I remember I used to draw fractals when I was learning Java. The computer would stop drawing regularly for garbage collecting, and I eventually noticed a squeaky sound coming out of the tower and stopping at exactly the same moment. I've never really figured what was causing the sound, but I guess it could technically be used as exfiltration mechanism...
OK, so you've air-gapped that PC. Cut the speakers. Covered the LEDs. Disconnected the monitor. Now, about the data-leaking power supply unit...
Israeli cyber-security side-channel expert Mordechai Guri has devised a way to pilfer data from devices that have been air-gapped and silenced. Organizations with extreme security needs may keep certain computer hardware disconnected from any network, a practice known as air-gapping, to preclude the possibility of miscreants …
COMMENTS
-
Monday 4th May 2020 22:25 GMT Brian Miller
Yes we know they squeak
We've all known for years that power supplies can squeak. Not news. And of course you'll have to be using SSDs intead of HDDs, and make sure that the fans always run at max because you don't want data exfiltrated through RPM changes.
At some point, we just can't have nice things out in public. Just the way it is nowadays.
-
-
-
-
Wednesday 6th May 2020 13:34 GMT Schultz
Re: SecureFiles (TM)
At some point we have to accept that an all-purpose computation and communication device (aka, a personal computer) is not the right device to handle and store sensitive information. If it should really stay secret, then you have to invest some more money, effort and time. Paper copies might still be a large part of that effort :). And they are easy to destroy.
A big part of our modern problem is the proliferation of "sensitive data". If everything is labeled secret and a million people should have access to it, the the system is designed to fail. But our modern governments, for some reason, like to declare lots of things secret. It'll only get worse with the US-China tensions and the predictable claims of stolen technology that we'll hear as Chinese companies continue to grow.
-
-
Tuesday 5th May 2020 00:33 GMT martinusher
Of course you've got to know what you're looking for
Anything that can be modulated by a peice of software can transmit data. I'm not quaking in my boots too much about this, though. At 50 bits/sec it'll take a bit under 2 days to transmit a megabyte ("MiB")(if you insist). I reckon the chances of extracting a usable amount of data would be low to nil (even if the software used on both the system and the phone were optimized). Not that I wouldn't take notice -- there's a reason why Tempest was invented -- but I'd be more likely to asking awarkward questions like "where's that unauthorized transmssion coming from?" and "why is there a cellphone in this facility?" (and you can be pretty sure that there aren't any SmartThings, 5G or WiFi, within a mile of the place.....).
-
Tuesday 5th May 2020 09:43 GMT Dave 126
Re: Of course you've got to know what you're looking for
> I reckon the chances of extracting a usable amount of data would be low to nil
A single word might be of huge tactical or strategic importance... the name of a human agent, or the date and location of the planned invasion. A password.
Tinker, Tailor, Soldier Spy is named because the head of MI5 wants an agent to discover a mole and then report back using a single word.
-
-
-
Tuesday 5th May 2020 10:13 GMT My other car WAS an IAV Stryker
Re: All you gotta do is---
My then-fiancée and I were in Edinburgh the day after her sister and Scots bro-in-law got married (mid-Sep 2006) and I heard some awesome bagpipe-rock-and-roll in a shop. We bought a copy right then and there: "Parallel Tracks" by the Scottish Royal Dragoon Guards.
-
-
-
-
Tuesday 5th May 2020 13:11 GMT Anonymous Coward
Re: Hours???
This Windows 10 PC of mine has been running for a little under 15 days at the time of typing. It won't be restarted until updates are resumed in three weeks time. Most applications I use on a daily basis (Thunderbird, Vivaldi, Visual Studio, et al.) have been running just as long.
-
Tuesday 5th May 2020 05:55 GMT Maelstorm
In Langley, Virginia, USA...
