Slashdot Mirror

← Back to Stories (view on slashdot.org)

Breaching Air-Gap Security With Radio

Posted by Soulskill on from the hitting-you-where-you-live dept.

An anonymous reader writes: Security researcher Mordechai Guri with the guidance of Prof. Yuval Elovici from the cyber security labs at Ben-Gurion University in Israel presented at MALCON 2014 a breakthrough method ("AirHopper") for leaking data from an isolated computer to a mobile phone without the presence of a network. In highly secure facilities the assumption today is that data can not leak outside of an isolated internal network. It is called air-gap security. AirHopper demonstrates how the computer display can be used for sending data from the air-gapped computer to a near by smartphone. The published paper and a demonstration video are at the link.

80 comments

  1. Meh by Anonymous Coward · · Score: 2, Insightful

    I would be impressed if it didn't require a malicious payload on the target computer.

    1. Re:Meh by Mr+D+from+63 · · Score: 4, Insightful

      Your refrigerator is vulnerable once I break into your house. You should consider hiding your beer somewhere safe.

    2. Re:Meh by AHuxley · · Score: 1

      That is shipped, factory sealed as unpacked and installed.
      Thats why all the spy rocks keep on getting found.
      How many where more than just dead-letter drops?
      Russian 'spy rock' was genuine, former chief of staff admits (19 Jan 2012)
      http://www.telegraph.co.uk/new...

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:Meh by Anonymous Coward · · Score: 0

      It really doesn't. A lot of information can be gleaned from a running computer using a directional antenna and a bit of signal processing.

    4. Re:Meh by Anonymous Coward · · Score: 5, Funny

      You should consider hiding your beer somewhere safe.

      Way ahead of you. BURP.

    5. Re:Meh by hawguy · · Score: 1

      I would be impressed if it didn't require a malicious payload on the target computer.

      Because it's so hard to get a malicious payload onto a computer? Especially one that you have physical access to?

    6. Re:Meh by Anonymous Coward · · Score: 1

      Sure, but that's the physical world. Just because you broke into one refrigerator, doesn't mean you can suddenly drink the beer from all the other refrigerators on the planet.

      Do you see the difference between the physical world and the information world?

    7. Re:Meh by Anonymous Coward · · Score: 0

      For years the big 3 letter agencies have been able to scan a hard drive when its working simply by listening to it. Those tools have been around a long time but you'd have to have direct line of hearing usually. SSD's will make that near impossible.

    8. Re:Meh by Anonymous Coward · · Score: 0

      Sure, but that's the physical world. Just because you broke into one refrigerator, doesn't mean you can suddenly drink the beer from all the other refrigerators on the planet.

      Do you see the difference between the physical world and the information world?

      No, I don't see the difference. Please explain.

    9. Re:Meh by gstoddart · · Score: 2

      Sure, but that's the physical world. Just because you broke into one refrigerator, doesn't mean you can suddenly drink the beer from all the other refrigerators on the planet.

      OK, we need all scientists working on this immediately.

      Some form of generalized quantum entanglement so that I can have a fridge with unlimited beer.

      Unless it's Budweiser, in which case you can keep it. Unless there's no other beer, in which case it'll do. ;-)

      If we can extend this principle so I can have an infinite supply of pizza, that would be awesome too.

      Can I have that by, say, 4pm? Kthanksbye.

      --
      Lost at C:>. Found at C.
    10. Re:Meh by Mr+D+from+63 · · Score: 1

      In my information world, I still don't care about your beer, only mine.

    11. Re:Meh by Anonymous Coward · · Score: 0

      If you have physical access to an air gaped machine in a secure environment then there are other security problems others then the fact that the computer can be compromised.

