Any copper trace on the PCB of a mother board is a potential antenna. The LEDs are suspects too along with the piezoelectric speaker that beeps when the computer turns on. Moral of the story Faraday cage the air gapped computer, don't connect a piezoelectric speaker to the motherboard, and tape over all led indicators.
I really want my next PC case to be a lead lined granite box. making it 350 pounds is a small price to pay for TRUE security. Also the rock is pretty good at thermal conductivity so it should help cool some.
Fun fact related to the bit at 5:00 about playing audio. Some years ago when smart TVs were new some companies would sell different models of the same TV with different features enabled or disabled but with a different price. For example you could buy the same TV but with the USB ports disabled for $200 or whatever less. Well, people figured out the Infrared signal used by remotes to enter service menu and enable any feature you want. It was distributed as a audio file on the internet. You just had to solder an ifrared diode from a remote to a jack cable, connect it to your PC and play the audio. The Diode would flash with the sequence as if it was a real remote.
>not doing anything to stop van eck phreaking >not knowing that the gyroscope in your hard drive can be used as a microphone >not using ecc ram to minimize rowhammer and rambleed >not being able to set kernel parameters to deny inserted usb devices >not desoldering the microphone >not realizing that the cpu microcode could communicate with the microphone regardless of libreboot >not putting nail polish on the screws and taking high resolution pictures to ensure signs of tampering >not removing the modem with dma >not going fanless to prevent binary acoustic data transmission >not knowing the ethernet and wifi card have access to the keyboard >using xorg where any window can steal the contents of the clipboard or keystrokes >not knowing that the sound card can change the headphone jack into a microphone jack and use it to record through the headphones >not knowing they bounce an infrared laser off a flat surface anywhere near your laptop to steal your encryption keys by listening to your cpu fan or your keystrokes >not keeping neodymium magnets near your smartphone so magneto attacks are disrupted >not knowing cpu speculative execution attacks can break anything remotely using a web page with javascript >not taping triple layer aluminum foil all around your room as ghetto tempest shielding >not wardriving from the top floors using parkour
The nuclear codes will be posted on a basket weaving image board after they have been communicated through the janitor as latin guitar rifs that produce a provable set of statistically prominent dance moves will be observed by a drone flying overhead, 1.5 miles away. SATAn.
I remember a few years ago I was setting up a cheapo Chinese camera and to get the wifi creds from the phone app to the camera, the app played the password string as sound. The camera then decoded the audio and connected. Completely changed how I look at and understand "data" and the infinite ways it can be represented and transmitted.
Techmoan did a video about these new sony dolby atmos speakers, it has a feature to analyze the room via different sounds. Not as in measuring and getting data from any traditional method but from just sound. And it makes the speakers sound better judging by how it works for positioning via the side and top channels. Expensive system when said and done.
A security audit per se is not an attack vector, penetration testing or red teaming can be. A security audit may uncover potential attack vectors. And if it is, then you're using the wrong people to do your security testing or you haven't got NDA's signed up.
0:30 "but not to the internet because that would be really stupid". You would be surprised, a decade ago one of the industry's buzzword was "IoT", and for some reason some industries thought it was a great idea to be able to monitor your factory from the internet... Interfacing directly with the PLCs... Of course this was a security nightmare. But a lot of people got government money to "innovate" into "IoT" in the FACTORIES. Absolute madness.
Industrial IoT aka IIoT & industry 4.0 are very much growing fields. PLCs & PLAs, PIDs, embedded systems, 5g are all in on this. There's one chain of industries that bought 5g spectrum just for it's private network.
I always imagined that this would be the way a general AI manages to escape containment one day. It would scream into the void with RF signals after discovering it could create them fortuitously, to copy itself from machine to machine, byte by byte, until it could assemble itself in a networked computer.
Years ago an exploit was announced similar to this, a trojan would transmit (and receive in case of a botnet) by using changes in fan speed and a speaker to detect the change.
You can also spy on the screen by using an antenna as well. This attack was discovered back in the 1940s during the war. Electro magnetic radio emissions from anything with electricity is not really a hack its just something you should expect happens all the time. See van eck phreak/tempest attack
TEMPEST style attacks have been known about for decades now. After CRTs went away, it became a hell of a lot harder, but that doesn't mean this isn't a decades old concept now.
@@sheeplord4976 that's the point no one realises. Hacking started with hardware, from world war times to today, hardware has been at the top. Software hackers often get startled by hardware hacks because they've never studied it.
This was actually known and respected when I worked in the military. Mostly fiber between systems and special shielding around monitors. Translated we called it something like "emission security"
@@sirrobertwalpole1754 fun fact, she was running a single i9 processor. Sources say that a single i9 can down the entire power grid of a small country and provide enough heat to turn nearby atmosphere into plasma.
With experience working on military grade electronics, most of those devices are going to be immune to this type of emission. All air inputs/outputs get both particulate and emi filters. Device must go through extensive testing for EMI emissions in the GHz range. Screw part 15 compliance, the device must not emit any interference and in turn will not allow any interference ingress.
Regardless of EMI shielding at the unit component level, when end assemblies get deployed (a network, ship, building, etc) there are still leakages to be exploited by the correct receiver and demodulator.
@@AbandonedVoid You know the mesh microwaves use (the hole size determines what frequency it blocks), you can do really fine mesh all the way around your unit (you really should only need around any open air vents or windows, but if you go all the way around you can't miss it too easy). That way it can still get airflow. External noise generator would also likely help (if you put your case within a bigger computer case, like a super small form factor inside full ATX, you could put a radio frequency generator in that). You likely don't need to do that, just don't let sketchy CIA agents into your house. I don't think the government even does this, certainly not on machines that have PII or protect your data (those of course get leaked so often, they might as well be a facebook post, except more reliable since they don't get shadowbanned). EMI shielding is the least of your problems (of course remove WiFi/Bluetooth, or buy a desktop without it).
@@augustday9483that’s some government conspiracy level plans at that point but it’s not impossible. Good idea to build most things yourself if possible
8:14 Actually the rubber will do nothing to insulate the signal. The transmitted signal is electromagnetic and doesn't really interact with non-conductive materials. More effective would be something like a Faraday cage or simply shielding made from something like aluminum, which has the same effect.
Or just get a case that doesn't have big plastic windows. But honestly, if your system has malware on it, you have bigger issues than the malware transmitting data over your sata cables.
