1. 14

  2. 12

    If I understand correctly, the article in El Reg is misleading. The headline and some bits of the article make it sound as if someone can listen in to normal network traffic. I don’t think that’s the case, and even if it is then it shouldn’t matter because anything designed in the last 20 years assumes that the network is untrusted, so anything flowing over the network should be encrypted.

    This is much more interesting as a covert channel. Imagine you have a completely air-gapped network for your sensitive information (as most defence departments do). Someone may be able to sneak a trojan onto it (e.g. by leaving a USB stick in the carpark that some numpty plugs into the secure network), but then what? They can’t exfiltrate this information. With this PoC, they can make any compromised machine transmit secrets (at quite a low data rate) by just sending normal packets. You can then pick these up with an antenna in a van outside the secure area.

    1. 8

      It took nearly a decade and now we have it: The wireless LAN cable.


      1. 1

        More like over two decades!

      2. 6

        Actual paper instead of El Reg spam https://arxiv.org/abs/2110.00104.

        1. 3

          What this shows is that even an unplugged Ethernet cable can radiate energy which is detectable.

          None of this is news to anyone with even basic knowledge of RF. Everything leaks EM radiation. Put a shortwave radio next to a laptop and you will hear keyboard presses on it up to quite a few meters away. Twisted pair will always be more leaky than coax, else it would be used in place of coax in labs. Shielding makes TP less shitty, but clearly there are limits.

          1. 5

            The fact that it leaks EM radiation is not news, the fact that software can control the EM leakage to a sufficient degree to be able to establish a covert channel is news.

            1. 1

              Luckily we have optical

              1. 2

                Except that we don’t have optical, we have opto-electronic and the optical transceivers generate a lot of EM noise and so are still likely to be susceptible to this kind of attack.

          2. 1

            His experimental technique consisted of slowing UDP packet transmissions over the target cable to a very low speed and then transmitting single letters of the alphabet.

            So, not at all like any normal traffic you’d see over ethernet right?