Matthew Griffin, award winning Futurist and Founder of the 311 Institute, a global futures think tank working between the dates of 2020 and 2070, is described as "The Adviser behind the Advisers." Regularly featured on AP, CNBC, Discovery and RT, his ability to identify, track, and explain the impacts of hundreds of revolutionary emerging technologies on global culture, industry and society, is unparalleled. Recognised for the past five years as one of the world's foremost futurists, innovation and strategy experts Matthew is an international speaker who helps governments, investors, multi-nationals and regulators around the world envision, build and lead an inclusive future. A rare talent Matthew sits on the Technology and Innovation Committee (TIAC) for Centrica, Europe’s largest utility company, and his recent work includes mentoring XPrize teams, building the first generation of biocomputers and re-inventing global education, and helping the world’s largest manufacturers envision, design and build the next 20 years of devices, smartphones and intelligent machines. Matthew's clients are the who’s who of industry and include Accenture, Bain & Co, BCG, BOA, Blackrock, Bentley, Credit Suisse, Dell EMC, Dentons, Deloitte, Du Pont, E&Y, HPE, Huawei, JPMorgan Chase, KPMG, McKinsey, PWC, Qualcomm, SAP, Samsung, Sopra Steria, UBS, the USAF and many others.
WHY THIS MATTERS IN BRIEF
Air gapped systems normally hold highly sensitive and secret data, and the number of ways to exfiltrate data from them, once compromised, is growing.
Hot on the heels of exploits that use fan noise, infra red cameras, heat, LED lights and drones, magnetic fields and smartphones, and a multitude of other hacks to gain access to sensitive air gapped computer systems, the researchers from Israel’s Ben Gurion University have shown once again that air-gapped networks are not safe from a determined and patient attacker.
The researchers have already devised several devious techniques to extract data from isolated or air-gapped computers that store highly sensitive data and now their latest technique, dubbed PowerHammer, exploits current fluctuations flowing through the power lines supplying electricity to air-gapped computers.
The researchers have been able to exfiltrate data at a rate of 1,000 bits per second for lines connected to the target computer and 10 bits per second from the grid.
As with the Magneto and Odini magnetic field Faraday cage attacks that the researchers also revealed recently, the PowerHammer technique would use malware to regulate a CPU’s utilization to control the system’s power consumption.
Instead of observing magnetic emissions as CPU usage rises and falls, the attacker can observe changes in current flow from the electricity lines outside a building or via the cords supplying power to the infected machine.
“The data is modulated, encoded, and transmitted on top of the current flow fluctuations, and then it is conducted and propagated through the power lines. This phenomena is known as a ‘conducted emission’,” writes Mordechai Guri, lead author of the PowerHammer paper.
“We show that a malicious code can influence the momentary power consumption of the computer, generating data-modulated conduction on the power lines in the low frequency band. The generated noise travels along the input power lines and can be measured by an attacker probing the power cables.”
PowerHammer assumes an attacker has already infected an air-gapped network and focuses on the task of extracting protected data after infection.
Guri notes that power-line communication is common for smart home and industrial applications. All they’re doing is applying the same techniques for malicious covert communications using “parasitic signals” generated by malware.
Anyone worried about a PowerHammer attack has a range of countermeasure options, such as monitoring the currency flow on power lines for deviations from standard transmission patterns. Other options include power-line filters and signal jammers.
Guri notes that traditional intrusion-detection systems would probably suffer from a high rate of false alarms and may be bypassed by malware.