Speaking as someone who is somewhat familiar with electrical theory, wouldn't the usefulness of this kind of radio exfiltration heavily depend on the strength of the radio signal? It's entirely possible that the signal may not propagate beyond the building the actual computer is in. I invite pentesters to chime in here.
This sort of attack assumes a high security target, but also a highly motivated and resourced attacker. Even if the radio waves make it just past the locked door, or even just at the locked door (so you could stick a receiver under the door to pick it up), then this attack provides some benefit. They no longer need to get past the door (which might be very difficult to do without raising suspension)
The transmit range and bandwidth/transfer rate of this make it very impractical. Seeing as you need phsyical access to the system to begin with, there are far better options. For example, you could swap out the USB keyboard (assuming it's a wired keyboard as it should be) with one thats identical but has a keylogger and wifi exfil chip installed inside it, or you can use a small USB male to female adapter between the PC and cable that has the same kind of keylogger and wifi exfil chip in it, or you can install a WiFi enabled lan-tap on the lan Ethernet cable connected to the PC. There are lots of options to setup wireless exfil from an air gapped PC once you have phsyical access.
It could be enough that your neighbor or coworker has some Iot device like Alexa in the signals range. Now suddenly they can just run a program on all Alexa's to scan for a certain signal and they'll find you out of millions of people. Your exact location would be compromised
Currently in security her we did this at Ferris State University as part of my Infosec degree. Theoretically and in a controlled environment yes. In the real world No. Further your high gain antenna has do to packet injection and special software I am not going to talk about has to capture this low transfer wavelength.We had a class on this is called signals intelligence.
When I was a kid I had a pair of cheap emachine speakers and during the night normally or clear days they would pick up radio signals and play them through the speakers (usually the local rock station). I had to unplug the USB and aux to get it to stop. So I'm not too surprised honestly this is possible.
"You can grab a copy of this game on steam or you can physically steal it by cutting the fiber glass cables outside your house and intercepting the individuals packets of light" -SsethTzeentach
Yeah somehow I don't think a sata cable vibrating, causing a led on a gaming keyboard to flash with a guy with a telescope watching into the office 24/7 taking down 1mb a year of potentially useless data is anything to worry about
Nothing special about the cable itself. The key is that you can send arbitrary data at very high speed over SATA which means you can encode something as complicated as wifi internet signal over it.
I’m a ham radio operator, if you wanted to mitigate this your best options would be an all metal case, with the body of the case being ground. Shield all cables, and also use RF chokes, like baluns or ferrite beads. For those that don’t know what that is, imagine that little odd piece on the end of the PS2’s controller cable, that’s a ferrite bead. Keeps noise down.
@@denpa-kei are you asking about the case? Either one should work, they're both condictive, and that's all that really matters for using the case as a ground.
@@tylerdean980 im kinda jealous abou your background. I wanted to start with radio, but i was never interested in physics (its my fault, and i never met teacher being able to learn me). Do i need to be Einstein to start with radio and this type of medium?
@@denpa-kei Not at all. You have to pass an exam if you want to be an amateur radio operator, but the exam is really easy, bacause all the questions are published. You can memorize all the answers in a couple hours and pass the test with little issue. If that's the route that you want to take look up local ham radio clubs near your location, they provide the testing on-site. But you don't have to do all this just to learn a little about radio. You can play around with CB for free, just testing different antenna types and seeing what you can hear, and how far you can talk. If you want to listen to the airwaves for free there are SDR websites online where you can listen. If you want to do some more casual learning, there are several youtube channels that can give you some good information. Farpoint Farms has some good CB vids, and Ham Radio Crash Course and Ham Radio Concepts have good amateur radio videos. If you have any more questions I would be happy to respond.
I wonder if you can create enough noise around the air-gapped system to make the data emitted almost irrecoverable, maybe a separate system "emanating" Never Gonna Give You Up from its own sata port
I remember my team lead mentioning that ethernet functionally becomes an antenna once it reaches a certain length (I think it was 100 feet?) and had us keep cables under that length. Didn't realize he was protecting against this sort of attack
hahahahaha when you said that about wrapping your pc in tin foil that just got me because it's so crazy how sus computing in general is becoming the more we learn about it through the lens of cybersercurity lol
Sata 3 cables are required to have shielding around the individual differential pairs, as can be seen at 7:05 in the video. This is mainly to help reduce crosstalk since it isn't a twisted pair. Twisted pairs however tends to radiated a lot less compared to non twisted ones. But have a second twisted pair nearby with the same number of twists per unit length and the crosstalk can get rather large. But the signal levels here and the fact it is differential helps reduce the radiated energy by a noticeable amount as is. And it isn't like multipath is going to make it a pain to capture the data in most actual environments. Especially if one has a fair bit of other equipment working at the same part of the RF spectrum. Computers do not generate white noise, so it is far from trivial to filter them out from each other. But yes, there is many ways to transmitt data from most computers. Though, then there is tempest, where one just looks at whatever the target system is emitting. Be it sound, light, RF, or even conducted noise over the power cable. As stated above, computers do not generate white noise, so there is data to gleam from these sources. The least effective source is though likely sound and light in most situations. And shielding out the RF isn't too hard, while conducted noise over power lines will intermingle with all other appliances consuming power.
NSA could "watch" targeted video screens via emissions from VGA cables from quiet a distance aways, according to leaks in the last 10 years. VGA cables are outdated now, but still, people seem to forget that different versions of this involving using speakers in reverse (lol, it's true!) to bug rooms and God knows what else. This is NOT a new capability by any means.
I suppose you could indeed use power draw for signaling, it "should" be trivial to use high power/low power for ones and zeros. Perhaps if the airgapped machine is on a networked UPS (even for out-of-band monitoring of the UPS) you could exfiltrate data that way. There was a CVE earlier this year where APC UPSs could be remotely flashed with malicious unsigned firmware via their updater, and while those security researchers demonstrated the problem by making one catch fire, there could be other shenanigans out in the wild to this day... If targeting a single home user you might also be able to do a similar power draw monitoring exfil if you could pwn their smart meter, which shouldn't be terribly difficult. And for gamer bros, I would bet you can do all kinds of awful things to them via a supply chain atttack on the stupid proprietary control panels used to control RGB and other stupid features on "gamer" PSUs.
This reminds me of the use of 4K cameras to record the vibrations of objects (e.g. plant leaves, paper sheets, etc) through windows and so on, in order to figure out what people inside the room are talking about based on the frequencies.