    12. Re:Meh by Anonymous Coward · · Score: 2, Funny

      Not mine - whenever I have to access a hard drive, I put it in the microwave (don't worry, I cut a hole in the door for the esata cable) and turn it on while the drive is reading or writing data. The background noise from the microwave obscures the relatively quiet noises made by the drive, and the magnetic field generated by the microwave's magnetron creates a magnetic bubble, or "shield" around the drive, ensuring that remote radiomagnetical analysis cannot penetrate the interior of the microwave and thus steal my important personal data (read: porn). The only problem with this setup is the drive usually stops working after a few seconds - I think this is simply due to the esata cable winding around the drive itself, so maybe if I can remove the turntable spindle from inside the microwave I can solve this minor issue.

    13. Re:Meh by K.+S.+Kyosuke · · Score: 2

      Sometimes people are allowed physical access to terminals to do their job but not allowed to take anything away (always administratively, often technically). This is a Snowden-type scenario.

      --
      Ezekiel 23:20
    14. Re:Meh by Anonymous Coward · · Score: 0

      Sure, but that's the physical world. Just because you broke into one refrigerator, doesn't mean you can suddenly drink the beer from all the other refrigerators on the planet

      No, but once you've broken into the kitchen, you CAN drink the beer from all the other refrigerators IN THE KITCHEN. Did you RTFA at all?

    15. Re:Meh by FatdogHaiku · · Score: 1

      In my information world, I still don't care about your beer, only mine.

      All your beer are belong to us!

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
    16. Re: Meh by Anonymous Coward · · Score: 0

      Gonna try that right now. Where did I leave the drill?

    17. Re:Meh by mjwalshe · · Score: 1

      and sites that use an air gap normally ban smart phones if not phones full stop

    18. Re:Meh by Ol+Olsoc · · Score: 1

      You should consider hiding your beer somewhere safe.

      Way ahead of you. BURP.

      You could always give it to him after you're done renting it.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    19. Re:Meh by plover · · Score: 1

      Do you see the difference between the physical world and the information world?

      No, I don't see the difference. Please explain.

      OK, since this is slashdot, the terms of service require someone to explain it to you using a car analogy.

      The physical world is like a car. Let's say you're thirsty. You get in the car, you turn the key, you engage the transmission, you depress the throttle and use the wheel to steer yourself around. You navigate the roads, avoiding obstacles and making appropriate turns. When you arrive at the bar, you hit the brakes, disengage the transmission, turn off the key, exit the car, go in the bar, buy a beer, and drink it. The information world is exactly the same thing, except there is no car and no beer, and four hours after you realize you haven't gotten anywhere, you're still thirsty.

      Dammit, now I'm thirsty too.

      --
      John
  2. Not that hard to defeat by Primate+Pete · · Score: 3, Insightful

    Keeping the classified material more than 7 meters away from the cell phones doesn't seem like that hard a measure to put in place. Maybe you could put a source of interference near the phone lockers if you wanted extra security.

    1. Re:Not that hard to defeat by PsiCTO · · Score: 4, Interesting

      Most places have a faraday cage in which the classified material and any electronic device accessing the material is houses. If a device leaves the cage, it is handled appropriately and never turned on. Problem solved. Such measures have been used well before Gene Hackman's cage in Enemy of the State :-) Of course, a human mistake is much more likely to reveal the information...

    2. Re:Not that hard to defeat by khasim · · Score: 3, Insightful

      That would work.

      And I think that the summary kind of misses the point of what "air-gapped" means. It does NOT mean that your system is invulnerable. No system is invulnerable.

      It DOES mean that it can ONLY be attacked by someone with physical access to it. Or someone with control of the hardware manufacturing / transportation channels prior to the computer being installed in the secure location. So you're removing potential channels of attack AND reducing the number of potential attackers.

      Now you need metal detectors at the entrances. And "no lone zones" where EVERYONE is accompanied by someone else. Depending upon the level of security that you want.

    3. Re:Not that hard to defeat by TubeSteak · · Score: 1

      Unless you're going to do cavity searches of everyone that goes into a secured area, you're much better off improving the shielding for air-gapped computers.

