Just a few weeks ago SecureWorld wrote about the likelihood that North Korea has the ability to compromise air gapped networks.
Now a research team at Ben Gurion University says it has jumped the air gap and removed data through power lines.
Exfiltrating air-gapped data through power lines
They called their test "Power Hammer," and there are two different variants they tested successfully.
"We present two versions of the attack. In line level power-hammering the adversary taps the power cables feeding the transmitting computer. In phase level power-hammering the adversary taps the power lines at the phase level, in the main electrical service panel. Using a non-invasive tap, the attacker measures the emission conducted on the power cables. Based on the signal received, the transmitted data is demodulated and decoded back to a binary form."
Researchers say there are 4 phases to this air gap attack:
- Infection mode
- Receiver implantation
- Data gathering
- Data exfiltration
Read their air gap compromise research paper here. And then you can decide what an attack like this could look like at your organization.