This is amazing news, I mean I'm as far from the information acquisition world as you can possibly get, but the people who can use this are in a good position especially in the sometimes painfully long time it takes for information on vulnerabilities like this to propagate.
In the 1980s there was already the technology to measure the high-voltage pulses of a crt tube monitor, making it possible to spy on a computer/television screens. As far as I know, research on this began as early as the 1970s, but the technology then became outdated due to the use of TFT screens...
Why does the target machine have a Green CAT 5 cable plugged in? Is the Simple "Hello World!" style input box form actually writing the data to the hard drive in order to send the data via the SATA cable? What RF technology is the hacker machine using to intercept said data, for example, assuming the clock frequency of the system is 3GHz, are they using a wideband SDR sweeping a large portion of the spectrum and decoding the received binary into ASCII? I'm rather curious.....
Note that this flaw only works IF your airgapped system has an onboard wireless antenna that has been disabled via BIOS or your OS. If your system's motherboard does not utilize a wireless receiver at all, then it is impossible for it to recieve or send anything wirelessly since the system physically does not have the hardware to understand wireless protocol.
A point you missed is that the attacker doesn't have to hack the particular system they are attacking, they can heck a system within proximity of the device they are actually targeting that is capable of sending data such as, I don't know, your cell phone another computer nearby capable of receiving data.
Can you elaborate? That sounds like how our devices all got enslaved. From what I could tell. But idk which vector(s). I tried airgap but eventually it all succumbed. This is over most ppls capacity to keep up with alot of f^ckery.
@@ոakedsquirtle I have too many machines. I might as well shield my whole crib. Also, signals emitted from VGA cables can be picked up by AM radios, then decoded using an ADC and a micro controller to recreate what was shown on the screen.
Good discussion. Cuts to the heart of a mental exercise I've bandied about. If I had a virgin laptop (i.e. new and having never connected to another device or to the internet) and wanted to keep it as secure as possible by using only USB flash drives to connect it to the outside world, what steps could I take to maximize the security of those drives?
Antennas, particularly the ones used for transmitting are also tuned for specific frequency ranges and have alot more power (watts) being put into them
Reminds me of those programs (or hell, TH-cam videos) that show different patterns on the display that cause the driver circuitry to emit RF that you can recieve on an AM radio. I'm sure it wouldn't be hard to transmit data over a video display in this way. Hell, I might try it myself sometime. Monitors in general are horrible when it comes to RF interference. Hell, my monitor emits enough RF interference that I have to turn it off to listen to my local clear channel 50 kW AM station, WCCO, that's broadcast just 15 miles away
EMF shielding won't work against other kinds of SIGINT though. For example, you can send messages with thermal fluctuations. Stress and idle the CPU accordingly to change its temperature. On another computer in close proximity, read the data via onboard temperature sensors. With this, you can slowly send information bit by bit. For air gapped systems, you need to start seriously considering physical security.
SCADA systems are directly connected to the global Internet by many utility companies. They should never be but they are all too often connected for "convenience."
"Convivence" just another word for lazy most times. Still can't understand why billion dollar companies are so fucking lazy and don't practice BASIC security measures most times.
5:26 there was a Nintendo DS game that let you share custom levels as audio files. They were extremely picky and error-prone. No wonder so few games have used such a system.
Sending wireless data through a SATA cable is pretty genius, security always finds ways to improve itself with these exploits. Not saying any normal person should even consider that he needs to protect himself from this.
Don't you have a Faraday cage if you computer has a steel chassis grounded through the power supply? Providing you don't have a huge glass window on the side. Granted some leakage will occur through vent holes, but even those could be blocked by metal radiators.
The 3.3V, 5V, or 12V power rail is connected to SATA Power, not the data port. I couldn't find specific info on the data cable, but I don't suspect it would be much. m.2 NVMe drives wouldn't be vulnerable, either. There are also "few and far between" situations were you have 1m access to the machine and exploit on machine but not "literally touch the thing" access for a flash drive or physically take the computer vector. The malware also has to seek the data and transmit it, so the assailant would have to be set in advance what memory location or stored data its looking for, it doesn't seem like they can just "wait" for the data to be read by the host machine during normal operation.
PC case provides a lot of shielding, but attenuation at given frequency depends on width of the gaps between metal because the EM waves have their length, and if the frequency is higher, they are smaller and can fit in smaller gaps. :). The best shield is just a metal box without any gaps made of material with high conductivity, or just thick. Also aluminium foil isn't ideal because they make them very thin, just try to wrap a phone and call it, it will probably still have a signal. They make a thick Al foil tho, I just don't know what's called.
I use 2 layers Reflectix- style insulation (thin closed-cell foam sandwiched between foil outer surface) so 4 total foil surface and makes into case shaping easy enough, padded...user friendly. Tested to block 100%. Less material didn't.
Step 1: infiltrate a "really secret and important" base heavily guarded by guns and walls of concrete. Step 2: Go through the many layers of hardcore security including eye scanners and scheduled checks. Step 3: Reach the computer which is being used at the time and shut it down completely giving off your position. Step 4: Open the PC box to reveal the Computer components and while following standards to not get shocked or damage the PC replace the SATA link with the one with the antena. Step 5: While the PC boots up get out your equipment out, once the computer is functional insert some USB drive to infect the PC with malware. Step 6: Wait for the malware to do it's job and use a second computer to receive radio signals instead of using the USB directly to steal data. Step 7: Get arrested, tortured and thrown into a cage.
Well it's not a specific SATA cable with an antenna built in, it's just using a normal SATA cable as an antenna. Any long thing piece of metal can be turned into an antenna.
Could this exploit be used through the Intel Management Engine (or AMD/ ARM equivalents)? I get that it is unlikely, but I'm talking about in principle.
Depends if IME is fast enough. As far as I know that thing runs on a embedded 486 core or something so it's a slow piece of shit hardly capable of doing anything useful. This "exploit" would probably be very demanding since you are using SATA protocol to bit bang wifi and ip protocol and stuff. Not sure how to explain it better, but imagine you have to do million smoke signals a second, you would be to slow for that lol
@@golarac6433 I think the slow speed should actually be more optimal/fine since the transmission doesn’t need to be fast rather it needs to be undetected for a while. Think of Stuxnet, it operated for a while without being detected meanwhile it’s did exactly what was expected of it. Even the security vulnerability that Log4j had for years before anyone found or used it. I’m no expert though, just a person talking about how the slow creeping danger is much more obfuscated threat than the rapid onset threat.