      In this whitepaper, they infect the air gapped computer with malware and then use the monitor cable as a transmitting antenna.
      Interestingly, they propose infecting workers' phones with malware, making this a potential external threat, as opposed to an insider one.

      --
      [Fuck Beta]
      o0t!
    4. Re:Not that hard to defeat by Solandri · · Score: 1

      Some flight sim software I worked on in the 1990s was going to be used on the USAF's F-16 simulators for training. I got to visit their setup at Wright Patterson AFB. The simulators (full-size realistic cockpits with multifaceted hemispherical projection displays) were housed inside a large room completely encased in metal + lead. The conductive metal to form a faraday cage, and the lead in case there was anything left over trying to find its way out. There were no windows, and the door had to be closed before they'd power any of the equipment on.

    5. Re:Not that hard to defeat by Anonymous Coward · · Score: 0

      I don't get it. Lead is a metal. If you encase everything in lead, what do you need other metal for?

      dom

    6. Re:Not that hard to defeat by Culture20 · · Score: 1

      I don't get it. Lead is a metal. If you encase everything in lead, what do you need other metal for?

      Lead has poor electrical conductivity, so isn't great for a faraday cage.

    7. Re:Not that hard to defeat by bkr1_2k · · Score: 1

      The whole problem with the concept is that in most (every one I've been in the last 20+ years in 4 different countries) secured facilities cell phones or any two way communication device, including 2 way pagers, weren't allowed. Many have electronics detectors mounted on the walls that detect RF emitters in the are. I've personally seen people's cell phones destroyed after forgetting to remove them from pockets.

      The whole thing has been around for over 40 years and been dealt with appropriately throughout that time. This is not a real issue as it requires physical access to at least one device and a breech in existing protocols beyond that first physical access.

      To the person suggesting more shielding, that is an option that is in place but very expensive.

      --
      "Growing old is inevitable; growing up is optional."
    8. Re:Not that hard to defeat by Bob+the+Super+Hamste · · Score: 1

      Probably because it was the military and there was money to spend. The other option was to use what I assume was steel to provide a hardened reinforced structure.

      --
      Time to offend someone
    9. Re:Not that hard to defeat by Lawrence_Bird · · Score: 1

      yes like having the cell phone storage at a security desk where they make sure the phones go in with no headsets.

  3. Tempest by Anonymous Coward · · Score: 5, Informative

    This is nothing new. They've been doing this for decades with Tempest.

    1. Re:Tempest by PsiCTO · · Score: 5, Insightful
      Indeed, referenced in their paper

      [11] W. van Eck, "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?," Computers and Security 4, pp. 269-286, 1985.

    2. Re:Tempest by fibrewire · · Score: 2

      Ahh, you beat me to the post by an hour at least. Which probably means you van-ecked my /. login info and posted this very comment ;)

    3. Re:Tempest by Anonymous Coward · · Score: 5, Informative

      The 'news' is that they also offer techniques to turn off the screen to avoid detection, they developed a (for this purpose working) data transmission method, offer a variety of signal hiding techniques and use it to exfiltrate not images of the CRT or LCD screen itself but modulate binary or textual data with the VGA cable serving as radio antenna while the screen is turned off. Also where before it would probably take somebody a lot of time and devotion to develop hardware for a receiver, the paper on top explains how to turn a cheap Android based phone into one. They also did a working proof of concept. I guess none of it all is in itself 'news'. But the combination of different techniques is an interesting use-case.

    4. Re:Tempest by Anonymous Coward · · Score: 0

      None of that is news, all of this tech exists and has been implemented for 20 years. Ben Gurion advertisement.

    5. Re:Tempest by Anonymous Coward · · Score: 0

      It'd be a pretty real time key logger if it required your screen to be off.

  4. In highly secure facilities... by Anonymous Coward · · Score: 0

    You wouldn't have a smartphone in the first place.

