In some alternate timeline, there's yet another attack vector of noise from still-in-use floppy drives. (In addition to other less-obsoleted things like flatbed scanners.)
Much the same way that people have used them to make music.
Not an alternate timeline, I went to a blackhat talk that was exfiltrating data from airgapped computers with unconnected parallel port pins, printers (exact same thing as making them make music but faster and with EM), and other peripherals. At a usable distance of some meters too.
That just blew me away! I didn't think I was going to hear anything, but yeah, immediately it gave an almost pulse-width modulated high pitch tone. I'm not surprised, but it is also awesome. I'm so many years old yet I can still hear the hum from CRT's, but I'd say that tone is much higher frequency.
Two meters seems like a pretty short distance to bypass an airgap.
At that point, in the kind of situation where someone is actively trying to exfiltrate data, couldn't they point their phone camera at a screen?
Like, maybe there are scenarios where the exit device is compromised without the wearer knowing, or the spy wants to remain discrete, but they seem a bit niche.
My uncle described the air gapped facility he worked in… when they said no EM out, they meant nothing in or out except humans and filtered air. It was behind dual interlocking nuclear blast doors and concrete. Even the water was sourced and recycled on site to prevent documents or capsules exfiltration via the sewer.
I would think that a much more likely exfiltration method (assuming a compromised employee) would be via a capsule in the metaphorical "prison wallet" rather than the sewer.
Can you bring in a lunch (is that a Coke bottle or a secret camera?)? Are there trash bins? If there is water, does that mean there are bathrooms (who does the restocking?)? Is there coffee?! Who/how do you get data into the network? Who/how do you get data out of the network? Can you bring in printed reference materials from a slightly less secure facility?
Bottom line: probably a huge pain in the butt if you have to work like that.
Honestly I’ve never asked him, this was me listening as a 12 year old at the dinner table as he ranted about another search as he went into work. Now I have questions haha.
Actually, it's probably the opposite. The searches are more than likely to make sure you're not bringing anything in that could exfiltrate data like a camera, usb drive, or even pen and paper.
I work in a similar, secure environment. We are not allowed to bring any items in other than our persons, smart card that we scan on enter/exit, and the clothes on our back. We have to leave the facility to use the bathroom, eat, drink, etc.
The typical SCIF is configured with the break room, bathrooms and maybe lockers outside of the secure perimeter, the "regular" office space. Along with a wall mounted shelf area for people to put their wallets and phones.
This author appears to be quite focused on side channel attacks against various computer components. It appears nearly all of his 32 publications are regarding side channel attacks.
I mean, that's how academia works. You find your niche and then publish a bunch of articles around it. Much harder to publish on a bunch of unrelated topics.
29 comments
[ 3.8 ms ] story [ 73.4 ms ] threadMuch the same way that people have used them to make music.
https://www.theverge.com/24034551/floppy-disk-music-scene-un...
I used this for switching radio controlled power outlets which had 433mhz receivers. [2]
[1] https://github.com/markondej/fm_transmitter?tab=readme-ov-fi...
[2] https://github.com/F5OEO/rpitx
Also, undiscussed mitigation techniques[2] relevant to this general class of nuisance that circuit designers may find of value.
[1] https://news.ycombinator.com/item?id=8862689
[2] https://news.ycombinator.com/item?id=41505772
At that point, in the kind of situation where someone is actively trying to exfiltrate data, couldn't they point their phone camera at a screen?
Like, maybe there are scenarios where the exit device is compromised without the wearer knowing, or the spy wants to remain discrete, but they seem a bit niche.
Can you bring in a lunch (is that a Coke bottle or a secret camera?)? Are there trash bins? If there is water, does that mean there are bathrooms (who does the restocking?)? Is there coffee?! Who/how do you get data into the network? Who/how do you get data out of the network? Can you bring in printed reference materials from a slightly less secure facility?
Bottom line: probably a huge pain in the butt if you have to work like that.
I work in a similar, secure environment. We are not allowed to bring any items in other than our persons, smart card that we scan on enter/exit, and the clothes on our back. We have to leave the facility to use the bathroom, eat, drink, etc.
We employed a lot of improvised quality of life solutions that management doesn't want to know about.
This is really just publication spam.
https://arxiv.org/search/cs?searchtype=author&query=Guri,+M