The classic methods of attacks against information systems assume that the attacked machine is connected to any network, usually the Internet. That is why in many companies (not only in banks) there are fully isolated networks that make an apparent sense of security. This is proven by scientists who, from time to time, are surprising us with new methods of attacks that use non-standard methods of data transmission. This time we are dealing with the transmission of packets via the power grid. At the same time, the data is generated by clever control of the amount of energy consumed by the device being attacked.
The most creative method of attack I have heard about so far consisted in sending data using hard disk LEDs. However, scientists from Israel have investigated the practical use of an even more interesting attack technique. The work involved the implementation of a malware called PowerHammer, which sends data from an infected computer via an electrical network. You probably already thought about PLC (Power Line Communication) devices. They use power network wires as a transmission medium. However, PowerHammer works on a completely different principle. This type of virus does not require any additional device to start sending data via an electrical outlet. All it does is control the load on the computer (and more specifically, the level of energy consumed) in a way that is imperceptible to the user and has no negative impact on the stability and performance of the victim machine.
PowerHammer transmits data at a speed of 1 kbps in favourable conditions
This is not much, but 1 kbps is enough to send stolen passwords and other sensitive data. The principle of the virus is very interesting. As we all know, the amount of electricity consumed by a computer depends on the number of loaded CPU cores. That’s why PowerHammer uses unused cores to increase the current in the electrical wiring. The processor load is increased for a short time, which generates the so-called impulse. In this way, the scientists generate a rectangular signal with the frequency of their choice. During the experiment, bits representing ‘0’ generated a 10 kHz signal and ‘1’ corresponded to 18 kHz. This method of transmission is called FSK modulation. Because the transmission in this type of attack is unidirectional, the researchers implemented a simple protocol that generated frames composed of a 4-bit preamble, 32 data bits and an 8-bit checksum.
The attack method described by scientists is very ingenious, but it has significant limitations. The best results were achieved when the eavesdropping device (i.e. receiver) was connected to the same power line as the device being attacked. At a PC with an Intel Core i7-4770 processor, a speed of 1 kbps was obtained. However, an IBM server with an Intel Xeon processor CPUE5-2620 allowed 333 bits to be sent in seconds, with an error rate of 4.8%. However, the Raspberry Pi 3 used in an analogous manner obtained the result of 10 bps.