    1. Re:In highly secure facilities... by Eunuchswear · · Score: 1

      I like the idea that you need a smartphone to get information out of a air-gapped computer when you can access the screen.

      What do they think lthe screen is for?

      --
      Watch this Heartland Institute video
    2. Re:In highly secure facilities... by Anonymous Coward · · Score: 0

      So....

      1. Get some USB device (Keyboard/Mouse/USB-Stick) with a custom firmware connected to a secure machine (simple and hard to detect).
      2. Have the USB device execute some code on the secure system(s).
      3. Use a screen to push data to the outside..

      Or maybe
      1. Manufacure installation media with exploits included.. (Quite hard to detect)
      2. Use the screen to push data to the outside.

      Or maybe
      1. Pay someone that works at the factory of the machines to include some bad code in the BIOS. (quite hard to detect)
      2. Use the screen to push data to the outside..

      Or maybe for the more advanced attacks..
      1. Impersonate or get a job as an engineer for HW repairs and bring in something that will execute some small piece of code. (motherboard with a reflashed bios/reflashed expansion card like a raid-controller etc)
      2. Use the screen to push data to the outside.

      Or... use your imagination in getting some code running on a secure system..

      All of these are very hard to detect until it's to late.. And if not discovered it can go on for a long time for a system that is thought of as secure due to being airgap'ed. And attacks of this type are probably done towards a specific victim so it will use custom code that is very hard to detect with any existing malware-scanning tools.. And good luck in trying to scan the firmware of a keyboard or usb-stick, heck the device could even return a "good" firmware when trying dump the firmware.....

    3. Re:In highly secure facilities... by Anonymous Coward · · Score: 0

      You don't need to "access: the screen as in see it. You just need to be able to be able to grab the electromagnetic frequencies coming from it, just as they did with the cables going to VGA screens back in the 80's. You can do it from a distance, and from an angle (behind, etc) where you can't see the screen

    4. Re:In highly secure facilities... by Barny · · Score: 1

      First option is out. Not only do the USB ports get disabled on such machines, but you can't take a USB stick anywhere near them, any more than you could a phone.

      Second option suffers the same "can't get a phone within 10 meters of the machine" that the parent mentioned.

      Third, if you can pay a person with security clearance to do this then it isn't a computer problem.

      Fourth, people who do this work are not as rigorously checked as their workers/software people, but you will note that all the secure places I know of run custom bios firmware that have checksums to stop this.

      Yes, I know people who work at these places, both with clearance (operators and such) and techies that support them, getting to their secure networks/air-gapped networks is not trivial and certainly cannot be done with a USB stick anywhere on your person.

      --
      ...
      /me sighs
    5. Re:In highly secure facilities... by CaptQuark · · Score: 1

      ...and certainly cannot be done with a USB stick anywhere on your person.

      I'm not sure you have seen the smallest USB drives out there. Some are about the size and thickness of the SIM card in your phone. Imagine something near the thickness of a business card and about the same dimensions as the silver end of a USB cable.

      I can think of several places to hide this that won't be searched: Inside a belt, inside a wallet, behind your belt buckle, under your watch, against the inside of wide glasses, behind your ear with long hair, under a bra strap, hollowed-out coin, inside a key fob, inside a neck lanyard, inside any book or paper tablet, inside a pen, cigarette lighter, large fingernail clippers, pocket knife, or inside a spring-wound retrieval on an ID holder. Not to mention shoes, hats, gloves, jackets, scarfs, canes, nor jewelry.

      There is no fail-safe way to keep something so small out of a secure area which is why they continue to epoxy USB ports, disable mounting external storage, and implement "no lone zone" procedures.

      ~~

  5. Van Eck phreaking by Lilith's+Heart-shape · · Score: 4, Informative

    This isn't new. Wim Van Eck did it back in 1985, without a smartphone.

    --

    I write sci-fi for metalheads

    1. Re:Van Eck phreaking by gstoddart · · Score: 3, Insightful

      Was coming to say that.

