Found in 1 comment on Hacker News
Ben Gurion is on a win streak in emanation attacks. Neat example with a common culprit: writings on TEMPEST said cellphones within meters of a STU-III telephone compromised it immediately with inadvertant, active attack. This is going in opposite direction with a known attack vector. A nice example of a "known unknown." That wireless devices, cellphones or SOC's, greatly increase risk in EMSEC is even more evident with this. Gotta stay banned in high-security organizations and that presents very tough tradeoffs along with supply chain issues in terms of SOC's. Identifying the hidden functions of SOC's (including analog/RF) is a cat-and-mouse game that rivals the brains that go into software attack and defense from what examples insiders gave me.

Far as EMSEC, I've pushed people in INFOSEC to consider it for a decade. I argued we should because (a) U.S. used such attacks since 1914 w/ Russia using them wisely in Cold War, (b) there's a sizeable industry on defense (TEMPEST) side, (c) most commercial/personal systems were massively vulnerable, and (d) research in possibly hostile countries continued. Supported even more by leaked NSA TAO catalog that features emanation attacks, including one (RAGEMASTER) that looks like my past work. All outside high-security said it was theoretical (despite use by Russia), no evidence/detection of any attacks (how would they lol?), or so rare as to be not important (again, measured how?). Took a while for it to really hit mainstream attention and I'm glad to see people in recent years are finally worrying about a 101-year old attack strategy (emanations).

Ben Gurion's results, past and present, support my case: a new cat-and-mouse game could form on pro side for stealing classified or trade secret information with emanation attacks. Declassified documents on TEMPEST history showed defenders had a hard time for first decade even for passive attacks. The likes of NSA, Russia, Israel, and maybe China are decades ahead of defenders with Israeli researchers innovating the most on attacks. NSA valued it so much, even against allies, that it once diluted its capabilities when sharing with UK and (IIRC) Canada to keep them behind (read: vulnerable).

My recommendation is that research-funding organizations in as many countries as possible start dropping money on their best E.E.'s to recreate those decades of research. Reducing the signal, shielding, masking... all of it for each component that's common in systems. Another easy route, which I used to recommend, was EMSEC safes or rooms with filters on cabling plus the myriad other leaks that crop up (even toilets lol). Seemed to be easier, but not easy, as there were more companies doing it than securing arbitrary equipment operating in the open. We do a ton of research until even our undergrads and amateurs can apply given techniques to solve the problems for boxes, safes, or rooms they own. Maybe. It's quite complicated...

Regardless, these attacks will only get better and for more parties. NSA et al long figured out it was best attack albeit required specialists and sometimes physical presence. Demanded they save it for high priority targets. Attacks with cellphones and interdiction, along with radios in COTS stuff, mean physical presence might not be an issue in future attacks. The game's heating up and defenders got a lot of catch-up to do. I suggest they start by studying the field of electromagnetic compatibility (EMC) [1], books on TEMPEST shielding [2], commercial sector [3], and declassified military documents on similar subjects (some in [4], esp Red-Black).


[2] (An example. Generally, you want author to be TEMPEST certified or have strong background in EMC.)

Free book I just accidentally found on architectural shielding:

[3] (Found this in my bookmarks. Think they were good and helped with self-tests, too. Been too long time, though, so memory is fuzzy & many firms are gone.)


Fresh book recommendations delivered straight to your inbox every Thursday.