Scientists from the Ben-Gurion University of the Negev in Israel have developed malware that can eavesdrop on computers by using an air-gapped network. By manipulating the power supply, a specific audio signal is transmitted, which in turn is intercepted. That means even data stored on an offline computer is no longer safe.
The scientists named their malware Power-Supplay, referring to data leaks from an air-gapped computer. These are devices that are not connected to outgoing networks, such as the internet. The driving force behind Power-Supplay is a phenomenon called ´singing capacitator,´ which makes a capacitator transmit a sound with high frequency, as soon as different quantities of power are flowing through. The operators of the malware can manipulate the power supply very precisely and determine the audio signal of the capacitator.
Subsequently, an operator nearby can intercept the acoustic signals and steal the binary data from the targeted computer. A smartphone is sufficient to receive and store the stolen data. It is possible to filter the data up to six meters, but it also depends on the ambient noise. In close proximity, the malware can generate up to 40 bits of data per second, and on more considerable distances 10 bits per second.
The group of scientists is lead by Mordechai Guri, an expert in the field of eavesdropping on air-gapped networks. Previously, Guri researched techniques to manipulate screen brightness, to read infrared lenses of security cameras, and to modify sound ports of computers. Hacking is generally considered an online affair. However, Guri takes retrieving data through unconventional means to a whole other level.
The video below roughly demonstrates how Power-Supplay works: