Powermitter: Data exfiltration from air-gapped computer through switching power supply

Abstract

Air-gapped computers are isolated both logically and physically from all kinds of existing common communication channel, such as USB ports, wireless and wired networks. Although the feasibility of infiltrating an air-gapped computer has been proved in recent years, data exfiltration from such systems is still considered to be a challenging task. In this paper we present Powermitter, a novel approach that can exfiltrate data through an air-gapped computer via its power adapter. Our method utilizes the switched-mode power supply, which exists in all of the laptops, desktop computers and servers nowadays. We demonstrate that a malware can indirectly control the electromagnetic emission frequency of the power supply by leveraging the CPU utilization. Furthermore, we show that the emitted signals can be received and demodulated by a dedicated device. We present the proof of concept design of the power covert channel and implement a prototype of Powermitter consisting of a transmitter and a receiver. The transmitter leaks out data by using a variant binary frequency shift keying modulation, and the emitted signal can be captured and decoded by software based virtual oscilloscope through such covert channel. We tested Powermitter on three different computers. The experiment results show the feasibility of this power covert channel. We show that our method can also be used to leak data from different types of embedded systems which use switching power supply.