      Though, I suspect most of us only know about it due to reading the Cryptonomicon.

      But, really, this gives stronger evidence for wearing tinfoil hats and living in a Faraday cage.

      I'm also putting the finishing touches on my tinfoil codpiece ... maybe if it can't hear me it won't make me do stupid things. ;-)

      --
      Lost at C:>. Found at C.
    2. Re:Van Eck phreaking by bill_mcgonigle · · Score: 1

      This isn't new. Wim Van Eck [wikipedia.org] did it back in 1985

      And the spy agencies well before that. I had a high school computer teacher who worked after school at a computer store that just happened to be down the street from a sigint Army base and they had the Compaq franchise for the area - he probably told us way more about the special Tempest-hardened models he had been selling them, in 1987, than he was supposed to. He couldn't help it - the tech was way cool and he was a card-carrying nerd (RIP).

      I always suspected after that that Compaq, like so many other tech companies, got their legs on spook funding. It's funny - I spoke with a former Air Force guy the other day about the same thing and when I mentioned 'Tempest' he had a shudder - in the late 70's, early 80's, that was one of two words you could get shot for saying in his unit (probably figuratively...).

      It is neat, though, that with an SDR and some DSP code you too can be a spy agency for $50 in 2014. Quick, Otterbox, design a $500 case with a 25' long braided copper cable attached!

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    3. Re:Van Eck phreaking by Lilith's+Heart-shape · · Score: 1

      Though, I suspect most of us only know about it due to reading the Cryptonomicon.

      That's how I first heard of it. I thought Stephenson pulled it out of his ass until I did some research.

      --

      I write sci-fi for metalheads

    4. Re:Van Eck phreaking by gstoddart · · Score: 1

      That was definitely my first reaction when I read the book ... then I found out it was real and that kind of blew my mind.

      --
      Lost at C:>. Found at C.
    5. Re:Van Eck phreaking by LDAPMAN · · Score: 1

      I was there in the early 80's. Computer security officer was one of my additional duties at that time. Tempest was a pain in the ass but it was not a secret. There were signs that had to be posted, training that everyone had to have, inspections that had to be done. Power cables had to be separated from data cables and other cables had to only cross at right angles. Lots and lots of paranoia.

    6. Re:Van Eck phreaking by iggymanz · · Score: 1

      funny how "young" readers have that reaction to many things in that book. Those of us born in early 60s just laugh at the all old tricks that still work

    7. Re:Van Eck phreaking by Anonymous Coward · · Score: 0

      Sigh. The tech predates Cryptonomicon - or mr Van Eck for that matter. The "cold war" was all about such things. Listening on telecommunications by grabbing the faint electromagnetical signals from the cables - even buried cables sometimes. The weaker the signal, the bigger antenna array you need. And some fancy electronics.

      Long before desktop computers, the Russians had listening equipment capable of figuring out what was being typed on electric typewriters inside military bases or embassies. This is all so old. These days we have custom chips and miniaturization, so it is no longer necessary to haul the equipment around in a large truck. But it is nothing new.

  6. New meaning to older expression... by ehud42 · · Score: 2

    ... tempest in a teapot ...

    --
    I'm in my right mind and I have the answer to everything!
  7. highly secure facilities by Anonymous Coward · · Score: 1

    If smartphones are allowed, it's not a high-security facility.

    Bringing a smartphone in the secure area should earn you a one-way trip to prison.

  8. I've developed my own... by Anonymous Coward · · Score: 1

    I've developed my own breakthrough method for leaking data from an isolated computer to a mobile phone without the presence of a network.

    It's called "Take a photo of the screen."

  9. this is similar to a tempest/van eck attack. by nimbius · · Score: 0

    As a vector its certainly a curiousity; van eck was commonly practiced by the soviets in the 60's and 70s. most DoD secure work rooms require you to explicitly leave your cellular devices in a lockbox outside of the room. To combat van eck, most monitors ordered for this type of work are also emi tape shielded.