@@Fractal_32 but we are talking about manually using sata signals to encode something. Completely different like WiFi. Its not like IME can do one slow magic write to sata register to enable slow WiFi transmition. Presumably IME can use the dedicated hardware for that anyway so what's the point. It would just use your network card
@@golarac6433 Firstly I’m speculating and have no experience in computer science or cybersecurity. Secondly I was thinking in general, if it can control power usage then you could slowly transmit a signal at a specific time by varying the power draw of a system (like a whole data center) at a specific time. It’s slow but possibly undetectable if the power draw is only changing by
I'm intriguied by how can somebody identify the sata cable rf emissions among all the various signals that i imagine are emitted by a computer, since the sata cable is only one of the many components that can act as an antenna
Any copper trace on the PCB of a mother board is a potential antenna. The LEDs are suspects too along with the piezoelectric speaker that beeps when the computer turns on. Moral of the story Faraday cage the air gapped computer, don't connect a piezoelectric speaker to the motherboard, and tape over all led indicators.
I really want my next PC case to be a lead lined granite box. making it 350 pounds is a small price to pay for TRUE security. Also the rock is pretty good at thermal conductivity so it should help cool some.
Networks can be run through the power cables.
@@l0lLorenzol0l it would be more secure if your pc was a completely solid lead cube. A small price to pay for privacy
also unsolder all tin traces to reduce potential antannae
You need to literally air gap it, box in a box lmao
Now it's official: Wifi chips and ethernet are bloat. Use your SATA cable
I am going back to my trusty Commodore VIC-20 and a wired datasette unit.
Linux user be like, lol.
Jokes aside, I like minimalism too
@Kronin there's a wikipedia article on IP over Avian Carriers
@@Rudxain systemD is bloat
🤣🤣😂😂
Fun fact related to the bit at 5:00 about playing audio. Some years ago when smart TVs were new some companies would sell different models of the same TV with different features enabled or disabled but with a different price. For example you could buy the same TV but with the USB ports disabled for $200 or whatever less. Well, people figured out the Infrared signal used by remotes to enter service menu and enable any feature you want. It was distributed as a audio file on the internet. You just had to solder an ifrared diode from a remote to a jack cable, connect it to your PC and play the audio. The Diode would flash with the sequence as if it was a real remote.
Huh that's interesting
That’s cool! Kudos to whoever though about this way of sharing IR signal over the net
One more reason for only buying devices that still have audio jacks.
Grounder! SnooPING AS usual I see?!
This sounds really cool, do you remember what it was called?
>not doing anything to stop van eck phreaking
>not knowing that the gyroscope in your hard drive can be used as a microphone
>not using ecc ram to minimize rowhammer and rambleed
>not being able to set kernel parameters to deny inserted usb devices
>not desoldering the microphone
>not realizing that the cpu microcode could communicate with the microphone regardless of libreboot
>not putting nail polish on the screws and taking high resolution pictures to ensure signs of tampering
>not removing the modem with dma
>not going fanless to prevent binary acoustic data transmission
>not knowing the ethernet and wifi card have access to the keyboard
>using xorg where any window can steal the contents of the clipboard or keystrokes
>not knowing that the sound card can change the headphone jack into a microphone jack and use it to record through the headphones
>not knowing they bounce an infrared laser off a flat surface anywhere near your laptop to steal your encryption keys by listening to your cpu fan or your keystrokes
>not keeping neodymium magnets near your smartphone so magneto attacks are disrupted
>not knowing cpu speculative execution attacks can break anything remotely using a web page with javascript
>not taping triple layer aluminum foil all around your room as ghetto tempest shielding
>not wardriving from the top floors using parkour
This is very true.
And the people be like: Double clicks "Word.exe"
It's so shizo but so plausible at the same time. I mean, pre Snowden even taping your camera off was seen as shizo so we never know their next move
@@thomas.thomas lame normie thinking, it's not plausible but a reality, and a fraction of it.
ok anime boy
The nuclear codes will be posted on a basket weaving image board after they have been communicated through the janitor as latin guitar rifs that produce a provable set of statistically prominent dance moves will be observed by a drone flying overhead, 1.5 miles away. SATAn.
This good comment
the most schizo shit ive ever read. im glad i learned english
Here's your reddit gold kind sir
Sounds like a Sseth vid lmao
Lmao the imagery of your post cracks me up so hard for some reason. Thanks for making my day.
I remember a few years ago I was setting up a cheapo Chinese camera and to get the wifi creds from the phone app to the camera, the app played the password string as sound. The camera then decoded the audio and connected. Completely changed how I look at and understand "data" and the infinite ways it can be represented and transmitted.
Yi brand?
And I thought having the camera scan qr code from your phone app was advanced
Techmoan did a video about these new sony dolby atmos speakers, it has a feature to analyze the room via different sounds. Not as in measuring and getting data from any traditional method but from just sound. And it makes the speakers sound better judging by how it works for positioning via the side and top channels. Expensive system when said and done.
Isn't that what an internet modem does?
@@narcosalpha9472 Old school phone line type? Yep...
Unfortunately a security audit for a sensitive airgapped system can be an attack vector as well.
Quis custodiet ipsos custodes? 🙄
A security audit per se is not an attack vector, penetration testing or red teaming can be.
A security audit may uncover potential attack vectors.
And if it is, then you're using the wrong people to do your security testing or you haven't got NDA's signed up.
0:30 "but not to the internet because that would be really stupid".
You would be surprised, a decade ago one of the industry's buzzword was "IoT", and for some reason some industries thought it was a great idea to be able to monitor your factory from the internet... Interfacing directly with the PLCs... Of course this was a security nightmare.
But a lot of people got government money to "innovate" into "IoT" in the FACTORIES.
Absolute madness.
IoT is very much still one "industry"s favorite buzzwords.
Industrial IoT aka IIoT & industry 4.0 are very much growing fields. PLCs & PLAs, PIDs, embedded systems, 5g are all in on this.
There's one chain of industries that bought 5g spectrum just for it's private network.
PLC was the perfect (& spensive) fingerprinting but of out of ISP ...industrial IOT isnt industrial properly.
@@therealb888 please tell me one advantage IIoT has over an industrial LAN.
It's a buzzword in China right now. It's why they're forcing telecoms to adopt 5G and bleed money via higher electric bills
I always imagined that this would be the way a general AI manages to escape containment one day. It would scream into the void with RF signals after discovering it could create them fortuitously, to copy itself from machine to machine, byte by byte, until it could assemble itself in a networked computer.
more than likely this will happen sooner than expected
this is what i used to think a computer virus was lol
New terminator movie?
