Killing computer infrastructures with a bang!
In an attempt to demonstrate how easy it would be for attackers to perform a high-voltage attack against a company’s computer infrastructure and take it down by damaging it, security researcher Grigorios Fragkos found a device that can easily be used to “fry” other appliances on the network: computers, switches, attached storage devices, etc.
“Due to my experience with physical security assessments, I noticed that there are many unattended Ethernet ports everywhere around a building. These ports might not be ‘active’ but most of the time they are connected at the far-end on a managed or unmanaged network switch,” he explained.
He decided to use these ports as a way in, and initially experimented with a single cable that connected a power socket to the Ethernet one, sending current directly to it. This resulted in the network switch at the other end being “toasted” in a split second, but nothing more.
He then tested a smaller device with the same results, meaning it was not powerful enough to spread the destruction further than the network switch.
Finally, he found the right one – one that was small enough to be hidden in a laptop bag, and powerful enough to generate a spark that will travel over 100 meters via cable to the network switch, and jump from the switch to other connected devices.
“It is not the cheapest thing in the world to test this, as it took all of my old hardware I had in my attic to run these experiments. I believe the threat from such a high-voltage attack against a computer infrastructure is real and should be dealt with,” Fragkos concluded.
He didn’t share technical details about the devices he used, because he didn’t want people to attempt this at home.
“The tests were performed under the supervision of licensed electricians, in a controlled environment,” he pointed out, and warned, repeatedly, that it would be very dangerous to perform them without those precautions.
Apparently, he’s not planning to take this research further to come up with an idea how to minimize or remove the risk of such an attack, but has offered other researchers who might be interested in this to get in touch so that he can share his findings.