My throat explode laughing at this! HAHAHAHAHAHAHAHHAHAHAHABABABAHAHAHAHAHABAVAGA

Imagine mining still

Pro tip: for your cyber security, always be mining (and send the coin to me)

@@Jake48898 imagine pooopy poopy poopy

As someone who lived during dial up, it was extremely frustrating to download anything and it get corrupted which happened a lot as well (maybe 1 in 4 "large 1mb+" downloads would be corrupted.

GPU Fan exploit incoming

Spin the fans up or down and transfer data via variations in sound

I think this was related to one of the voltage regulators or clocks as this laptop has a shared fan for the gpu and cpu.

Yeah that's just a shit/overloaded PSU

@@kreuner11 Nope, no where near enough current to escape the shielding of the case, this PSU thing is a bit BS TBH, all PSU's are very different, huge amounts of current would be required to modulate, even then you would need a very nearby coil and receiver/malware would need to be calibrated AND it would be super obvious... AND with such a low bit-rate you might get a pswd, but what use would that be on an already pwned air-gapped PC. Air-gapped PC's are usually in big locked and shielded rooms that have access control... Yeah sorry but I gotta say this idea would never have any serious application... sorry but this one is clickbait IMO

Lol

I think it comes down to three main things: 1. Know how electromagnets work 2. Know how a power supply works 3. Know how a CPU works If you know these three, the only thing left is a bit of creative thinking to make such an ingenious exploit.

They didn't

@@MacGuffin1 troll

No one is being "hacked using a power supply", the PSU is used to transmit data by malware already on the computer. So you'd need to already have been hacked. More accurate to say "PSU has been used as a theoretical data transmitter for use by malware to steal data", much like you could use speakers, a monitor, the little hard drive activity LED, the caps lock light on a keyboard, and so on. None of these are alarmingly practical.

yeah, but the attack is something that would be done over a long time frame to collect as much as possible and sort it out later. this would not be a person hanging around with a phone in their hand, but something done with a device hidden nearby and communicating over the 4G/5G cell links. If you are not time constrained, you could steal an entire project over time. Given the lax physical security in most corporation (and even government) facilities, this is likely useful for a state sponsored threat actor.

It would be trivial to shape the malware to block other processes and stuff while the data is being transmitted....

​@@trixer230you wouldn't even need to block other processes. just design the malware so that it encodes the system's power supply usage in addition to the malware's power supply usage so that the two can be differentiated

he wouldn't be wrong

Wow these thing seem impossible but it actually exist! I wonder if we can use these concept for something useful other than hacking

What I find most sus about this is the same reason those who used to hunt those sites down for bounties stopped doing so. Back in the days when dinosaurs roamed the earth if you hunted these evil people down one was given a bounty for getting them put behind bars but then something else happened. In efforts by three letter agencies to catch more fish in their nets they began building honey pots so criminals who partook in those sites would without any warning they just stepped in dog shit when it was to late formed a dam of sorts for genuine cp hunters where upon search and destroy missions came upon one of those honeypots and after reporting them got notices of either it’s not a real site or it’s already been reported so bounties became rare and so time consuming it was better for those who championed the cause to take on new directions like developing apps or just stick to gaming since just about all those sites were fakes and images were faked so as welcoming a news of Apple contributing to getting these scumbags who abuse kids held accountable most of the places their wares would be sniffing for illegal content would likely be just another three letter agency honeypot meant to catch the bad guys. I’m pretty sure Apple wasn’t doing this for nothing even when it was welcomed news since it meant the average white hat hacker could breath easy knowing they no longer needed to be exposed to those types of things it seems the whole story will never be told as to why.

Hdd led exfiltration is way faster

@@taktuscat4250 iirc that requires a line of sight on the led though? I may be misremembering.

@@ThatSkiFreak yes - or well-placed mirrors 😁

@@ThatSkiFreak yeah but the range and transfer speed is better

@@taktuscat4250 Fair enough

Depends on how you breached the airgap. If you got someone to fall for an USB stick, you got the code inside, but you aren't getting back the stick.

My favorite way to do this on an air-gapped machine is using flashing qr codes.

Its not really misleading. It valuable information to know that the exfil method itself doesnt need admin privileges and can run in a VM and is worth pointing out. If you can get information from a protected source another way, knowing that to get it out you dont need them is important. Its a big part to the whole hack.

