In a discussion I recently had about covert channels someone suggested to use power line communication for data exfiltration of data from malware infected air gapped systems. In this article I look into the feasibility of this idea.
[Updated 2017-08-02: Fix mix up in harmonics/overtone numbering, thanks Allan H. ]
[Updated 2018-04-12: The Cyber-Security Research Center of the Ben-Gurion University just released a paper describing the same attack. Some notable points from there paper:
- They are able to leak at a much higher carrier frequency, 15 – 24 kHz. At a short distance this allows them to get much higher bit rates.
- They also tested the influence of running the attack from inside a virtual machine.
Air gapped systems are computers or networks that are physically disconnected from the outside world. Air gaps are used in various ways:
- Protect sensitive information: like PKI private keys, bitcoins, software source code, state secrets
- Prevent influence from outside: eg. protect nuclear power plant from sabotage
- Contain software: In case of malware analysis to prevent the malware from spreading
In most cases they will also be well protected from physical attacks by placing them in a vault, secured room, or secured building.
In cases air gaps are used to protect sensitive data from leaving the system, data might still be required to enter the system. For example intelligence data from public sources might be gathered on the internet and be transferred to a air gapped system for processing by analysts. But also software updates and security fixes have to be transferred to the air gapped systems. To easily allow sending data to the air gapped system, a unidirectional network connection, eg. a data diode or data pump, might be used. In other situations CD’s or USB thumbdrives are used to copy the data to the air gapped system.
Although air gaps offer a high level of security they don’t guarantee 100% safety. Notable examples from the past are Stuxnet and the CIA’s Brutal Kangaroo.
So getting data into an air gapped system and attacking a system is in some cases viable. However getting data out of an air gapped system tends to be a problem. Data diodes physically guarantee no data can flow back. CD’s are in general destroyed after importing the data. USB thumbdrives do allow data to be written to them, but don’t offer a continuous channel.
Here enters the power line. A power cord is something every air gapped system will have. Also the power cord will, in almost all cases, leave the physically secured area in which the air gapped system is placed to connect to the main power grid.
So if malware would somehow be able to send data over the power line from a standard computer, it might be possible to receive this data outside the physically secured area.
Power line communication on unmodified computer hardware
Power line communication has been in use for many years. But in traditional power line communications special hardware is used to inject a high frequency signal on to the power lines. Such hardware will not be available in air gapped systems.
What can be influenced by software is the amount of power consumption of the device. Modern energy saving hardware uses far less energy when idle compared to under full load. For example a Dell PowerEdge 1950 server(single Intel Xeon E5430) has a difference of rougly 30 W in power consumption between idle and full load.
This shows that modulating the processor load should be a viable way for signalling data over the power line.
Receiving the data
To measure the change in power consumption a current sensor must be placed on the power line feeding the system.
Some examples of current probes are:
- Current transformer: split-core or solid-core
- Non-invasive current probe for multi wire cords
- Uninteruptable power supply (UPS)
- Power distribution Unit (PDU)
- Smart electricity meters
Current transformers are readily available (for example at SparkFun). The split core variant can easily be installed on existing wiring. However it does require a single wire to be accessible, and thus doesn’t work on multi wire power cords.
To measure the current in multi wire power cords without having to modify them some alternative current sensor designs exist. For example the paper “Noninvasive current sensor for household appliances and compensation for
installation variation” from S.H. Cheng and S.F. Lin describe a design. It is unknown to me if the are any off-the-self implementations available on the market at this time.
UPS devices tend to have a management port that allows the current consumption or load percentage to be queried. The precision and the interval of the measurements depend on the UPS brand and model.
Some advanced PDU devices also have a management port that allows querying the current power consumption. For instance PDU’s made by Schleifenbauer allow the current to be read out per power socket using Modbus. But similar to UPS devices, the precision and interval of the measurements depend completely on the brand and model of the device.
UPS and PDU devices are specifically interesting if the management interface is connected to the normal, internet connected, network. Which isn’t an unlikely situation if the UPS/PDU is part of a bigger system and the air gapped system is only a branch of this power system.
Smart electricity meters are very good in measuring the power consumption. But this information might only available at a low rate outside of the device. For instance the dutch DSMR standard for smart electricity meters specifies a serial port, the P1 port, that outputs the power consumption at a rate of once per 10 seconds. On the other hand the device is fully under control of the utilities company, and remotely manageable.
Spectrum and Frequency response
For choosing a good carrier frequency, bit rate and modulation scheme the spectrum has to be analysed and the frequency response of the load modulation needs to be determined.
