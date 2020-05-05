The practice of keeping computers disconnected from the network for security reasons it is called air-gap (‘air gap’); certainly, although the administrator of the same messes up and introduces some malware in them, it will be difficult for the latter to be able to extract and send sensitive information from them.

Difficult, but not impossible: some types of malware (such as MOSQUITO) have been designed to make use of headphones and speakers to emit ultrasound, not audible by humans but that can be picked up by other peer machines, to transmit information.

Own a spy movie, no doubt. But In view of this kind of malicious software, a new one was added to the concept of air-gap, that of ‘audio-gap’. o ‘audio gap’: computers lacking devices dedicated to the reproduction of sounds, which allowed increasing the security and isolation of digital data.

It seems that the combination of both security measures is the solution to 100% secure information… but neither.

POWER-SUPPLaY, creating sounds without speakers

And it is that Mordechai Guri, cybersecurity researcher at the Univ. Ben Gurion (Israel) and creator of MOSQUITO, has made public the creation of a malware capable of reproducing this technique, but using only the sound produced by computer power supplies.

This malware, baptized as ‘POWER-SUPPLaY’He exploits this part of the computer “to reproduce sounds and use it as an out-of-band secondary speaker with limited capabilities.”

“Their code manipulates the switching frequency of the power supply and therefore controls the shape of the sound waves generated by its capacitors and transformers.”

According to Guri, they have managed to demonstrate that its information theft technique works with various types of systems lacking audio hardware (from workstations to servers, through IoT devices) thanks to its ability to modulate and transmit binary data through acoustic signals in the 0-24 kHz range.

These acoustic signals they can be intercepted by a nearby receiver (for example, a smartphone), that demodulates and decodes the data to later send it to the attacker through the Internet. According to the researcher, this would allow data to be extracted at a maximum speed of 50 bits / sec by placing the phone at a distance of approximately 2.5 m.

How to take action?

But at the end of the day we are talking about malware, Wouldn’t a good antivirus be enough to avoid it? Guri explains why it would be a bad idea to pin our hopes on it:

“The POWER-SUPPLaY code can be run as an ordinary process in user mode, without requiring access to hardware or root privileges. This method does not invoke special system calls or access hardware resources and is therefore very evasive”.

The only countermeasure proposed by the researcher is add to the air-gap / audio-gap model a scheme of restricted areas for electronic equipment, thus avoiding being able to bring the smartphone (or similar device) close enough to capture the sound emission.

