PowerHammer: Exfiltrating data from air-gapped computers through power lines

Mordechai Guri, Boris Zadov, Dima Bykhovsky, Yuval Elovici

IEEE Transactions on Information Forensics and Security 15, 1879-1890, 2019

In this article, we provide an implementation, evaluation, and analysis of PowerHammer – an attack that uses power lines to exfiltrate data from air-gapped computers. A malicious code running on a compromised computer intentionally controls the utilization of the CPU cores. The CPU utilization is electromagnetically conducted and propagated through the power lines in the form of a parasitic signal that is modulated, encoded, and transmitted on top of the current flow fluctuations. This electromagnetic phenomenon is known as `conducted emission’. In this attack, the attacker taps the indoor electrical power wiring that is connected to the electrical outlet of the compromised computer. The conducted electromagnetic emission of the compromised computer is analyzed and the exfiltrated data is decoded. The proposed attack is then experimentally evaluated and characterized. The communication performance is …