Securing the client just got very tricky indeed. Imagine all those computers made in China or the US having the ability to transmit passwords to a nearby receiver!
I just wish SafeNet implemented Yubikeys by default
Cyanogenmod/sqrl and have fun (attackers eat your out)
Cellphones can be hacked remotely
There types of articles kill me. Article Tl; dr, “if you’ve already Compromised an air gapped very secure computer, you can pull data off of with a simple cell phone!”…
It’s already compromise. You obviously know what you’re doing and what you want. You also have physical access to it. It sounds as though there is barely enough room to store a moderate length password. Timing would be everything. While I understand it’s a stepping stone attack, these tend to get blown out of proportion.
This almost only make you want to use an Linux live cd. I wonder why Qubes doesn’t have a live cd?
Compromising is one step, exfiltration is another step.
You could easily compromise with an infected USB remotely, now how do you get the info out, it is a crucial step… And to consider that this can be done with FM signals produced by a graphic cards was amazing, and this one in particular is even more mind-blowing.
Linux LiveCD wouldn’t protect against it at all.
Alright. Fair enough. Before reading about stuxnet I would have said plc exploits were pointless too. This round goes to @piluso.
If you have a Linux LiveCD without a (Dash home & Terminal in Linux and no hard disk) somebody is going to have a hard time to install mallware on your system. But it would also mean that you can not update/upgrade anything. But every now and then, just burning a new Linux LiveCD could be the solution to that. http://tour.ubuntu.com/ looks like a install free environment. You can remove or block all usb ports and use the old mouse and keyboard ports.
It would be fun to have an android OS running on the SAFE Network and have that on your phone. A setup like that would give an attacker a real time.
Basically all they showed is that they can make the memory bus transmit RF in a way that can be picked up. The data is minimal, and done right that small data is a key/password. Hell I was doing stuff like this at Uni with microprocessor test designs and an AM radio, Of course the data was even more minimal but we could get a good music tune out of it.
In essence if they can get all the ducks lined up in a row, then they can detect something useful. Mind you they have to get malware on the computer in the first place and bypass the normal security/virus checks done on those computers pre-install and regular checks. Not easy and it would be easier to bribe an employee one thinks.
But still its a proof of a concept and may lead to other hacking avenues. But the concept was investigated with DEC mainframes (Amazing the sounds out of a PDP-10 running the right soft (mal) ware) back in the 60s/70s and yours truly with micros (2650, 6800, 6809 vintage). So unless they can speed things up developing the concept, we will still be hearing about variants of this concept, with similar usefulness.
Stuxnet. Infecting was never the problem.
Right. I was more referencing the fact that I dismissed plc exploits as “near useless” and my thoughts on this. Just because I don’t see a use for it just yet doesn’t mean I won’t read something later on and say “oh wow, hadn’t even thought about using it that way.”