It is expected that only low frequency load variations will be measurable. This due to the capacitors in the computer power supplies and EMI filtering.
The tests in the following paragraphs are all run on Linux, with the CPU frequency governor set to performance and the test software running at real-time priority.
To get an idea of the spectrum a spectrogram was made of a capture on a single fuse group of a domestic installation. The devices connected to this branch include: a refrigerator, Small form factor PC, 23″ LCD display, and various routers and single board PC’s.
The 50 Hz power frequency is clearly visible. The even harmonics of the 50 Hz power signal are only slightly visible, while the odd harmonics are also very strong. This is suspected to be caused by the current transformer.
To determine the frequency response a test program was run on various systems which modulates the processor load of the system between nearly idle and fully loaded at specific frequency. This was done for frequencies between 10 and 1000 Hz with steps of 10 Hz. Every frequency in the range was tested for 1 second.
To measure the current a split core transformer is used connected to a sound card of a separate system. The sox tool is used to capture the samples, reduce the rate and generate a spectrogram. Measurements are taken directly at the power line of the tested device.
The images below show the spectrograms of the various devices tested:
Dell PowerEdge 1950
Intel I7 Desktop
Dell Vostro 3550 Laptop
Dell Vostro 3550 + wtc0v adapter
The frequency sweep can be easily spotted in the spectrograms. Note that the 10 Hz carrier is visible at 60 Hz and 40 Hz. This is because the carrier is modulated on top of the 50 Hz power grid frequency.
In the lower frequency range the leaked signal is the strongest. For higher frequency the strength is limited. Although there are variations between the tested hardware, this trend seems to be similar for all platforms.
Even though the software modulates the processor load as a block wave, only a narrow peak can be seen in the spectrum at the modulation frequency.
Interesting to note is that the Dell WTC0V laptop adapter is very noisy. If a device like this is connected on the same branch of the power net being attacked, it can seriously influence the ability to communicate.
How much the characteristics of the current transformer influenced these measurements has not been tested.
Rough estimate of maximum bit rate
In the previous chapter we determined that the signal strength of the load modulation is strongest at low frequencies, ie. carrier < 50 Hz == signal < 100 Hz. Also there is the 2nd harmonic at 100 Hz and a very strong 3rd harmonic at 150 Hz. So lets assume the carrier must be < 50 Hz.
Because it is only possible to modulate a square wave the time required to transmit 1 bit must be a integer multiple of the carrier period. Also when changing symbol some noise might be generated, depending on the modulation scheme. So assume every symbol period must last at least 2 carrier wave periods.
The easiest modulation scheme to use would be amplitude modulation, ie. ASK. However ASK uses a bandwidth of 2 times symbol rate. Phase modulation(PSK) is a better solution, with a bandwidth equal to the symbol rate. PSK modulation is also easy to implement, however demodulation takes some more work than for ASK.
So given these parameters we can calculate:
For Binary PSK(BPSK) this would mean 39.2 bits per second. To further increase the bit rate a multi level modulation can be used like QPSK, 8PSK, etc. To what extend this is possible will depend on the signal noise ratio.
To prove this attack actually works a small proof-of-concept implementation was written. For this POC BPSK modulation is used with a configurable carrier frequency and baud rate. All tools have been developed and tested on Linux.
The tools are available for download on Github: https://github.com/dimhoff/powercom.
The sending side consists of a POSIX C program that generates a carrier with a phase shift dependent on the symbol to send. To generate the carrier a POSIX interval timer is used. Multiple threads are used to generate load on the various processor cores. Each load generating thread constantly locks and unlocks a mutex in an endless loop. To stop generating load the controlling thread will lock all mutexes. This causes the load generating threads to sleep till the mutexes are unlocked again.
Data is packed in a simple packet format with preamble and length prepended. This is done to allow the receiver to identify which phase represents a ‘1’ and which is a ‘0’, ie. to overcome the twofold phase ambiguity introduced by PSK modulation.
The program allows the carrier frequency and carrier periods per bit to be configured. This means that the carrier will always be an integer multiple of the baud rate.
It was found that to get the best signal the Linux performance governor has to be set to performance. Also to limit effects of other processes running on the same system, the test tools are run at a real-time priority.
At the receiving end a split core current transformer is used connected to a sound card with a small resistor to dampen the signal to prevent clipping. The soundcard is sampled at 48 kHz and down sampled to 2 kHz using the sox program. Using sox has shown to have decent anti aliasing filtering. The sox output is converted to a TCP stream using a simple python script.
