[hansjorg]

Very nice, could be used for exfiltration with some tuning.

The most advanced example of this kind of inadvertent transmission I've seen is Fabrice Bellards DVB-T transmitting with a standard VGA card:

https://bellard.org/dvbt/

[JosephRedfern]

Related Reading: https://hackaday.com/2018/04/23/spoofing-cell-networks-with-...

[sidpatil]

https://en.m.wikipedia.org/wiki/Tempest_(codename)

[Darkphibre]

I wanted to spin up a hardening service back in the mid-90s, based around what we knew of Tempest. I even named it Echelon Consulting (as in "upper echelon," but with a nod to ECHELON). My spouse wouldn't let me, they felt it'd be too risky to get involved with that environment, and we were just starting our family.

But... yeah. You could tune into VGA monitors up to a mile a way using consumer hardware, and reception is perfectly legal (lots of case history to back this up)!

I figured my pitch would be to walk in with a briefcase setup, flip a switch, and show them what the receptionist was working on. Then ask if they were worried if competitors could know what they were working on (not a threat, just bringing awareness), or would they be were interested in some expensive cables/hardware.

Now that the kids are grown up and divorce pending, I've debated getting back into the netsec field. Lots of fascinating angles to be had in unexpected hardware boundaries... and my background in data science/machine learning/DSPs could prove fruitful in signals reconstruction...

[westmeal]

No kidding. What consumer hardware?

[skunkworker]

I was thinking the same thing, have it exfil a secret key out of a server room (theoretically).

I also got reminded about the method to send data from one computer to another over low frequency sound https://www.extremetech.com/computing/171949-new-type-of-aud...

[jcims]

Also through HDD noise

https://arstechnica.com/information-technology/2016/08/new-a...

[norrius]

I love how a (metaphorically) air-gapped system can be attacked (literally) through the air. Maybe the truly critical things should also be vacuum-gapped (and put into Faraday cages while we're at it)?..

But the system still has some connection to the outside world, right? That means we could run some heavy GPU load and measure the variation in its power consumption, which apparently has been tried before: https://www.helpnetsecurity.com/2018/04/13/data-exfiltration...

Along these lines, the excess heat has to go somewhere, so maybe one could measure the variation in the work of the coolant system. I couldn't find any research about it right away (BitWhisper is similar, but a bit different), but I trust someone has already tried that.