Data stolen from TEMPEST-class computers

What is the TEMPEST standard?

Every device that is coupled to a power line generates electromagnetic radiation when switched on. Particular technologies enable to intercept them and decrypt the actions of a user. This is why special devices are used to process classified information. Such computers are completely disconnected from the Internet and local-area network. They are additionally secured against the leakage of such elements as light, sound, heat and electromagnetic field. These are TEMPEST-class devices.

TEMPEST means secure?

Devices like these are usually kept in specially prepared, strengthened rooms with limited access and reinforced walls (resistant to, e.g., an electromagnetic attack). This is why they are considered safe.

What are the weak links of this system? Just like every device, they require humans to operate and power them – and this was the exact path followed by researchers from the Ben Gurion University in Israel. They have proven that data can be stolen from such a computer effectively and unnoticed – and they described everything in their report PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Line.

For this to happen, it is necessary to infect a machine with malware called PowerHammer. The second prerequisite is connecting the device to the building’s power grid. Malware monitors the processor’s performance and sends certain Morse-code pulses to the power grid. Another specially developed device, coupled to the very same power grid, is able to detect and read the data. Data transfer is not very high. It reached a level of several to several dozen bits per second. However, all bits were read correctly, without any corruption.

The tested solution does not enable copying all of the documents, but it can be successfully used to leak small amounts of data, such as passwords, tokens or encryption keys.

Source: The Hacker News

—

Do you need cybersecurity solutions cybersecurity for your company – then contact us.