Venezuela has recently experienced , which left 11 states of this country without electricity. From the very beginning of this incident, the government of NicolΓ‘s Maduro claimed that it was , which was made possible by electromagnetic attacks and cyber attacks on the national electric company Corpoelec and its power plants. On the contrary, the self-proclaimed government of Juan GuaidΓ³ simply wrote off the incident as "Β».
Without an impartial and in-depth analysis of the situation, it is very difficult to establish whether these shutdowns were the result of sabotage or whether they were caused by a lack of maintenance. However, allegations of alleged sabotage raise a number of interesting information security questions. Many control systems in critical infrastructure, such as power plants, are closed and therefore do not have external connections to the Internet. Thus, the question arises: could cyber attackers gain access to closed IT systems without directly connecting to their computers? The answer is yes. In this case, electromagnetic waves can be an attack vector.
How to "capture" electromagnetic radiation
All electronic devices generate radiation in the form of electromagnetic and acoustic signals. Depending on a number of factors, such as distance and obstacles, eavesdroppers can "capture" the signals from these devices using special antennas or highly sensitive microphones (in the case of acoustic signals) and process them to extract useful information. Such devices include monitors and keyboards, and as such they can also be used by cyber criminals.
If we talk about monitors, then back in 1985, the researcher Wim van Eyck published about the safety risks posed by radiation from such devices. As you remember, back then monitors used cathode ray tubes (CRTs). His research demonstrated that radiation from a monitor could be "read" from a distance and used to reconstruct the images displayed on the monitor. This phenomenon is known as van Eyck interception and is, in fact, why a number of countries, including Brazil and Canada, consider electronic voting systems too insecure for use in electoral processes.
Equipment used to access another laptop located in the next room. Source:
Although LCD monitors generate much less radiation than CRT monitors these days, they still showed that they are also vulnerable. Moreover, . They were able to access the encrypted content on a laptop in the next room using fairly simple equipment costing around $3000, consisting of an antenna, an amplifier, and a laptop with special signal processing software.
On the other hand, keyboards themselves can also be to intercept their emissions. This means that there is a potential risk of cyber attacks, in which attackers can recover login data and passwords by analyzing which keys on the keyboard were pressed.
TEMPEST and EMSEC
The use of radiation to extract information was first used during the First World War, and it was associated with telephone wires. These techniques were widely used during the Cold War with more advanced devices. For example, explains how, in 1962, a security officer at the US Embassy in Japan discovered that a dipole stationed in a nearby hospital had been aimed at the embassy building to intercept its signals.
But the concept of TEMPEST as such begins to appear already in the 70s with the first . This code name refers to research on unintentional (spurious) emissions from electronic devices that can contribute to the leakage of classified information. The TEMPEST standard was created and led to the emergence of safety standards, which were also .
This term is often used interchangeably with EMSEC (Emissions Safety) which is part of the standards. .
TEMPEST Protection
Red/Black cryptographic architecture diagram for a communication device. Source:
First, TEMPEST protection is applied to a basic concept of cryptography known as the Red/Black architecture. This concept divides systems into "red" (Red) equipment, which is used to process confidential information, and "black" (Black) equipment, which transmits data without a secrecy stamp. One of the purposes of TEMPEST protection is this separation, which separates all components, separating the βredβ equipment from the βblackβ with special filters.
Secondly, it is important to bear in mind the fact that All devices emit a certain level of radiation. This means that the highest possible level of protection will be complete protection of the entire space, including computers, systems and components. However, this would be extremely costly and impractical for most organizations. For this reason, more point techniques are used:
β’ Zoning assessment: Used to examine the TEMPEST security level for spaces, installations, and computers. After this assessment, resources can be directed to those components and computers that contain the most sensitive information or unencrypted data. Various official bodies regulating communications security, such as the NSA in the US or , certify such techniques.
β’ Shielded areas: A zoning assessment may show that certain spaces containing computers do not fully meet all security requirements. In such cases, one option is to completely shield the space or use shielded cabinets for such computers. These cabinets are made of special materials that prevent the spread of radiation.
β’ Computers with their own TEMPEST certificates: Sometimes a computer may be in a secure location but lack an adequate level of security. To enhance the existing level of security, there are computers and communication systems that have their own TEMPEST certification, certifying the safety of their hardware and other components.
TEMPEST shows that even if corporate systems have practically secure physical spaces or they are not even connected to external communications, there is still no guarantee that they are completely secure. In any case, the majority of vulnerabilities in critical infrastructures are most likely associated with conventional attacks (for example, ransomware), which we . In these cases, it is quite easy to avoid such attacks with the help of appropriate measures and advanced information security solutions. . The combination of all these protections is the only way to ensure the security of systems that are critical to the future of a company or even an entire country.
Source: habr.com