    --
    Good people go to bed earlier.
  10. Been doing it for years by fibrewire · · Score: 5, Insightful

    The correct term for this air-gap horseshit is called a Tempest Attack, and we've been doing it for years... 20 years? 30 YEARS???

    http://en.wikipedia.org/wiki/T...

    1. Re:Been doing it for years by CaptainDork · · Score: 0

      Also, this.

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re:Been doing it for years by Jane+Q.+Public · · Score: 1

      The correct term for this air-gap horseshit is called a Tempest Attack, and we've been doing it for years... 20 years? 30 YEARS???

      No, it isn't. This is something completely different. (Not to mention that Tempest never didn't very well unless you had a boatload of expensive equipment. Amateur rigs sometimes worked, even through a wall... but no more than a couple of feet away.)

      This "air-gap" communication is INTENTIONAL transmission and reception of data. With Tempest, the transmission is unintentional.

      Regardless, before this particular demonstration it was done before at least once with sound.

    3. Re:Been doing it for years by Jane+Q.+Public · · Score: 1

      "never didn't very well" should have been "did not work very well".

    4. Re:Been doing it for years by Anonymous Coward · · Score: 0

      Over 50 years. Attacks against security by inadvertent RF emissions from devices have been known since the 1950's

  11. TEMPEST: A Gentle Introduction For Newbs by Anonymous Coward · · Score: 0

    Begin your research within a search engine by searching for:

    tempest site:cryptome.org
    tempest site:schneier.com
    tempest site:slashdot.org

    It's just the tip of the iceberg, though. Most TEMPEST talk on the net is heavily moderated for some reason, usually ending in people calling you a nut case for even discussing it. Yes, even in light of [some of the] NSA's spying methods.

    If you want to test your mental strength in what may be earnestly exploring or a decent into madness, try the #badBIOStalk:

    https://www.reddit.com/r/badbi...

    It's a lonely place.

    1. Re:TEMPEST: A Gentle Introduction For Newbs by K.+S.+Kyosuke · · Score: 1

      If you want to test your mental strength in what may be earnestly exploring or a decent into madness, try the #badBIOStalk:

      Never trust a computer you haven't built for yourself from SSI and MSI chips! ;-)

      --
      Ezekiel 23:20
  12. Yawn by Reason58 · · Score: 2

    In "highly secure facilities" they are TEMPEST certified, and wireless devices such as cell phones are not physically permitted within the boundary. This is a non-issue.

  13. yes, and you can... by Anonymous Coward · · Score: 0

    Yes, and you can reprogram many of the old VGA cards to output a clean AM or FM band signal, suitable for listening to.

    And you can flash up many more than 18 bits per second onto the screen and capture that on a cell phone camera.

    What next, sending Morse Code by blinking the light on a USB stick? Sending smoke signals by opening and closing the CD drive tray over your ashtray?

  14. Really? by CaptainDork · · Score: 1

    A smart phone 20 years ago.

    --
    It little behooves the best of us to comment on the rest of us.
  15. Time for fiber optical connections by drolli · · Score: 1

    Should fix this problem - unless the super-cheaply designed mainborard and graphica card emit the signal via the ground plane/power line

    1. Re:Time for fiber optical connections by Bob+the+Super+Hamste · · Score: 1

      Would an isolated ground outlet work to eliminate that? This is a real question I don't know but if so at this point it is a non issue.

      --
      Time to offend someone
    2. Re:Time for fiber optical connections by drolli · · Score: 1

      I was referrring to the routing of the power traces/ground planes on the PCB and saving additional EMI filters on the circuit boards. Isolating at the wall would also not help.

  16. Wireless data transfer via the screen? SO 90s! by Anonymous Coward · · Score: 1

    I was doing this with my Beepwear Datalink watch (http://en.wikipedia.org/wiki/Timex_Datalink#Wireless_data_transfer_mode) back in the day... the watch had an optical sensor built into it and you ran software on your PC that made the display go wonky with something like barcodes flying off the screen. You started the software, pointed the watch at the screen, and zingo, it sent your contacts, appointments and whatnot to the watch.

