Security researcher show how to steal data from airgapped PC via soundwaves generated by the PSU

Security researchers from the Cyber Security Labs at the Israeli Ben Gurion University came up with yet another impressive - yet highly impratical - idea to steal data from an airgapped PC. The new technique is called "POWER-SUPPLaY" and it covers a method that exploits a computer's power supply to play sounds and use it as an out-of-band, secondary speaker with limited capabilities.

To achieve this, an attacker needs to get malware on the target system. Once you can execute arbitrary code on the PC, you can manipulate the internal switching frequency of the power supply to generate soundwaves via the device's capacitors and transformers.

These soundwaves can then be recorded via a nearby device, like an Android smartphone. The researchers say that at a distance of 2.5 meters, it's possible to exfiltrate data at a maximum bit rate of 50 bits per second. So stealing as little as one megabyte of data will require about 48 hours of spy work.

"The POWER-SUPPLaY code can operate from an ordinary user-mode process and doesn't need hardware access or root-privileges," the researcher concluded. "This proposed method doesn't invoke special system calls or access hardware resources, and hence is highly evasive."

The main concern here seems to be a supply chain attack aimed at very high value targets. More at at The Hacker News.