On Sat, Jun 01, 2002 at 08:03:16PM +0200, Ben Nagy wrote: > > For more sensitive stuff, like we're talking about, it's probably a much > different story in terms of equipment required. >
Actually, picking up crt images has become a lot more difficult too and not for any real security reasons. The concerns about EM radiation on the health of people and so forth have made the CRT manufacturers a lot more careful with their designs - those "low emission" monitors are making it harder to pick up TEMPEST stuff. > > . It may have been foolish of me to make assumptions of > sanity about tiny devices made under license by the lowest bidder in > Taiwan. However, I'd still really like to see some evidence - these are > low power devices, often with external antennae. > I think you are right about the commercial grade devices, as long as the noise is not too horrible the design is probably deemed ok... but the outputs of these things is probably at least an order or magnitude greater than leaked signals. If the noise can get onto the outgoing RF signal then it can go a long way. > > That's true, but I still think that laptops with wireless cards should > be running IPSec (or something) clients if they're sending any sensitive > data over a wireless link. Things could well get ugly, though, if the > laptop has a PCMCIA ethernet card and a PCMCIA 802.11b card on top of > each other... > Yep - mind you, even getting a screen image may be easier since that would still be a relatively noisy process. > > Sorry, but I really can't let you get away with quoting "Spycatcher" as > a reference. 8) > Heh, I thought not :-) > However, that overlay of plaintext onto the RF transmission of > ciphertext is _exactly_ the story I got second hand offlist. I wouldn't > have thought it would be on a lower level, though - more likely it would > be tiny spikes or dips on top of the waveform of the main transmission, > wouldn't it? > what you are describing there is pretty much a layman's description of modulation. One would hope that any noise on the signal is at a lower level otherwise your transmitter is not working well. Do not confuse the carrier signal level with the information it bears. > For the real device that would just be ironed out as +/- in > terms of signal, but for someone with a really expensive receiver it > would be effectively the plaintext. > Well the +/- would be heard as a hiss or something if the signal was audible, picking out the noise is a matter of filtering. You can do some marvellous things with the right signal processing, I used to work on things that did signal processing :-) > All this still sounds a little too much like urban legend to me > though... > I know this won't count for much but this makes a lot of sense to me, my engineering and signal processing background makes me believe that the information leakage is real. Whether the information leaked is useful or not is something that, like all tempest, is up to chance but security is all about risk management. >. And if there's only "safe" IP data going into the AP in the first > place then where's the risk? > Yeah - as long as the AP only handled encrypted data then you should be ok.... > The point you make, though, about laptops (or cash registers, PDAs, or > any other single-point installation) brings up problems for that model, > though. For a start, how does one make sure that they send pre-encrypted > data to the wireless card? (probably solveable) And, on top of that, how > do we know that internal cards are shielded well enough that they don't > get some sort of noise sent through to the transmitter? > And here lies the rub - one presumes that you are not just bridging a couple of wired networks... where would the use be in that (unless it was between buildings...), assuming there are some sort of portable devices on the wireless network then there is the chance of leaking some information (be it screen images, network traffic, whatever). My feeling is that the shielding is just good enough to make sure the unit operates when plugged in. > > Sadly, I suspect that nobody that has the equipment to do the testing > required will oblige by making their tests public. > Probably correct. I wonder if DARPA would fund something to look at that or maybe a university thesis? As a starting point a reasonable RF spectrum analyser should give some interesting information. -- Brett Lymn _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