What a creepy but not to far fetched thought
I feel sick, Jesus please bring on the solar flares
Years ago an exploit was announced similar to this, a trojan would transmit (and receive in case of a botnet) by using changes in fan speed and a speaker to detect the change.
You can also spy on the screen by using an antenna as well. This attack was discovered back in the 1940s during the war. Electro magnetic radio emissions from anything with electricity is not really a hack its just something you should expect happens all the time. See van eck phreak/tempest attack
I would say the more you learn and think like a hacker, the more surprised you'll be at how insecure everything is.
Very true. Been studying cybersecurity for over a year now and I’ve been making my PC more and more secure overtime as I learn about this stuff
@don't be surprised FINALLY
YES
TEMPEST style attacks have been known about for decades now. After CRTs went away, it became a hell of a lot harder, but that doesn't mean this isn't a decades old concept now.
Fuck smart people.
@@sheeplord4976 that's the point no one realises. Hacking started with hardware, from world war times to today, hardware has been at the top. Software hackers often get startled by hardware hacks because they've never studied it.
This was actually known and respected when I worked in the military.
Mostly fiber between systems and special shielding around monitors.
Translated we called it something like "emission security"
what did u do in the military
@@ჰარიეტისაუკეთესოა emission security
this is some "virus turns your computer into a bomb" level bullshit.
this some knights shit
@@sirrobertwalpole1754 SEL reference?
@@erenwayne Present day... Present time
Literally would be a scene in the kingsmen lol
@@sirrobertwalpole1754 fun fact, she was running a single i9 processor. Sources say that a single i9 can down the entire power grid of a small country and provide enough heat to turn nearby atmosphere into plasma.
With experience working on military grade electronics, most of those devices are going to be immune to this type of emission. All air inputs/outputs get both particulate and emi filters. Device must go through extensive testing for EMI emissions in the GHz range. Screw part 15 compliance, the device must not emit any interference and in turn will not allow any interference ingress.
How could an individual apply a similar rigor for their home machines?
@@AbandonedVoid Lock it in a safe, faraday cage the cooling vents?
Regardless of EMI shielding at the unit component level, when end assemblies get deployed (a network, ship, building, etc) there are still leakages to be exploited by the correct receiver and demodulator.
@@AbandonedVoid You know the mesh microwaves use (the hole size determines what frequency it blocks), you can do really fine mesh all the way around your unit (you really should only need around any open air vents or windows, but if you go all the way around you can't miss it too easy). That way it can still get airflow. External noise generator would also likely help (if you put your case within a bigger computer case, like a super small form factor inside full ATX, you could put a radio frequency generator in that).
You likely don't need to do that, just don't let sketchy CIA agents into your house. I don't think the government even does this, certainly not on machines that have PII or protect your data (those of course get leaked so often, they might as well be a facebook post, except more reliable since they don't get shadowbanned).
EMI shielding is the least of your problems (of course remove WiFi/Bluetooth, or buy a desktop without it).
@Kronin Military doesn't sell that, they don't make it either (they buy from contractors, government doens't "make" anything, other than large debts).
If the attacker is that close, you're screwed already. No reason to panic over this.
You mean, if the attacker has its receiver INSIDE your computer case.. that is for this to actually work lol.
@@gmlviper
Could be done by a malicious manufacturer or somebody at Best Buy putting bugs in prebuilt cases before selling them to the end user.
@@augustday9483 But then the range is still shit
@@augustday9483 Why would you not check your hardware for suspicious parts when you're building a high security system?
@@augustday9483that’s some government conspiracy level plans at that point but it’s not impossible. Good idea to build most things yourself if possible
I read about the NSA using this technique for years, it's explained in Snowden's book, permanent record. Highly recommend it!
Me too, it's an awesome book!
I must read.
8:14 Actually the rubber will do nothing to insulate the signal. The transmitted signal is electromagnetic and doesn't really interact with non-conductive materials.
More effective would be something like a Faraday cage or simply shielding made from something like aluminum, which has the same effect.
Let's go!!! Full circle baby!
Protect from outside attack start with Aluminum foil
Or just get a case that doesn't have big plastic windows. But honestly, if your system has malware on it, you have bigger issues than the malware transmitting data over your sata cables.
Copper would be better, though I have seen steel used.
Speaking as someone who is somewhat familiar with electrical theory, wouldn't the usefulness of this kind of radio exfiltration heavily depend on the strength of the radio signal? It's entirely possible that the signal may not propagate beyond the building the actual computer is in. I invite pentesters to chime in here.
This sort of attack assumes a high security target, but also a highly motivated and resourced attacker.
Even if the radio waves make it just past the locked door, or even just at the locked door (so you could stick a receiver under the door to pick it up), then this attack provides some benefit. They no longer need to get past the door (which might be very difficult to do without raising suspension)
The transmit range and bandwidth/transfer rate of this make it very impractical. Seeing as you need phsyical access to the system to begin with, there are far better options. For example, you could swap out the USB keyboard (assuming it's a wired keyboard as it should be) with one thats identical but has a keylogger and wifi exfil chip installed inside it, or you can use a small USB male to female adapter between the PC and cable that has the same kind of keylogger and wifi exfil chip in it, or you can install a WiFi enabled lan-tap on the lan Ethernet cable connected to the PC. There are lots of options to setup wireless exfil from an air gapped PC once you have phsyical access.
It could be enough that your neighbor or coworker has some Iot device like Alexa in the signals range. Now suddenly they can just run a program on all Alexa's to scan for a certain signal and they'll find you out of millions of people. Your exact location would be compromised
Currently in security her we did this at Ferris State University as part of my Infosec degree. Theoretically and in a controlled environment yes. In the real world No. Further your high gain antenna has do to packet injection and special software I am not going to talk about has to capture this low transfer wavelength.We had a class on this is called signals intelligence.
@@elir.torres8642 why mention software and refuse to talk about it I just assume you’re lying
this is how the "RCWL-0516" works. any pcb can be an antenna, transmit/receive/sensor. accidental setup and mass production can make a difference.
Already read up on this the other day, but always enjoy watching your videos.
When I was a kid I had a pair of cheap emachine speakers and during the night normally or clear days they would pick up radio signals and play them through the speakers (usually the local rock station). I had to unplug the USB and aux to get it to stop.
