer.
So what is this attack for? The goal of the researchers is to detail the different techniques that can be used to extract information from completely closed systems. To improve the security of some equipment with sensitive content, the PC is usually protected by isolating it completely from the Internet and even in special cameras where it is not possible to access it using wireless signals.
The idea here is to be able to extract information from the computer (infect it first) via a rudimentary component (food) and send it to the attacker via a second device (the smartphone who listens).
It is not the first time that these researchers publish similar methods. In the past, we have seen other methods used taking advantage of fan speed, hard drive sound, PC generated heat, or monitor brightness.