The sampled data is send to a GnuRadio program for demodulation. The demodulator uses a simple 2nd order Costas loop plus threshold detector to demodulate the signal. The output from this is again converted to a TCP stream and fed into the next stage.
The demodulated bit stream is processed by a python script that recovers the symbols from the input stream, and extracts the data from the data packets.
POC Test results
The POC software was tested by sending 256 packets with an index number and its inverse. The receiver was connected at the feed line of the test setup and checks how many packets are received without errors.
The test setup consists of:
- Dell PowerEdge 1950
- Custom Desktop i7-2600
- Dell Vostro 3550
- Intel NUC7i5BNH
- Monitor: 23″ Dell P2314H
- Network Switch: Target 8 port 10/100 n-way switch
Only the device under test was active, the other devices are powered on but are (near) idle.
In the first test a fixed baud rate of 6 baud was used. The carrier frequency was varied between 6 Hz and 180 Hz in steps of 6 Hz. The chart below gives the percentage of packets successfully received at the various carrier frequencies.
The test results show that there are big differences between the tested machines. The Dell Vostro 3550 has a good data leakage across the whole frequency range. While the Dell PowerEdge 1950 only has a good signal in the lower frequency range.
The overtones of the 50 Hz power frequency are also visible in the results. At 48 Hz carrier frequency, this is 98 Hz modulated frequency, ie. around the second harmonic, a dip is visible in the amount of packets received. However communication is still possible. The third harmonic, around 100 Hz carrier frequency/150 Hz modulated frequency, is much stronger and inhibits communication for all machines. This matches what we saw in the earlier sweep test.
In the second test the amount of carrier periods per bit was kept stable, thus increasing the baud rate with the carrier frequency. In this case the baud rate is equal to 1/2 times the carrier frequency. The carrier frequency was varied between 6 Hz and 162 Hz in steps of 6 Hz. Below chart shows the percentage of packets successfully received.
Again there is a big difference between the tested machines. The Dell Vostro 3550 is the only machine allowing some communication at the higher frequency range, > 100 Hz. This allows as baud rate of 78 Baud, but with only 69.5 % of the packets successfully received.
After 36 Hz/18 Baud a steep decline in the amount of packets received is visible. This is likely caused by the first overtone of the power frequency which starts to overlap the used bandwidth from this point, up to 72 Hz. At 72 and 78 Hz there is no overlap with any harmonics and for some machines the amount of packets increases again.
UPS based receiver
Similar tests as above were run with a APC Back-UPS RS 500 uninterruptible power supply as signal receiver. This UPS has a management port that connects to a computer as a USB HID device. The UPS allows reading out the UPS load in percent of the maximum load.
Due to the limited capacity of the UPS only the device under test was connected to the UPS, all other machines are turned off. The Intel NUC7i5BNH was not tested instead it was used to sample the UPS load.
The UPS load was sampled at 90 Hz. At this rate the capturing software rarely misses its sample deadline. The deadline is missed roughly in the order of once a minute.
A sweep of the spectrum shows that the captured data contains very strong aliases. Especially one that is symmetric around 25 Hz. In the lower frequency range, < 25 Hz, the signal is very strong. In the upper range the signal dies out. How much the signal decays at higher frequencies depends on the device.
Note that because the UPS measures the percentage load instead of the current, the 50 Hz power frequency is not visible in this spectrogram. And thus a 10 Hz modulated carrier wave will appear at 10 Hz in the spectrogram.
The fixed baud rate test shows that with the Dell PowerEdge 1950 it is possible to get reliable communication. The other machines however were almost unable to communicate. The Dell PowerEdge 1950 is unable to communicate at 24 Hz, this is suspected to be caused by the strong alias at 25 Hz seen in the spectrogram.
The varying baud rate test also shows the Dell PowerEdge 1950 is the only machine to get decent communication.
Why the Custom Desktop and Dell Vostro 3550 were unable to communicate is not clear. The spectrum sweep suggested that in the lower frequencies they should have been able to communicate. But due to time constrains this was not investigated any further.
Alternative means of load generation
In this POC modulating the cpu load was used to generate electric load. This method was chosen because it is easy to implement, doesn’t require special permissions, the optional ability to generate idle-ness by claiming all but 1 core for the malware, and can be done without the user of the system noticing to much of it.
Alternative methods of generating electric load exist but have not been tested. Some examples:
- GPU: on server platform not a big factor, but could be interesting for desktop systems.
