Hacker News new | ask | show | jobs
by arboroia 3958 days ago
Ridiculously impressive and extremely hard to shield against, baring using your computer in a faraday cage.

Thinking about it, is there any way to vary the electricity consumption of the computer as to transmit that way if it was in such a cage?
4 comments
9wzYQbTYsAIc 3958 days ago
Computer enclosure and server rack manufacturers might have a new market for built-in Faraday cages.
link
brohee 3958 days ago
TEMPEST hardened computer certainly isn't a new market, see e.g. http://apitech.com/products/sn6730tf-tempest-laptop-notebook...

It is however a very niche market. For server rooms, it's much cheaper to harden the room, which limits the market to desktop and notebooks...

link
nickpsecurity 3958 days ago
Old is New Again meme. ;) True: rooms or safe's are best route. There's also more suppliers for that and more willing to work with non-defense customers. However, you've always been limited on desktop and notebooks in high security assessment given all the functionality (esp wireless) in them. There's just way too much risk. So, I recommended hardened thin-clients/monitor/keyboard/mouse plus key servers in a shielded room, no wireless anything, shielding of building from external signals where possible, and of course a lot of distance around the building. Costs quickly become an issue and most just don't do TEMPEST/EMSEC at all. Open season when the attacks get democratized. ;)
link
9wzYQbTYsAIc 3957 days ago
Amazing, thanks for sharing! This is why I enjoy HN - I learn at least one new thing a day.
link
opless 3956 days ago
Yes. http://www.simonwaite.com/random-thoughts/communication-from...
link
yk 3958 days ago
It should be possible to vary the sleep states of the processor, at least if you are root. That should give you something like 50 W amplitude. No idea how that would look on the other side of the power supply.
link
tedunangst 3958 days ago
It's pretty obvious, but perhaps worth noting that this requires the malware be installed on the computer somehow. That in itself is probably a challenge for an air gapped computer.
link
jacobwcarlson 3958 days ago
Not if you access to the supply chain for the construction of the computer.
link
retbull 3958 days ago
Or if you simply do what the REDACTED government did when they released StuxNet which is infect thumb drives and leave them near by the building in the parking lot. People pick up and plug in anything.
link
mirimir 3958 days ago
Ideally, people don't use random USB drives in air-gapped computers ;)
link
stephengillie 3958 days ago
Or you use one of a number of methods to disable unnecessary USB ports, so there's nowhere to plug anything in.
link
mirimir 3957 days ago
Or you miswire them, disconnecting data lines from the ports, and routing bus power to the data terminals on them ;)
link