18 comments

[ 3.1 ms ] story [ 59.0 ms ] thread
My desktop is in a metal case. Shouldn't that block any RF leaking out of it?
Edit: I've just realised I was reading the AirHopper paper, which isn't the main paper being discussed, sorry

I've only skimmed the paper but as far as I understand it, the VGA cable is emitting RF, which the mobile is receiving.

So metal casing wouldn't make much difference.

I read the article, it seemed to be saying the RF was coming from the system bus.
Edit: sorry I was looking at the airhopper paper, doh

Yeah in the paper it mentions about cable shielding, "The effective distance is the maximal distance between the transmitter and the receiver, at which the transmission quality is still acceptable. As can be seen in Figure 5, the effective distance when using the receiver antenna is significantly larger with unshielded cable (extended VGA)"

That's perfectly fine if you're still using VGA.

It's analog and does leak quite a bit of data. But what about DVI-D and HDMI?

Surely they leak less power and even less signal.

Radiated, but not conducted.
'The attack requires both the targeted computer and the mobile phone to have malware installed on them, but once this is done the attack exploits the natural capabilities of each device to exfiltrate data.'

So it needs a previous security breach. Challenging, because as the article mentions, in secure environments the pc is not connected to internet nor are USB sticks allowed.

> The attack requires both the targeted computer and the mobile phone to have malware installed

> exploits components that are virtually guaranteed to be present on any desktop/server and cellular phone

1. That connector size appears to be a DVI connector. How does TMDS affect data transmission via TEMPEST leakage?

2a. Would HDMI render this attack void, due to encryption on the data signal layer?

2b. Since the HDMI master keys are known, would it be possible to modify data with the now-known key and pass data using this method?

3. What card is shown on the desktop? That looks like a rather suspicious card (GSM card?).

AFAICT the video interface is irrelevant. It exploits the data transfer between the CPU and RAM.

> When data moves between the CPU and RAM of a computer, radio waves get emitted as a matter of course. Normally the amplitude of these waves wouldn’t be sufficient to transmit messages to a phone, but the researchers found that by generating a continuous stream of data over the multi-channel memory buses on a computer, they could increase the amplitude and use the generated waves to carry binary messages to a receiver.

(comment deleted)
Regarding the airhopper paper at least, I found something pretty interesting from Markus Kuhn:

http://www.cl.cam.ac.uk/~mgk25/pet2004-fpd.pdf

"The two case studies presented in Sect. 4 and 5 analyze the compromising radio emanations first from a laptop LCD and then from a desktop LCD that is connected to its PC graphics card with a Digital Visual Interface (DVI) cable. In both cases, the video cable used to connect the display panel with the graphics controller turned out to be the primary source of the leaking signal."

Won't the modulating/transmitting malware increase the system cpu load (run queue, or whatever)? This could be a detection vector for it.

I have noticed when running a program that does nothing but work the memory bus, Memtest86+, the computer gets hot and draws a lot of power.

> It works with simple feature phones that often are allowed into sensitive environments where smartphone are not, because they have only voice and text-messaging capabilities and presumably can’t be turned into listening devices by spies.

I have no idea where they got this information from, because it is absolutely false in DOD classified environments. Anything that can be used as a recording device or that can transmit information wirelessly is restricted or prohibited, and personally-owned examples are strictly prohibited. In very strict environments, even receive-only electronics may be restricted.

I am not personally aware of any policy that makes a distinction between "smartphones" and "feature phones". The only thing I have ever seen referenced is phones with cameras, and even that was only for visitors in the unclassified areas.

If someone installed malware on that computer already, all bets are off. It might as well be a radio transmitter that's broadcasting every keystroke. The title is sensationalistic, because the hard part was installing malware. The "simple cellphone" part is meaningless.
If the attacker has installed malware on the target machine and has physical access to it, literally nothing will save you.
I'm still holding out for Homomorphic Encryption.