- HDD (platter based): Modulating power consumption will interfere with normal disk access on the server.
- Fans: Easy to detect by operator when listening to the computer.
- Backlight: For laptops. Modulate display brightness. About 5 watt power usage difference between max. and min. brightness. Not covert.
- Server shutdown and wake using rtcwake: Maximum change in power consumption but very slow, and not very covert.
- Server cluster: By preforming advanced queries on a cluster of servers, eg. database servers, it might be possible to modulate the power of a whole server cluster. This is very situation specific.
This attack has four important prerequisites:
- Malware infection of air gapped system
- Way to influence system power usage
- A way to measure current or power on a power line
- Not to much noise on power line
The prevention of malware infections on air gapped systems is obvious.
Assuming standard modern PC hardware is used the power consumption can be modulated. If processing power is not important then a low power platform, like a Raspberry PI, could be used to limit the signal strength than can be generated. Although in most office situations, that require Windows and Office, this is not a viable sollution.
Preventing an attacker to measure the current/power usage of an air gapped system without to much noise, is probably the most important defence against this specific attack.
When connecting an air gapped system to a power management device, make sure that the management interface is not connected to a non-air gapped system. Or make sure enough other systems are connected that cause enough noise for this attack to fail.
Also power lines that feed air gapped systems can be physically protected against placement of measuring devices. This will be needed at points where noise levels are low. This would also mean working with trusted electricians to maintain this part of the power network.
Ultimately a battery powered device can be used that is only powered on when running on batteries. And is charged when powered off. Do note that if powered up when connected to the power network the batteries will by bypassed and this attack will still be possible. The same applies to using a UPS.
Due to lack of resources some items have not been researched. These items might be interesting to research in the future.
In the chapter “Possible Defences” I talked about noise levels. But exactly what noise level is acceptable and how much noise various electric devices produce is not investigated. This is specifically interesting when implementing defences against this attacks, as discussed above.
In high secure environments special hardware is used that is protected against unwanted emission of, mostly high frequency, signals leaked through RF, power lines, etc. It would be interesting to investigate if this attack also works on this kind of hardware.
This article shows that modern unmodified PC hardware can use load modulation to transmit data through the power line. Achievable bit rates are very limited. A simple POC was able to send data at a raw bit rate of up to 78 bits per second. Although this was only possible on one of the tested machines, in a lab situation, and with a lot of packet loss. It is expected that in practice the actual data throughput will be in the order of tens of bits per second.
This technique can be used by malware to exfiltrate information from a system protected by an air gap. In combination with a data diode or similar device this can give an attacker a bi-directional data channel.
In combination with network connected power management devices that can measure power usage, this attack can in theory be executed remotely. In other situations physical access to the power line will be required. Although access to the power line outside of a physically secure room might be sufficient.
Although this article shows a covert channel can be created, its practical use for attackers will be very limited. Therefore defending against this attack is probably only of interest if defending against state sponsored attackers, especially in the cases where physical access is required.
The “driver” is a XML file with an embedded lua script. The control4-box seems to know about the air transmission format (OOK, 433.42Mhz, etc), so the script only constructs the frame.
The encryption is standard AES, but I really do not understand why they chose to implement it like that.
They do use AES, but only to encrypt a simple counter (a 16 byte array), that is then used to XOR the plaintext with.
1) Base64-decode the contents of the tag.
2) Setup AES in ECB Mode, with IV = 0 and Blocksize of 128 bits.
3) AES key=…. (I don’t think I can post this here, but it can be found in the DriverEditor executable, it is saved in plaintext there)
4) Initialize counter to 0
5) Do this for 16 byte blocks until the end of the encrypted text:
5a) increment counter
5b) encrypt the current counter value with AES
5c) for each byte of the current block of encrypted text:
6a) plaintext[currentBlock + currentByteIndex] = encryptedBytes[currentBlock + currentByteIndex] XOR counter_encrypted[currentByteIndex]
5d) read next 16 byte block (or less, if the end of encrypted text is reached)
5e) repeat from 5a
As I said, I don’t know why they choose to encrypt the counter with AES, instead of directly encrypting the plaintext.
The XOR afterwards adds nothing to security.
You may find the Control4 Driver Editor application a really useful source of information concerning the encryption.
Download it from here: http://www.control4.com/documentation/Composer_Pro_User_Guide/Using_DriverEditor.htm
Use a .NET debugger or disassembler and have a look in the C4AES class, the key and algorithm are all there.