The CIA main headquarters in Langley, Virginia, USA has a building within a building. The outer "shell" is the normal perimeter glass...the inner building as well. However, the CIA plays music between the two buildings so someone with a laser bounce device cannot recover any conversation happening inside the inner building. I also understand that the inner building is a Faraday cage to suppress any and all signals.
-
-
-
Wednesday 6th May 2020 16:31 GMT ben kendim
Re: In Langley, Virginia, USA...
... and elsewhere... From almost 5 centuries ago...
"The large fireplace with gilded hood (ocak) stands opposite a two-tiered fountain (çeşme), skilfully decorated in coloured marble. The flow of water was meant to prevent any eavesdropping,[65] while providing a relaxed atmosphere to the room. "
https://en.wikipedia.org/wiki/Topkap%C4%B1_Palace#Privy_Chamber_of_Murat_III
-
-
-
-
Tuesday 5th May 2020 08:42 GMT Mike 137
Elementary ...
So you only need specific malware on the "airgapped" computer (how did it get there?), compatible malware on a "nearby" mobile phone, a quiet enough environment to pick up the signals, some prior knowledge of the transfer function of power supply load to switching frequency (this varies a lot) and the ability to make sense of the results. How hard can this be?
I suspect that professional vulnerability reseachers sometimes lose touch with the practicalities of the real world, or maybe. like most academic researchers these days, they're obliged to keep publishing to stay employed.
-
Tuesday 5th May 2020 09:53 GMT Dave 126
Re: Elementary ...
> how did it get there?
As per the article, they use an Evil Maid attack. The point is, the maid, or cleaner or whoever, only has to act once - to plant the malware. After that information can be extracted.
Look, security researchers need to research potential attack vectors before deciding whether or not they could be used by genuine bad actors. Note that the research comes before the decision, which is the correct way round.
-
-
Tuesday 5th May 2020 10:03 GMT Stuart Castle
Interesting article, but totally impractical vulnerability. If you can get close enough to the machine to install this, you can probably get close enough to install malware to ex-filtrate data via another method, even if that method is just a concealed USB stick or single board computer somewhere. This is hard to do, but bear in mind that the organisations most likely to need to do it (the various secret services such as the CIA, MI5 etc) have decades of experience of getting physical things in and out of secure areas..
-
Wednesday 6th May 2020 13:49 GMT Amused Bystander
It is theoretically possible
A decade or three ago I went on a course at a certain establishment in Cheltemham where we learned to read what golf-ball printers were printing by looking at the spikes on the mains. It was fun, looking up the spike and comparing with letter-frequency tables (E being the most common etc.)
As a demonstration of why TEMPEST was (is) neccessary, it worked.
However in the real world Google / Facebook / Twitter are much more profitable data sources.
Somewhat related: NCSC (GCHQ) have launched their anti-phishing scam address (report@phishing.gov.uk) - you can simply forward a scam email to them, and they investigate the scammer.
Except... GCHQ's Amazon AWS has blacklisted 1and1's email server.
So my forwards bounce... 1and1 host a couple of million domains.
And those emails we forward to them probably contain open distribution lists, company registration numbers, addresses in the signature.
And its going to an Amazon AWS instance...
Jeff must be delighted - slurp.
-
Wednesday 6th May 2020 19:48 GMT Lunatic Looking For Asylum
Re: It is theoretically possible
> Except... GCHQ's Amazon AWS has blacklisted 1and1's email server.
And so they should. Definitely a provider that doesn't give a flying fig about their email reputation. They let anybody on and send all sorts of shiz then have they have the cheek to complain when they appear at Spamhaus et. al. Monkeys & Tripewriters spring to mind.
AWS are marginally better.
-
-
Monday 25th May 2020 09:33 GMT Anonymous Coward
It's already known switching power supplies pollute power lines. Anyone using power line communication can attest to that.
So if miscreants can cause the power supply to change switching frequencies, theoretically the frequency can be detected on the power lines.
The solution is to attenuate the amplitude of the noise by adding an EMI/surge protector or a UPS.