Is Qubes immune from "Powerhammer attack?"

I was reading this last night:
https://www.bleepingcomputer.com/news/security/researchers-create-malware-that-steals-data-via-power-lines/

Was curious: Is Qubes safe from this type of attack?

Any countermeasures to this?

1 Like

not entirely sure, but as qubes are virtual machines, they may not be able to fully control the power usage, and given other VMs may interface, that qube can’t figure what the total CPU usage is and shouldn’t be able to adjust :thinking:

3 Likes

Solene’s reply covers remote infection, but I think the scenario this was primarily developed for was an offline machine, i.e. one that would need to be infected via physical means.

There’s two ways this can happen: get the victim to plug in some infected medium, e.g. USB stick, in which case it’s dubious that a successful infection would even occur (if a disposable sys-usb is used and untrusted data is only ever viewed in disposables); the other way is physical presence of the attacker (Evil Maid attack), in which case, if successful, the attack would be able to exfiltrate arbitrary data from any qube, at least if the malware is crafted well enough and can target QubesOS machines.

This is why thinking about physical security and trusted / measured / verified boot is important, albeit outside the scope of QubesOS (AEM can help, however).

1 Like

The researchers found that (with VMWare) VMs could use the attack but at
a limited rate. They did not, I think, test with more than 1 guest VM.
In the case of Qubes where many qubes may be running, I find it hard to
think that any one could reliably generate phase. Obviously dom0
would be able to do this.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

3 Likes

For this particular attack, use a laptop with a battery. Obviously, don’t connect the computer to any power source.

1 Like

Parallel thread on the Purism community forums: