PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines

Mordechai Guri, Boris Zadov, Dima Bykhovsky, Yuval Elovici

Research output: Contribution to journalArticlepeer-review

39 Scopus citations

Abstract

In this article, we provide an implementation, evaluation, and analysis of PowerHammer - an attack that uses power lines to exfiltrate data from air-gapped computers. A malicious code running on a compromised computer intentionally controls the utilization of the CPU cores. The CPU utilization is electromagnetically conducted and propagated through the power lines in the form of a parasitic signal that is modulated, encoded, and transmitted on top of the current flow fluctuations. This electromagnetic phenomenon is known as 'conducted emission'. In this attack, the attacker taps the indoor electrical power wiring that is connected to the electrical outlet of the compromised computer. The conducted electromagnetic emission of the compromised computer is analyzed and the exfiltrated data is decoded. The proposed attack is then experimentally evaluated and characterized. The communication performance is discussed and a set of defensive countermeasures is presented. A crucial aspect of the proposed covert communication scheme is that it fully conforms to civilian and military conductive emission standards.

Original languageEnglish
Article number8894040
Pages (from-to)1879-1890
Number of pages12
JournalIEEE Transactions on Information Forensics and Security
Volume15
DOIs
StatePublished - 1 Jan 2020

Keywords

  • Network security
  • air gap
  • covert channel
  • exfiltration
  • power line communication

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines'. Together they form a unique fingerprint.

Cite this