  17. Really old news and currently done today by Anonymous Coward · · Score: 0

    There was a Reddit AMA with a seemingly-credible intelligence pentration expert / "hacker" who described that he had deployed to various places in the middle east and been out in hot areas with people protecting him whilst doing his stuff.

    I asked what he was able to do when deployed with soldiers which he wasn't able to do over the internet from the safety of a base. He didn't respond.

  18. Tempest in a teapot by Anonymous Coward · · Score: 0

    If the teapot and its lid are made of metal, then it will function as a Faraday Cage.

  19. good god this is old technique by iggymanz · · Score: 2

    done deal in the 1980s and subject of a few major computer magazine at the time.

    live long enough and see the same "new" thing being discovered over and over, about once a decade.

    what's next, article about a "picture phone"?

  20. Wow. by Anonymous Coward · · Score: 0

    I guess the old joke that some countries outside of the US are living in the 1980s isn't so outlandish after all.

  21. This just in... by Bill_the_Engineer · · Score: 2

    That same smartphone can be used to listen to "Duran, Duran", "Talk, Talk", "Oingo Boingo", and "Wang Chung"

    Relive the 80s and everyone have fun tonight.

    --
    These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
    1. Re:This just in... by Anonymous Coward · · Score: 0

      ... leave your body and phone at the door ...

  22. PDF by terbo · · Score: 1

    AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones using Radio frequencies - https://cdn.anonfiles.com/1414...

    But now theres an app for that ...

    --
    If you're interested in facts I'll tell you what they are and I'll give you sources - Chomsky on The Big Idea
  23. Not possible where I work by Anonymous Coward · · Score: 0

    The air-gaped computers are in a no-cell device (nor anything with a camera) area.

  24. Elephants. Rooms. by torpor · · Score: 1

    I think the big elephant in the room is more to be found further upstream, in the area of manufacturing. Worrying about software hacks is one thing - not having the faintest absolute clue exactly *what* is inside the chip package is something else entirely. Think its an accumulator bank? Oh sorry, maybe we forgot to mention the harmonic bundles associated with wave guidance within the interstitial distances of the rapidly blinking transistors .. yeah, those can be read from space. With a satellite (or 12).

    The game is over folks, or rather .. the game is on, depending on how you look at it. Until you are capable of investigating and participating, directly, in the sub-assemblies, you will always have a weak back door. Either we, ultimately, become able to assemble our own chips on the desktop, or there will always be a power class: those who can build such devices, and those who can only be ruled by them.

    --
    ; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
  25. Misdirection by RespekMyAthorati · · Score: 1

    I think the "Top Secret" message on the screen is misleading, as places that handle top-secret data are all Tempest shielded.
    The real issue would be where a malicious employee adds the keylogging code
    to a PC used by an IT staff member, which would then allow anyone using their app
    to read anything typed in, including the superuser password.

    Once you have that, you can do pretty well anything.

  26. what to do now... by neatville · · Score: 1

    What, if anything, should those of us with smartphones , laptops etc do when we're out in public? Have air-gap hackings become at all common, yet?

  27. You're just discovering this now??? by Anonymous Coward · · Score: 0

    Late 1970's:

    Computerised (and not-computerised digital) systems and state machines of various types.

    One AM/FM pocket radio

    One earphone or headset

    et, voila!

    you can listen to the systems and tell,
      a) what state they are in
      b) what program is running
      c) what part of the program they're running
      d) identify bugs and errors in the running program
      e) identify which device is misbehaving and how
        f) identify what the operator/user is doing

    and you could even write code to play your favorite songs over your little radio

    etc.

    Those little black nsa crypto boxes installed on marine uh-1 hueys & chinooks were very interesting to listen to.

    black crows...