Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Hackers Can Stealthily Exfiltrate Data via Power Lines

Researchers have created proof-of-concept (PoC) malware that can stealthily exfiltrate data from air-gapped computers using power lines.

Researchers have created proof-of-concept (PoC) malware that can stealthily exfiltrate data from air-gapped computers using power lines.

The malware, dubbed PowerHammer, is the work of researchers at the Ben-Gurion University of the Negev in Israel. The university has previously published research on jumping air gaps via magnetic fieldsinfrared camerasrouter LEDsscannersHDD activity LEDsUSB devices, the noise emitted by hard drives and fans, and heat emissions.

PowerHammer exfiltrates data from a compromised machine by regulating its power consumption, which can be controlled through the workload of the device’s CPU. Sensitive pieces of information, such as passwords and encryption keys, can be stolen one bit at a time by modulating changes in the current flow.

Researchers have devised two versions of the PowerHammer attack: line level power-hammering and phase level power-hammering.

In the line level variant, the attacker intercepts the bits of data exfiltrated by the malware by tapping the compromised computer’s power cable. In the phase level attack, the attacker collects the data from the main electrical service panel. The data can be harvested using a non-invasive tap that measures the emissions on power cables, and converting them to a binary form via demodulation and decoding.

A computer’s CPU is a significant power consumer and its workload has a direct impact on power consumption and implicitly the flow of current in the device’s power cable. By overloading the CPU with calculations and stopping and starting the workload, it’s possible to generate a signal over the power lines at a specified frequency.

In the case of PowerHammer, the attacker establishes two different frequencies – one representing a “0” bit and another frequency representing a “1” bit.

During their experiments, researchers saw transfer rates of up to 1000 bits/sec for the line level power-hammering attack and 10 bits/sec for the phase level attack. The best transfer rates were achieved on a PC, followed by a server (which had lower bit rates and more errors), and IoT devices (bit rates of up to 20 bits/sec and error rates of up to 18%).

While these can be significant transfer rates for exfiltrating small pieces of information such as passwords – obtaining one character from a string requires 8 bits to be transferred – reliable exfiltration requires more than just sending the raw data. Researchers created 44-bit data frames that, in addition to the actual data being exfiltrated, include a preamble that signals the start of the transmission and 8 bits of CRC code at the end of the frame for error detection.

As for countermeasures, researchers say PowerHammer attacks can be prevented by monitoring power lines for the presence of covert communication channels, by using power line filters to limit the leakage of conduction and radiation noise, and by installing software-level jammers that execute random workloads on the system in order to cause interference in the data transmission process.

Related: Dell Launches Endpoint Security Product for Air-Gapped Systems

Related: Hackers Can Steal Data From Air-Gapped Industrial Networks via PLCs

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.