Reply to post: Re: Meh

Data exfiltrators send info over PCs' power supply cables

Ben Tasker Silver badge

Re: Meh

I've been in more than a few buildings where the server rooms are heavily secured, but the plant is not (it's just machinery etc, etc....). So access to the plant is undoubtedly a lot easier a good %age of the time.

You do need to get the malware onto your target computer somehow, but that can potentially be done remotely via social engineering or chaining exploits to get RCE.

When you're talking about this level of sophistication, it's not unreasonable to think that your victim's network might already have various systems in place trying to detect (and block/report) the more traditional methods of exfiltration. It might be an inconvenient approach (with plenty of issues), but it is potentially a way around those.

I've certainly worked in places where this research will have been noted and they'll be watching for any developments and discussing whether there are any *easy* mitigations they can put in place (like better securing the plant rooms). Most of those tend to have strong physical security around the site, but the assumption is always that that could be overcome and so should be treated (to some extent) as not being there

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019