PCs with air gaps are vulnerable to data theft due to power supply radiation

Share post:

Mordechai Guri, a security researcher known for inventing inventive ways to siphon data from computers that aren’t connected to the internet, has discovered a new exploit that can exfiltrate data to a nearby smartphone.

It is known as COVID-bit, and it uses electromagnetic waves to transmit data from air-gapped systems that are isolated from the internet over a distance of at least two meters (6.5 ft) to a receiver.

The mechanism employs malware installed on the machine to generate electromagnetic radiation in the 0-60 kHz frequency band, which is then transmitted and detected by a stealthy receiving device in close physical proximity.

This is made possible by utilizing modern computers’ dynamic power consumption and manipulating the momentary loads on CPU cores.

The researchers developed a malware program that regulates CPU load and core frequency in a specific manner to cause the power supplies on air-gapped computers to emit electromagnetic radiation on a low-frequency band in order to transmit the data in the COVID-bit attack (0 – 48 kHz). A laptop or smartphone can be used as the receiver, with a small loop antenna connected to the 3.5mm audio jack, which can be easily spoofed in the form of headphones/earphones.

The smartphone is capable of capturing the transmission, applying a noise reduction filter, demodulating the raw data, and eventually decoding the secret.

“The information emanates from the air-gapped computer over the air to a distance of 2 m and more and can be picked up by a nearby insider or spy with a mobile phone or laptop,” Guri said.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways