Powerhammer attack - hacking via power line without malware

I was reading this article last night:

Are Librem laptops immune from these attacks?

For example - if the router is connected to the powerline and the power line is used to access the Librem laptop without actually altering the BIOS, and unscrambling the RF signals from the monitor (something like van eck phreaking)

What countermeasures are there for this type of attack?

Anyone know?

1 Like

No, and furthermore, other types of devices are vulnerable.

They are explained in more detail in the PDF:

  • Power-line monitoring
  • Signal filtering
  • Signal jamming
  • Host-based detection

Thank you for the link.

1 Like

They can’t even ship browsers to their users that don’t have security vulnerabilities that were fixed upstream and downstream some time ago.

Look for example firefox in crimson and gnome web.

you are expecting so much from them.


Seems a bit bogus to me.

The important starting point is:

malicious code running on a compromised computer

So two things have to apply in order for this attack to be interesting.

  1. Your computer has to be already compromised.
  2. Your computer has to be air-gapped.

On the first bullet point, well, sure, so you already have a serious problem - and you would do well to defend against the original compromise as your front line.

On the second bullet point, well, most of us don’t. Even with a strong outbound firewall, most of us allow some traffic out to the internet, and most of us probably wouldn’t detect exfiltration directly via the internet. No need for exotic techniques such as the one discussed in the paper.

I can see why a country like, say, Israel that is surrounded by countries with which it has at best dubious relations, including some that are IT-sophisticated threats (coughIrancough) might be interested in this.

But your Librem 14 laptop? Yeah, nah.

The second aspect of bogosity is

Line level power-hammering: In this attack, the attacker taps the in-home power lines that are directly attached to the electrical outlet.

(exfiltrate at 1kbit/second)

Right, so they install a current measuring device directly on the power cord of the computer where it is plugged in to the mains.

So your physical security may already have been seriously breached. Again, you already have a serious problem. (The paper makes the observation that a sleeper agent who has infiltrated the foreign intelligence service or other target could take care of implanting both of the pre-requisites, the malware and the transceiver.)

As an aside, I wonder whether someone would notice the current monitoring transceiver, particularly on a laptop that is regularly unplugged and moved around. But I guess that is just “engineering” i.e. to design it to be unobtrusive enough. I suppose a laptop that uses a dock would be more vulnerable since when you pack up the laptop and go, the dock may stay behind - so you never look under the desk where the mains connection is.

This paper is totally relevant for state v. state spying and maybe some state v. interesting corporation and just maybe some state v. interesting person … but for JRandom you and me, don’t lose sleep over it.

How many sleeper agents do you have at your house? :slight_smile:


I am thinking “filtered power”. :man_shrugging:

1 Like

Parallel thread on the Qubes OS Forum:

1 Like

Doesn’t the TItle disagree with the article text? (Should “without” be changed to “with” ?)

Pffft, they’ve had the ability to do this for years, but the capability was with expensive equipment.

But yet, it really isn’t air-gapped if you’re on commercial power, no? . Power should also be segregated.

Poor man’s solution, run off a UPS, then swap out UPS when it runs dry. You’ll need at least two UPS. (However, Murphy’s Law say’s they’ll come up with an attack that collects data floating around in old UPS batteries.)


It would appear so. I will leave it to @paranoid to consider, however.

That wouldn’t necessarily defend against it.

If you are talking about the “phase level” attack and you had a building, say, with two separated networks - one connected to the internet and one air-gapped (from the first network and from the internet) - then for sure you are correct. The air gap needs to include the power network if you are trying to defend against this attack.

If you are talking about the “line level” attack then neither a separate power network nor even a UPS for the device itself really solves the problem - because power is being monitored directly on the power cable that feeds into the target computer.

Just for fun … I am contemplating how this attack would work in a PoE situation, which could apply to devices that are more IoT or network equipment, rather than desktop / laptop / server (in general). I think this would be a pretty cool attack if your adversary manages to swap out your PoE switch - so that the switch can directly monitor the power consumption (no extra receiver needed) and hence data can be exfiltrated directly from the target device to the PoE switch, without ever showing any network traffic.

Also, I wonder whether the idea could be extended so that the power monitoring device then relays the exfiltrated data out via the power network i.e. power line communication (in its various forms). (Again, a discretely modified PoE switch would be a good way of implementing that.)

However, as I wrote above, if you have randoms wandering around your building installing or replacing hardware, and installing malware, then you do have a bigger problem than just exfiltration of data.

1 Like