Stealing Files From Your Power Supply?!

The power supply exploit reminds me of a situation where I had a radio sitting near my laptop tuned into a distant station. The interference my laptop was producing audibly changed whenever the gpu was working hard.

imagine waiting 2 hours for a megabyte of data, but then it gets corrupted because your victim was mining

How in the Hershey’s chocolate bars did someone find a way to hack someone using a power supply

My high school technical drafting teacher was a retired air force colonel who use to tell us all kinds of stories. One was about a Soviet "fishing boat" that parked in the harbor outside of some northern European city near a United States embassy or consulate or military facility. It took them weeks to eventually figure out that they were detecting the electrical impulses of the keystrokes on the various devices at the facility, including the encrypted devices they used to send cables back to Washington D.C.., before the messages were encrypted.
And I remember reading in the late nineties that they were either working on or already had devices that could detect the signals from crt monitors to basically copy whatever was on a computer display without having direct access or even line of sight to it.

The power supply exploit could be so frustrating. You kick it off and suddenly a cron job (or any other task) runs and scrambles all the voltages, with the sender malware having no idea there's an issue and the receiver getting junk and having no idea what it's missed.

Ha! The power supply communication thing is how scp-097 escapes in SCP: Containment breach

First clip reminds me of technology that's been out since the 80's/90's where you can transmit data across the power AC. Number one thing that comes to mind are wireless intercoms that aren't actually wireless but instead uses the power line to transmit data to other intercoms. No extra wires are needed and no wireless transmissions are used.

"Every wire is an antenna"
- Mordechai Guri, probably

I think the covid name comes from the fact that most places had social distancing set at 2m

A note about the CSAM detection:
They almost certainly didn't store all the hashes on all devices, instead using a lightweight bloom filter that only contacts a server when a possible match is found.

haven't seen the vid yet, but I'm ready to hear about the newest absurd theoretical attack vector and the new locations I need to place tinfoil to avoid it rofl.
edit: I didn't expect it to actually be the same guy behind the SATA cable antenna! props to him though for being just that right kind of insane though!
edit 2: I didn't expect to find out that Microsoft office was still using MSHTML, I knew that all UWP apps were forced to use the dead EdgeHTML engine, but to think that Microsoft first party apps were using even older dead engines is crazy.

Somehow this still seems more practical than some of the other airgap workarounds, also more interesting.

It's a bit misleading when you say "this exfiltration method doesn't need admin privileges and it can run in a VM". It's true but the malware still needs read access on the file that is to be exfiltrated, which, depending on the file, requires just as much admin privilege as for any other malware.

It's a curious thing but, if you've already breached a computer, there are obviously more efficient ways to extract it's data and do whatever you want to do with that computer.

Ha ha, apple has saved us from the headphone psu attack. The foresight of them is stunning!

That power supply exploit is essentially the exact same thing as the Air-Gapped SATA cable exploit that was demonstrated about 6 months back. Seems to work as essentially the same principle.

I'm always a bit surprised to hear people think that getting malware onto air-gapped computers is a challenge: it really isn't, but data exfil *is*.
Physical security is often strong in such scenarios, so imaginative ways to exfil data is where you want the most options.
That said, at this attack's bitrate the target data would need to be something with a very small storage footprint, or a long dwell-time for the receiver.

Coming next: researchers find a way to control your computer by transmitting radio signals through a guitar

First item:
It's not quite true that the malware can run without enhanced priveleges. While the transmit side of it can run as a normal user, enhanced priveleges would be needed to access the required files (unless the machine owners were very stupid). In addition there would likely be a need to use some kind of escalation to actually install the malware in the first place
Your point about the bit rate being a limit on the usefulness means that the ideal use case for this would be if you could sneakily install a keyboard sniffer and pick up interesting passwords.
You can circumvent the scheduling issue if you have somewhere you can conceal the receiver nearby, in a drawer in the adjacent room perhaps?

2:49 you can tell he's good by how he's serving his web-site without TLS

This is an amazing study! I love all the Weird, almost Magical things that happen when you mess with power

Great now my computer need to practice social computing distancing😅.

Sounds a bit like: "Hey, give me your housekey, so I can unlock your frontdoor normally, collect all your valuable stuff in boxes and move them into the hallway, leave the door unlocked to come back later at a specific time and act like I broke in without any traces"....