It's an airgapped machine. Being on the machine at all can be regarded as a high level of privilege, but this is not the same as 'enhanced privileges'. The point is that this works without any tampering with the OS, or exploiting the OS into doing something it probably shouldn't be. Even if this machine stores nuclear codes, the OS files should require higher privileges, because making the nuclear codes readable is the whole point of this machine. People with legitimate access to those codes should not be messing with the OS, so should not have access to that. If everybody requires enhanced privileges to access the data on this machine, then you have lost all protections enhanced privileges get you. It is not unusual for somebody to require access to run arbitrary data analysis programs on an airgapped machine, and these programs should not have the privileges to access keyboard inputs directly. The vast majority of programs should not need enhanced privileges. All you need to make this work is permission to run your own programs without elevated permissions, and that may not need an escalation. For the same reason, the passwords for it are not likely to be particularly interesting. Best case is that they are the same the passwords the user has for some non airgapped machine, so it is quite possible you already have one of them and used them to get the malware onto a USB into the airgapped machine anyway. I guess that could get you a host of other useful high privilege passwords that could be used on the non airgapped network, but that seems an overly difficult way of doing that, not least because that definitely does require privilege escalation on the airgapped machine (unless someone is stupid enough to log on as admin for normal access, or you have got access through an admin doing admin tasks). It is like breaking into a nuclear silo to steal the payroll information.

It depends on a malware, running on the target. If you have rogue software running on your machine you probably have bigger problems than this PoC.

@TypicalX yeah I was being silly

Good one.

It is of little consequence whether or not the "s" is there after "http". The server can force encrypted connection regardless of what you write in the address field. Cannot check what would the case be as the website seems to be down.

@@anteshell It responds with an insecure redirect on port 80, times out on port 443. The page it redirects to is an academic server without proper HSTS. I'm going to stick to my original assessment.

Lol

Hence the COVID reference in the contrived name of the method, of course :)

Reminds me of side channel attacks where you also observe an cryptographic device at things like the power consumption to break the encryption algorithm

Tempest attacks are similar but different. At least according to the Wikipedia entry they focus on unintentional electromagnetic leakage: generating em leakage deliberately is taking that idea another notch further.

Thanks Mike, glad you like the vids :)

except it wasn't true for covid. Just a dumb name to cash in on a dead trend.

and likely not just one hole

Mmhnnn true

Why hasn't anyone thought of that?

Impossible. The air gape would shoot the USB stick out of the port, turning it into a projectile and killing the would-be attacker.

@@thelight3112 you are taking the p

yeah had that happen while using my chromebook to read midis

Yeah, because 2000 years ago, people writing down this humbug totally knew that at some point there was going to be a IT company named for a fruit, so, that makes it such a totally clever revelation. "HURR I tpyed soemthing funy un teh int0rwebz!"

@@Anvilshock more to the point, why did Steve Jobs pick the name for the company knowing that the name is culturally associated with a massive downfall resulting from too much knowledge? I agree with you that back in the bronze age the original story makers did not predict Steve Jobs or computers; but equally I cannot believe that Steve Jobs grew up in the country he did without knowing the story and without also knowing that many of his compatriots believe it absolutely. That's the point I was making. It's not clever to misread something just so you can ridicule it. And on a pedantic point, the story was probably written down somewhat more than 2000 years ago, and appears to be from an even older oral tradition. The Dead Sea Scrolls are the oldest copies we have of this story, and are scientifically dated to around 2300 years ago, but are known to be copies of older works. I mean "known" by archeologists using scientific dating methods, not simply asserted by believers as an act of faith.

@@trueriver1950 Humans are all too eager to see connections where there aren't any. Who knows? Maybe Jobs just wanted something that appears ahead of Atari in the phone book. So, kind of the Dead Sea scrolls of the seventies. I could ask you why you eat bread. Don't you know that Hitler ate bread? Come back when you have something more substantial to the discussion. Or don't. No rush.

@@Anvilshock I say the same to you. That's now two totally vacuous objections you've made to what was a minor joke, though in fairness you do get the record for the most imbecilic example of Godwin's law I've ever seen. I suppose that's funny in itself. Have you got any more where they came from? if so please keep them to yourself because they are not relevant here. More importantly they are boring.

Glad to hear it :)

The NSA isn't using anything like this against a target with a phone and/or home assistant in the room. This is best suited for use against foreign governments or corporations.