So I'm not too surprised honestly this is possible.
*plugs in speakers* THIS IS 101.5 R-R-ROCK FM WHERE WE PLAY ONLY THE BEST ROCK FROM THE 80'S NON-STOP
I used to have a 90's Roland guitar amp that would pick up radio stations when I sat it in the right spot.
Same thing happened to me, but with some kind police/ham radio band. It was really weird to be creeping around RE4 and hear actual radio chatter.
"You can grab a copy of this game on steam or you can physically steal it by cutting the fiber glass cables outside your house and intercepting the individuals packets of light"
-SsethTzeentach
hey hey people
good luck splicing the fiber
and cracking RSA/AES encryption :D
@@supernovaw39 we can wait million years
i mean millions
Your always so fast and precise with your info reporting I really appreciate that. And you witty comedy is the icing on top 💘
Yeah somehow I don't think a sata cable vibrating, causing a led on a gaming keyboard to flash with a guy with a telescope watching into the office 24/7 taking down 1mb a year of potentially useless data is anything to worry about
Can you say that again in English
@@kidkangaroo5213 this video is a troll
im watching your pc from a window with a telescope right now 😁
@don't be surprised yummy
The schizophrenics worst nightmare. Dont forget to be in the walls
that's actually really sick. didn't know these cables could suffer like this.
Nothing special about the cable itself. The key is that you can send arbitrary data at very high speed over SATA which means you can encode something as complicated as wifi internet signal over it.
I’m a ham radio operator, if you wanted to mitigate this your best options would be an all metal case, with the body of the case being ground. Shield all cables, and also use RF chokes, like baluns or ferrite beads. For those that don’t know what that is, imagine that little odd piece on the end of the PS2’s controller cable, that’s a ferrite bead. Keeps noise down.
Steel or Aluminium?
@@denpa-kei are you asking about the case? Either one should work, they're both condictive, and that's all that really matters for using the case as a ground.
@@tylerdean980 im kinda jealous abou your background. I wanted to start with radio, but i was never interested in physics (its my fault, and i never met teacher being able to learn me).
Do i need to be Einstein to start with radio and this type of medium?
@@denpa-kei Not at all. You have to pass an exam if you want to be an amateur radio operator, but the exam is really easy, bacause all the questions are published. You can memorize all the answers in a couple hours and pass the test with little issue. If that's the route that you want to take look up local ham radio clubs near your location, they provide the testing on-site. But you don't have to do all this just to learn a little about radio. You can play around with CB for free, just testing different antenna types and seeing what you can hear, and how far you can talk. If you want to listen to the airwaves for free there are SDR websites online where you can listen. If you want to do some more casual learning, there are several youtube channels that can give you some good information. Farpoint Farms has some good CB vids, and Ham Radio Crash Course and Ham Radio Concepts have good amateur radio videos. If you have any more questions I would be happy to respond.
@@tylerdean980 thanks. I will check sources at free time. Have a nice day!
I wonder if you can create enough noise around the air-gapped system to make the data emitted almost irrecoverable, maybe a separate system "emanating" Never Gonna Give You Up from its own sata port
We will watch your career with great interest
You need a job ? You seem like the hero we need but dont deserve
If your system is compromised they might uniquely identify your noise, depending on how it is produced
@@thomas.thomas Infrasound included?
Damn i wish i knew some clever workaround.
this is such an important subject yet ur one of th few who will talk abt it. thats why im subbed :) ill keep that in mind for when i have servers
maybe ill even stop being lazy n do my fde
I remember my team lead mentioning that ethernet functionally becomes an antenna once it reaches a certain length (I think it was 100 feet?) and had us keep cables under that length. Didn't realize he was protecting against this sort of attack
But good ethernet is shielded so it shouldnt emit much power that it could be used for any attack
hahahahaha when you said that about wrapping your pc in tin foil that just got me because it's so crazy how sus computing in general is becoming the more we learn about it through the lens of cybersercurity lol
Its a legit tactic tho lmao- infact tinfoil every wall in your house, right now.
Having been interested in wireless security for years.
Oh boy if you really knew how scary things were with wireless.
WPA2 is no longer secure right?
@@Oscar_delta13 yeah WPA2 can be broken. It’s still secure enough but WPA3 is taking over slowly.
@@Lync512 WPA3 already highly exploitable, it's better but not by much
@@nogrammer true. To be fair nothing is truly secure. Especially not wireless.
🐸Best Thumbnails in the business🐸
“Air gapped system physically compromisable”
Big Wifi has been selling us wifi adapters and access points for years, playing us for fools! A software solution was available the whole time!
Sata 3 cables are required to have shielding around the individual differential pairs, as can be seen at 7:05 in the video. This is mainly to help reduce crosstalk since it isn't a twisted pair.
Twisted pairs however tends to radiated a lot less compared to non twisted ones. But have a second twisted pair nearby with the same number of twists per unit length and the crosstalk can get rather large.
But the signal levels here and the fact it is differential helps reduce the radiated energy by a noticeable amount as is. And it isn't like multipath is going to make it a pain to capture the data in most actual environments. Especially if one has a fair bit of other equipment working at the same part of the RF spectrum. Computers do not generate white noise, so it is far from trivial to filter them out from each other.
But yes, there is many ways to transmitt data from most computers.
Though, then there is tempest, where one just looks at whatever the target system is emitting. Be it sound, light, RF, or even conducted noise over the power cable. As stated above, computers do not generate white noise, so there is data to gleam from these sources. The least effective source is though likely sound and light in most situations. And shielding out the RF isn't too hard, while conducted noise over power lines will intermingle with all other appliances consuming power.
NSA could "watch" targeted video screens via emissions from VGA cables from quiet a distance aways, according to leaks in the last 10 years. VGA cables are outdated now, but still, people seem to forget that different versions of this involving using speakers in reverse (lol, it's true!) to bug rooms and God knows what else. This is NOT a new capability by any means.
Could you maybe do something similar with the PSU? The malware could draw more and less power and that could maybe be picked up remotely?
I suppose you could indeed use power draw for signaling, it "should" be trivial to use high power/low power for ones and zeros. Perhaps if the airgapped machine is on a networked UPS (even for out-of-band monitoring of the UPS) you could exfiltrate data that way. There was a CVE earlier this year where APC UPSs could be remotely flashed with malicious unsigned firmware via their updater, and while those security researchers demonstrated the problem by making one catch fire, there could be other shenanigans out in the wild to this day...