2:39 What about powerplants or server rooms where air gaooed systems are not alone and other equipment emmits electromagnetic noise that can affect the received string?

0:31 I assume the COVID-bit name is because of the distance required to be in for the power supply exploit to work. Just like covid.

Nice work! I really enjoy your content! Thank you!

Just look up tempest attack. The idea to use power supply as a method is not completely new. But this is a new way to exfiltrate data. I guess this would only work, if you can precisely control the workload of a specific computer, and no other em sources nearby. If the same computer is running various other software, or there are other computers doing random tasks, this would be very hard or nearly impossible.

are there any other channels that post cyber security news like this one? i want more!

This technique is nothing more than a practical way (as it uses audio jack from a smartphone) of using Van Eck Phreaking (also called "Tempest"). In case of monitors and TVs, the irradiated frequencies are way above the audible frequencies (HF for VGA and UHF for HDMI) thus a more specialized equipment is needed (SDR dongles for tuning and directional antennas for better reception).

I saw this coming next when you showed the SATA cable hack. 😄

i think this technique could be useful if combined with a keylogger which sends the keystrokes via this technique to the attacker. furthermore you could use a mobile as a tunnel so the attacker does not need to be onsite all the time. idk how much power this hack draws on the mobile but maybe a powerbank could help. Stealth could be archived by e.g. putting the mobile and a powerbank behind a framed picture e.g. the logo of the company. This attack would be very hard for an outsider but could be performed as a insider who does not want to get caught, however hanging the picture might be suspisious but not impossible

4:30 It's also the browser frame in VS 2022

Me: 'I will only turn my pc on in a room of 5m x 5m so the magnetic waves could not go to the hacker. '

Very similar techniques (power analysis and power glitching) have been used since a very long time. Great for tricking bootloaders or extracting a few bytes from embedded systems, but not generally something to worry about

Great video😍

I guess we're at least one small step closer to an uncontrollable AI capable of escaping an air-gapped computer.

@Seytonic Do you plan on doing a video about the Flipper Zero ?
Just received mine yesterday and pretty crazy all the stuff you can do with it :)

a power supply to steal data, what the hell

I could imagine this being a issue with Corsair PSUs that have the Corsair link thingy on their PSU's.

It has COVID in the name because it works up to 2 meters

Quite amazing this power supply exploit, good coverage of interesting news from around the world in hacking field, happy subsriber.

Bruh, hacking from power supply? 🤣 This is another level of hack

9:00 HOLY SHIT A TH-camr is actually being sponsored by a useful, non scamming company that doesn't sell worthless titles or a bad VPN, *THIS DESPERATELY NEEDS TO BE IN THE NEWS* .

Tempest scanning isn't a novel concept and has been around since as early as the second world war. It has been adapted countless times to suit various needs, such as capturing video signals emanating from computer monitors and capturing signals radiating from telecommunication networks. The one solution that is simple and effective every time is to enclose your electronic devices within a faraday cage, and use shielded telecommunication lines.

Is it called Covid-bit because of the 2m distance? As in social distancing hahaha

Oh cool now my anxious ass needs to encapsulate my PSU in a faraday cage.

Hacker in 2069:
I've downloaded a victims file by exploiting his keyboard Caps. And I would like to call this technic *Jomama-Bin-Baiden*

The slow speed from the power supply switching shoudnt be a problem if you use it to somehow get data for faster connections like wifi or bluetooth, although those machines probably woudnt have that, but maybe you get an ip or something useful.

those hacks are getting funnier and funnier

wow this is very interesting, it's just crazy they can be done.

Obvious from the comments that everybody loves an Air-gap exploit (so well done on the title choice) but the biggest baddest scariest news here is that Word still uses I.E. with a hole in it!

1:28 "HEY U STOLE MY PSU THATS NOT STEALING FILES" I have that exact power supply in my pc :D

Here's a crazy new way to exfiltrate data from and air-gaped PC: The hack would need to gain access to the PC to insert an USB stick into a slot and the using the keyboard and mouse, copy files to the USB stick. Slick, huh?

This is mindblowing. Just mindblowing.

Wow, Internet Explorer is even late when it comes to Zero-days.

Bro i dont even give a crap anymore, last thing i needed to hear that my power supply can be used to hack my pc

The power supply exploit was discovered by the same guy who discovered gyroscopes can be used as microphones? Wow, I remember hearing about that one back in the day. It's cool that it's the same guy!

