How attackers are using power lines and building infrastructure to steal data without touching your Wi‑Fi
When most businesses think about hacking, they imagine someone miles away tapping at a keyboard. But there is a growing concern hackers are physically attaching to cables beneath office buildings to steal data.
Modern research shows attackers can abuse powerline networking, electrical wiring, and building infrastructure itself to spy on or access corporate networks.
This kind of attack often bypasses firewalls, antivirus, and cloud security altogether because it starts outside the digital perimeter.
What Is Powerline Networking and Why It is a Security Risk?
Powerline networking (also called Powerline Communication or PLC) allows data to travel over a building’s electrical wiring instead of Ethernet or Wi‑Fi. Offices often use it when:
- Wi‑Fi is unreliable.
- Running new network cables is not practical.
- Temporary or older buildings need quick connectivity.
Powerline adapters plug straight into wall sockets, turning the electrical wiring into a data network. Convenient? Yes. Secure by default? Not always.
Security researchers warn that if attackers gain physical access to the electrical infrastructure, utility rooms, basement wiring, shared risers, or exterior cable runs they may be able to intercept or manipulate data travelling over those lines.
How Hackers Physically Tap into Office Buildings
Researchers and security professionals have documented several proximity‑based attacks that do not require breaking into a laptop or cloud account at all:
1. Attaching to Power or Network Cables
If cabling runs through accessible basements, car parks, or shared utility areas, attackers can attach monitoring devices or taps. In some scenarios, power cables themselves can leak information through signal patterns and electrical fluctuations.
2. Exploiting Powerline Adapters
Some powerline networking devices have been found with weak authentication, outdated firmware, or exposed management interfaces. Once compromised, they can become a silent entry point into the internal network.
3. Power Line Monitoring Attacks
Advanced attacks have shown it is possible to infer or extract data by analysing changes in electrical current on power cables, even without cutting or visibly damaging them. These techniques rely on physical proximity rather than internet access.
How Businesses Can Protect Themselves
This does not mean ripping everything out tomorrow. Practical steps include:
- Auditing where powerline networking is used.
- Locking down access to comms and electrical rooms
- Updating or replacing legacy powerline adapters
- Segmenting networks so exposed devices cannot reach sensitive systems.
- Treating physical access as a cybersecurity risk, not just a facilities issue
Make sure only trusted devices can connect to your network
There is a setting on business-grade switches called 802.1X that forces any device plugging into a network cable to prove it is allowed before it can access anything. Without it, anyone who reaches a cable can simply plug in. Speedster IT can check whether this is enabled on your network and set it up if not.
Block unknown devices automatically
Network Access Control (NAC) tools go a step further by scanning any device trying to connect and blocking it instantly if it is not recognised. Think of it as a bouncer for your network ports. If you are not sure whether you have this in place, get in touch and we can take a look.
Get alerted when a new device appears on your network
Your firewall or network management system can be configured to flag any unknown device the moment it connects. This is one of the quickest ways to spot a physical intrusion before it becomes a real problem. Speedster IT can set up this kind of monitoring for you.
Switch off any network ports that are not being used
Every unused socket in a meeting room, corridor, basement, or comms cabinet is a potential entry point. Disabling unused ports takes minutes but closes off an easy route in. We can audit yours and lock them down.
Encrypt the data travelling across your network
If an attacker does manage to intercept your traffic, encryption means they cannot read any of it. Many businesses assume this is already in place, but it often is not. Speedster IT can confirm whether your internal traffic is properly protected.
Keep sensitive systems separate from the rest of the network
Using VLANs, your IT team can put your most important systems, finance, HR, servers, on their own private segment of the network. Even if someone gets into one part, they cannot reach everything else. This is something Speedster IT sets up as standard for clients in shared or multi-tenant buildings.
Regularly check what is physically plugged into your network
A simple walkround of your office, comms room, and cable runs to check that every connected device is expected and accounted for can catch a rogue device early. If you would like Speedster IT to carry out a proper physical and digital infrastructure audit, just give us a call on 0204 511 9111 or drop us an email.
Why Firewalls and Microsoft 365 Alone Are not Enough.
Here is the bit too many businesses miss.
Cloud tools like Microsoft 365, endpoint protection, and MFA are essential, but they do not protect you, if the attack starts before the data reaches your network stack.
If someone can:
- Plug into a powerline network.
- Interfere with building wiring.
- Access shared comms cabinets
…they are already inside the perimeter.
That is why cybersecurity professionals now stress that physical security is part of cybersecurity, not a separate issue.
Why This Matters for UK Offices and SMEs
Office buildings in London and across the UK often share:
- Basement utility rooms
- Cable risers between tenants
- External telecoms access points.
In multi‑tenant buildings especially, attackers do not need to break into your office, just the building infrastructure. That makes SMEs a softer target than large enterprises with dedicated security teams and locked facilities.
Managed IT Providers Physical to Digital Risk Checks
Managed IT providers increasingly include physical‑to‑digital risk checks as part of modern IT support, especially for offices in shared or older buildings.
At Speedster IT, we understand that modern cyber risks do not stop at firewalls or cloud platforms.
That is why our managed IT support goes beyond emails and endpoints to include physical‑to‑digital risk checks. Particularly for offices in shared, older, or multi‑tenant buildings.
Today’s attacks do not always come through phishing emails or brute‑force logins; sometimes they come through the walls, the floors, or the power sockets.
If your IT security strategy only focuses on cloud services and online threats, it can leave blind spots closer to home. Some attacks do not target Microsoft 365 or passwords at all. They start with physical access to cabling, power sockets, or shared building infrastructure.
If you are not sure whether your office setup could be exposed, Speedster IT can help.
We offer practical security reviews that look at both digital systems and on‑site infrastructure, helping London businesses spot risks early and fix them properly before they become a real problem. 0204 511 9111 or [email protected]
Source
With over 15 years at Speedster IT, I’ve built a career around helping businesses navigate the evolving world of technology. I publish all the content for the IT Support London Blog and Cyber Security Blog, where I share practical insights on infrastructure upgrades, cybersecurity trends, and smart IT strategies for growing companies.
