Vulnerabilities / Threats

4/13/2018
04:14 PM
50%
50%

Power Line Vulnerability Closes Air Gap

A new demonstration of malware shows that air-gapped computers may still be at risk.

Security professionals love to talk about the "air gap" as the ultimate in safety for a computer: When it's not attached to network cables or a wireless network, it's presumed to be safe. Presumed, that is, until now. This week, researchers from the Ben-Gurion University of the Negev announced that they have come up with a way to exfiltrate data from air-gapped computers via malware that can control the computer's power consumption.

By adding workload to CPU cores that aren't doing anything else, the malware will change how much power (how many watts) the computer is using. Done carefully, the result is, essentially, an FM transmission over the power line. When a probe is placed near the power cable, the modulation can be detected and decoded — and information will have left the system.

The researchers call the malware that controls the power consumption PowerHammer; so far, it's a research proof-of-concept that hasn't been seen in the wild. That's good, because while ways to thwart a PowerHammer-like attack exist, none are perfect.

PowerHammer isn't the first time control or information signals have been sent over power lines. Electric motors are frequently controlled via pulse-width modulation (PWM) sent over the power lines, building control systems have used power-line carriers, and some electrical utilities have experimented with broadband internet access over power lines. This is, however, a reminder that capabilities can be used by individuals and groups with many different agendas.

For more, read here.

Interop ITX 2018

Join Dark Reading LIVE for a two-day Cybersecurity Crash Course at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the agenda here. Register with Promo Code DR200 and save $200.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Diversity: It's About Inclusion
Kelly Jackson Higgins, Executive Editor at Dark Reading,  4/25/2018
Threat Intel: Finding Balance in an Overcrowded Market
Kelly Sheridan, Staff Editor, Dark Reading,  4/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.