"IE is dead and no longer delivered out."
I.E.: "Explooiiits."

Maybe a tiny drone to be used as a middleman ? For these 2 metre technics ?

O.mg cable + airgapped computer = probably more practical exploit since you still need access to the computer.

This could mainly be used to identify the location of an air gapped pc which is running a honeypotted file.

No, not every computer power supply uses wtitching to adjust power...
There are switching power supplies (as mentioned) using transistors. There is DC-DC conversion, and quite a few more...

Is Apple implying they have a database with millions of TBs of CP!?

good proof of concept ngl

Apple being Apple, I would not doubt it was already installed and running and that just user access to know it is running has not yet been implemented. That is my view of a company that does not allow user repair of even the charge port and force manufacturers to sign contracts to not sell parts directly to consumers.

Power supply hack has same energy as Renault F1 engine playing God Save the Queen by modulating the revving

How to enable end-to-end iCloud backups?

Can you make a video about how you can clean your pc from possible virus/malware

this is similar to an old exploit being actively used by an isralei IT company. i don't remember the name of the company just that i read an articel about 5-6 years ago. this is still fking terrifying...

Today they scan for CP.
Tomorrow, happy merchant images.

Everyone is oblivious to the fact that Google already does this on android devices whether you use cloud storage or not!

I saw this on a TV show years ago but with a graphics card instead.

Awesome video :》

These airgapped methods are daft if your that close to a pc to want to do that you’d just walk up to it and use it 😂

I feel like it was name COVID-bit to make it a more interesting headline

TEMPEST-derived red/black separations already protect gov/mil isolated systems from such an attack. Maybe it'd be functional in a real-world office setting, in an empty room, where you're allowed to bring your own devices nearby, and already have access to the terminal. But by that point blue team has already lost their battle.
Still, this is a pretty slick and novel approach, even if it never sees usage in the real world.

Coof-bit : what CPUs are vulnerable to this ?
I use older computers as they are pre-Intel-ME era and well mapped out ...

Wake up
Seytonic video
Yes

I suppose wouldn't work with a cheaper linear PSU... but neat concept.

Wen shielded SATA and power cables?

You should look at TempestSDR, which is more impressive
leakage from HDMI cables without encryption can be reconstructed using an SDR

Microsoft: “It’s a feature, not a vulnerability!”

All I know is that Apple needs something to compare those hashes, so somewhere Apple has a server full of CP to train their algorithms

You can hear what a phone is "doing" by holding it next to an electric guitar plugged into a solid state amp

led monitor from camera seem more reliable , control load to force power usage seem more external factor

The Apple CSAM item
"The road to hell is paved with good intentions"
Anyone ever notice what the serpent used to tempt Eve and then Adam?

this is why i always keep my computer unplugged...
...hol up

So I guess now we need encrypted power supplies.

Is there a Patreon for your channel, Seytonic? The Cybersecurity news is always top notch and I'd love to support your efforts

Small amounts of radiation? I am crying!
From pain. Pain caused by SMPS RFI with analogic radio comms...
BTW, a PC will shart EMI in the mains lines detectable for miles. Just plug your phone :))
Airgapped systems still linked to mains power!

would need memekatz processing and dumping ONLY credentials to a file, then transmitting that file to make any real use of this

The NSA still uses "spot lights". Why wouldn't they use a technique like PSU or CPU modulation to send your private encryption keys or key stokes every second (well within bandwidth)? All you need is a phone or home assistant audio wire tap. You're under playing this exploit vector.

At this point people are gonna trace your ip through a noctua fan

well i guess its a good thing that phones for rid of the headphone jack lol

Some people (these people specifically) have waaaaaaaaaay too much time on their hands

JScript is microsoft's implementation of Javascript, it says so in the screenshot you have at 4:49. ECMAScript === Javascript

but a powersupply has no chips for data transfer

How Apple would have gotten database or what database would Apple have?

while is may not be practical to exfiltrate entire files it could be practical to get passwords for example malware could reset the password making the user have to re login then capture the password and repeatedly like a beacon broadcast the password until the hacker can get it.
so the solution maybe to have some very high uf capacitors that can smooth out the demands on the power supply either have the large caps in the power supply or something that can be connected between the connectors and pc parts.
in a similar way that you may see in rc applications to smooth out the noise from the motors back into the receiver or something.

me: *laughs in laptop*