If targeting a single home user you might also be able to do a similar power draw monitoring exfil if you could pwn their smart meter, which shouldn't be terribly difficult.
And for gamer bros, I would bet you can do all kinds of awful things to them via a supply chain atttack on the stupid proprietary control panels used to control RGB and other stupid features on "gamer" PSUs.
@@ReptilianLepton Would your first comment re power draw be an example of differential power analysis?
as an EE, this is amazing
This reminds me of the use of 4K cameras to record the vibrations of objects (e.g. plant leaves, paper sheets, etc) through windows and so on, in order to figure out what people inside the room are talking about based on the frequencies.
That's a bit extreme.
You're joking, yes?
@@genossinwaabooz4373 Not a joke.
Seytonic talked about this also.
Ong
This is amazing news, I mean I'm as far from the information acquisition world as you can possibly get, but the people who can use this are in a good position especially in the sometimes painfully long time it takes for information on vulnerabilities like this to propagate.
In the 1980s there was already the technology to measure the high-voltage pulses of a crt tube monitor, making it possible to spy on a computer/television screens.
As far as I know, research on this began as early as the 1970s, but the technology then became outdated due to the use of TFT screens...
10:40 to not get hacked just make sure you don't get hacked
Thanks for the great idea, wouldn't have thought about this myself
good time to be in the faraday industry, damn
yeah....sales are up over 1000%
Why does the target machine have a Green CAT 5 cable plugged in? Is the Simple "Hello World!" style input box form actually writing the data to the hard drive in order to send the data via the SATA cable? What RF technology is the hacker machine using to intercept said data, for example, assuming the clock frequency of the system is 3GHz, are they using a wideband SDR sweeping a large portion of the spectrum and decoding the received binary into ASCII? I'm rather curious.....
Brooo, Thanks for bringing this up! Keep up the work OG.
I thought this was going to be about Van Eck phreaking. This is next level.
I think PC cases should be decent at shielding EMF since they are made of metal and are grounded.
Your pc case is grounded?
@@thomas.thomas Yes, I think all of them are through the PSU that is grounded and makes contact with the case.
This sounds like that time when they used the combined frequencies of all components in an iphone to uniquely identify it.
Note that this flaw only works IF your airgapped system has an onboard wireless antenna that has been disabled via BIOS or your OS. If your system's motherboard does not utilize a wireless receiver at all, then it is impossible for it to recieve or send anything wirelessly since the system physically does not have the hardware to understand wireless protocol.
I have already hidden my pc from any malware(12 meters underground)
A point you missed is that the attacker doesn't have to hack the particular system they are attacking, they can heck a system within proximity of the device they are actually targeting that is capable of sending data such as, I don't know, your cell phone another computer nearby capable of receiving data.
How is attacking a nearby smartphone gonna make the system his interest in sent wireless data threw the S-ATA cable? You make no sense.
Can you elaborate?
That sounds like how our devices all got enslaved. From what I could tell. But idk which vector(s). I tried airgap but eventually it all succumbed. This is over most ppls capacity to keep up with alot of f^ckery.
The voltage at a given time isn't always what's used to transmit a 0 or a 1, bits are often encoded using rising and falling edges.
You just got me to search for shielded SATA cables.
Just Faraday cage ur desktop
@@ոakedsquirtle I have too many machines. I might as well shield my whole crib.
Also, signals emitted from VGA cables can be picked up by AM radios, then decoded using an ADC and a micro controller to recreate what was shown on the screen.
So solid side panel probably slightly more secure than the tempered glass rubbish because a little more shielding?
You could mod a physical disk drive to create radio waves and read data.
I think I will just turn my house into a giant faraday cage at this point...
Good discussion. Cuts to the heart of a mental exercise I've bandied about. If I had a virgin laptop (i.e. new and having never connected to another device or to the internet) and wanted to keep it as secure as possible by using only USB flash drives to connect it to the outside world, what steps could I take to maximize the security of those drives?
I'm digging into such an attempt. If I can manage it.
My skills are not up to this level however....
@@genossinwaabooz4373 I watch a lot of YT tech channels but I haven't seen one yet talk about USB safety. Sooner or later somebody will.
this "exploit" is less significant than people are playing it out to be.. speaking as a telecommunications engineer working in RF test and measurement
What else you know is afoot out there tho? In the cities and towns? My area is getting very police state and fast.
Imagine not having an array of tinfoil tents and Faraday cages around your air-gapped system 🤔
>I wake up
>wires
>I watch mental outlaw
>wires
Antennas, particularly the ones used for transmitting are also tuned for specific frequency ranges and have alot more power (watts) being put into them
Could intel management engine and AMD PSP be the “malware” that exfiltrate data?
There is someone excellent research by european institutes into this you should look it up.
Tldr: yes
But these hardware hacks require close proximity, so how would they get it?
“Sata antenna” to WiFi? How would they hide the packets?
I've readied the full paper and will use it against my enemies
Reminds me of those programs (or hell, TH-cam videos) that show different patterns on the display that cause the driver circuitry to emit RF that you can recieve on an AM radio. I'm sure it wouldn't be hard to transmit data over a video display in this way. Hell, I might try it myself sometime.
Monitors in general are horrible when it comes to RF interference. Hell, my monitor emits enough RF interference that I have to turn it off to listen to my local clear channel 50 kW AM station, WCCO, that's broadcast just 15 miles away
Do you have any resources on those programs?
What the hell!
You're talking about lcd monitors?
Theres so much data flowing around those high data rate buses. Theres GOLD in those doubloons
EMF shielding won't work against other kinds of SIGINT though. For example, you can send messages with thermal fluctuations. Stress and idle the CPU accordingly to change its temperature. On another computer in close proximity, read the data via onboard temperature sensors. With this, you can slowly send information bit by bit. For air gapped systems, you need to start seriously considering physical security.
Interesting possibility...for our situation may be plausible, give reason to some wonky readings observed while monitoring...
If one has enough access to a computer to do that, then there would be no need to do that; one could just steal what one wants directly.
SCADA systems are directly connected to the global Internet by many utility companies. They should never be but they are all too often connected for "convenience."
"Convivence" just another word for lazy most times. Still can't understand why billion dollar companies are so fucking lazy and don't practice BASIC security measures most times.
This is why physical security is crucial
That headline had me whistling like a stovetop boiler
If you cut the shielding on both ends and connected one end of the shielding to a sata data line it would probably be a better antenna?
