Venezuela has recently experienced
Without an impartial and in-depth analysis of the situation, it is very difficult to establish whether these shutdowns were the result of sabotage or whether they were caused by a lack of maintenance. However, allegations of alleged sabotage raise a number of interesting information security questions. Many control systems in critical infrastructure, such as power plants, are closed and therefore do not have external connections to the Internet. Thus, the question arises: could cyber attackers gain access to closed IT systems without directly connecting to their computers? The answer is yes. In this case, electromagnetic waves can be an attack vector.
How to "capture" electromagnetic radiation
All electronic devices generate radiation in the form of electromagnetic and acoustic signals. Depending on a number of factors, such as distance and obstacles, eavesdroppers can "capture" the signals from these devices using special antennas or highly sensitive microphones (in the case of acoustic signals) and process them to extract useful information. Such devices include monitors and keyboards, and as such they can also be used by cyber criminals.
If we talk about monitors, then back in 1985, the researcher Wim van Eyck published
Equipment used to access another laptop located in the next room. Source:
Although LCD monitors generate much less radiation than CRT monitors these days, they still
On the other hand, keyboards themselves can also be
TEMPEST and EMSEC
The use of radiation to extract information was first used during the First World War, and it was associated with telephone wires. These techniques were widely used during the Cold War with more advanced devices. For example,
But the concept of TEMPEST as such begins to appear already in the 70s with the first
This term is often used interchangeably with EMSEC (Emissions Safety) which is part of the standards.
TEMPEST Protection
Red/Black cryptographic architecture diagram for a communication device. Source:
First, TEMPEST protection is applied to a basic concept of cryptography known as the Red/Black architecture. This concept divides systems into "red" (Red) equipment, which is used to process confidential information, and "black" (Black) equipment, which transmits data without a secrecy stamp. One of the purposes of TEMPEST protection is this separation, which separates all components, separating the “red” equipment from the “black” with special filters.
Secondly, it is important to bear in mind the fact that All devices emit a certain level of radiation. This means that the highest possible level of protection will be complete protection of the entire space, including computers, systems and components. However, this would be extremely costly and impractical for most organizations. For this reason, more point techniques are used:
• Zoning assessment: Used to examine the TEMPEST security level for spaces, installations, and computers. After this assessment, resources can be directed to those components and computers that contain the most sensitive information or unencrypted data. Various official bodies regulating communications security, such as the NSA in the US or
• Shielded areas: A zoning assessment may show that certain spaces containing computers do not fully meet all security requirements. In such cases, one option is to completely shield the space or use shielded cabinets for such computers. These cabinets are made of special materials that prevent the spread of radiation.
• Computers with their own TEMPEST certificates: Sometimes a computer may be in a secure location but lack an adequate level of security. To enhance the existing level of security, there are computers and communication systems that have their own TEMPEST certification, certifying the safety of their hardware and other components.
TEMPEST shows that even if corporate systems have practically secure physical spaces or they are not even connected to external communications, there is still no guarantee that they are completely secure. In any case, the majority of vulnerabilities in critical infrastructures are most likely associated with conventional attacks (for example, ransomware), which we
Source: habr.com