The name "PowerHammer" is also a bit of a mismatch. It's basically a covert channel via power consumption, which has been known. The transmission mechanism (write) is to idle the CPU for specific intervals of time in order to transmit bits.
Impressive engineering, impressive bitrate, but not so novel an idea, overall.
They had pilot BPL (broadband over power lines) projects (I think ibec comes to mind) back in the day, but the FCC doesn't like interference and the BRU (broadband regenerator units) that have to be installed every so often to fix signal degradation weren't cheap if I recall properly.
True, but I've never seen software open a physical hole to the machine. That is, air gap means there's no physical way to access the machine.
But this exploit would create, out of thin air, a physical connection to the outside world using the power outlet the machine is connect to.
So unless data centers become powered by solar panels or generators that are themselves under the same level of physical security as the server racks, then this is a pretty serious exploit.
TEMPEST shielding ranges from not at all cheap, to breathtakingly expensive, and what you’re describing is just one part of high level shielding. It’s not just the facilities that cost, but the fact that your electricians and janitors need clearance as much as your devs and analysts. Even if data centers wanted to go that route, it would have to pass the costs on to the customer, who would need to be s very particular kind of customer with deep pockets.
yeah but well-funded adversaries could easily exploit this and we're talking like a full-blown data leak so it might be worth it to protect against it.
You would need to be pretty close to the server/storage/etc to get a clean enough signal to be useful though. So physical security might be enough to protect against this type of attack. You probably can't just dig up the powerline outside and start tapping it thankfully.
Get a dirty pickup truck, a warning vest with the text "CONSTRUCTION" on the back and a pair of those laser device to measure out the land.
Then also put some shovels, pickaxes and other construction and digging gear into the back of the pickup truck.
Lastly, learn how to not behave like you're doing something forbidden or bad. You can try it out in less secured areas if you want to train up a bit.
Once you've mastered that you can drive up to any place and start digging. Nobody will question it.
The same is also true for IT security. Pentesters do that sometimes; walk into the bank, walk up to the manager office or similar, wait for a few minutes, then walk back. Everyone will now assume that you talked to the manager (provided they didn't see you standing there) and you can do things like "can I plug this USB stick in? I'm from IT and were updating the anti malware software in all branches." (that actually worked, there is a DEFCON talk somewhere)
So in conclusion; don't be confident someone won't dig up your powerline and start tapping it. Unless you have a habit of talking to the construction workers if they're allowed to do dig up the road.
Impressive engineering, impressive bitrate, but not so novel an idea, overall.