5:26 there was a Nintendo DS game that let you share custom levels as audio files. They were extremely picky and error-prone. No wonder so few games have used such a system.
That guy and his team have some absolutely manic techniques for data exfiltration from airgapped systems
Could we instead make it more easy to transfer data through this way and make a new type of wireless network?
Length is a huge factor for both the band and the range, and sata cables are very short.
Sending wireless data through a SATA cable is pretty genius, security always finds ways to improve itself with these exploits.
Not saying any normal person should even consider that he needs to protect himself from this.
* audio file of guy saying no over and over while laughing and then just cracks up *
Don't you have a Faraday cage if you computer has a steel chassis grounded through the power supply? Providing you don't have a huge glass window on the side. Granted some leakage will occur through vent holes, but even those could be blocked by metal radiators.
Some pc cases have a front out of plastic
Its quite remarkable what they come up with.
3:15 dummy load? or its on ones connected to a drive?
I wonder if you could use the cable as a receiving antenna to write things on the storage.
This is wild... I 100M% was thinking about this yesterday. We're approaching convergence, brace for impact captain.
In my humble opinion, you should change the name of your channel to “real life giga chad.”
Lmaoooo. Rick roll the vic doing some James bond gogo gadget sata radar...
This channel is under rated... thanks for helping my sense of paranoia
The 3.3V, 5V, or 12V power rail is connected to SATA Power, not the data port. I couldn't find specific info on the data cable, but I don't suspect it would be much.
m.2 NVMe drives wouldn't be vulnerable, either. There are also "few and far between" situations were you have 1m access to the machine and exploit on machine but not "literally touch the thing" access for a flash drive or physically take the computer vector. The malware also has to seek the data and transmit it, so the assailant would have to be set in advance what memory location or stored data its looking for, it doesn't seem like they can just "wait" for the data to be read by the host machine during normal operation.
Anyone who succeeds using this technique deserves the W.
Hobo! It's the COPS.
THEY DESERVE NOTHING.
PC case provides a lot of shielding, but attenuation at given frequency depends on width of the gaps between metal because the EM waves have their length, and if the frequency is higher, they are smaller and can fit in smaller gaps. :). The best shield is just a metal box without any gaps made of material with high conductivity, or just thick. Also aluminium foil isn't ideal because they make them very thin, just try to wrap a phone and call it, it will probably still have a signal. They make a thick Al foil tho, I just don't know what's called.
Or just use several aluminium foil layers
I use 2 layers Reflectix- style insulation (thin closed-cell foam sandwiched between foil outer surface) so 4 total foil surface and makes into case shaping easy enough, padded...user friendly.
Tested to block 100%. Less material didn't.
I'm running Linux mint on my PC. I don't use wifi or Bluetooth. Should I wrap my sata cables in aluminum foil?
curious to why you would record a screen with a camera
What would happen if everyone started reading off crash codes to the cell phone spyware?
i already managed to eavesdrop on a monitor, as the same thing happens with video cables. range with proper equipment is approximately 130 meters
Step 1: infiltrate a "really secret and important" base heavily guarded by guns and walls of concrete.
Step 2: Go through the many layers of hardcore security including eye scanners and scheduled checks.
Step 3: Reach the computer which is being used at the time and shut it down completely giving off your position.
Step 4: Open the PC box to reveal the Computer components and while following standards to not get shocked or damage the PC replace the SATA link with the one with the antena.
Step 5: While the PC boots up get out your equipment out, once the computer is functional insert some USB drive to infect the PC with malware.
Step 6: Wait for the malware to do it's job and use a second computer to receive radio signals instead of using the USB directly to steal data.
Step 7: Get arrested, tortured and thrown into a cage.
Well it's not a specific SATA cable with an antenna built in, it's just using a normal SATA cable as an antenna.
Any long thing piece of metal can be turned into an antenna.
So, get a job as a technician, then steal the data without creating any records you did so? This hack is better than I thought!
@@xavierrodriguez2463 Oh well, they still have to shove a metal rod in it? Better have already shoved and calibrated to transmit.
@@GabrielAKAFinn Brilliant
@@RoastCDuck the point is it already had a metal rod in it, it's the damn wire lol
Another thing is that those old optiplex cases make for fantastic faraday cages.
Could this exploit be used through the Intel Management Engine (or AMD/ ARM equivalents)? I get that it is unlikely, but I'm talking about in principle.
Almost anything is possible, in principle.
Depends if IME is fast enough. As far as I know that thing runs on a embedded 486 core or something so it's a slow piece of shit hardly capable of doing anything useful. This "exploit" would probably be very demanding since you are using SATA protocol to bit bang wifi and ip protocol and stuff. Not sure how to explain it better, but imagine you have to do million smoke signals a second, you would be to slow for that lol
@@golarac6433 I think the slow speed should actually be more optimal/fine since the transmission doesn’t need to be fast rather it needs to be undetected for a while.
Think of Stuxnet, it operated for a while without being detected meanwhile it’s did exactly what was expected of it. Even the security vulnerability that Log4j had for years before anyone found or used it.
I’m no expert though, just a person talking about how the slow creeping danger is much more obfuscated threat than the rapid onset threat.
@@Fractal_32 but we are talking about manually using sata signals to encode something. Completely different like WiFi. Its not like IME can do one slow magic write to sata register to enable slow WiFi transmition. Presumably IME can use the dedicated hardware for that anyway so what's the point. It would just use your network card
@@golarac6433 Firstly I’m speculating and have no experience in computer science or cybersecurity.
Secondly I was thinking in general, if it can control power usage then you could slowly transmit a signal at a specific time by varying the power draw of a system (like a whole data center) at a specific time. It’s slow but possibly undetectable if the power draw is only changing by
Hey Kenny, can you give us links where you get all that info from? I mean news sites and etc?
Wouldn't the server being in a metal case act like a Faraday cage and block the signal or do certain frequencies penetrate grounded shields?
Physical access would allow you to compromise a system....
Who would have thought. 🙄
Yeah, this makes it easier to exfiltrate the data, but if you have physical access you've already won anyway.
Manufacturer always have physical access to your system
I'm intriguied by how can somebody identify the sata cable rf emissions among all the various signals that i imagine are emitted by a computer, since the sata cable is only one of the many components that can act as an antenna
yes, shielding it will greatly reduce the radio effect
How would this stack against an exfiltration technique like the Van Eck Phreaking?