The phrase “extraordinary claims require extraordinary evidence” is most often attributed to Carl Sagan, specifically from his television series Cosmos. Sagan was probably not the first person to put forward such a hypothesis, and the show certainly didn’t claim he was. But that’s the power of TV for you; the term has since come to be known as the “Sagan Standard” and is a handy aphorism that nicely encapsulates the importance of skepticism and critical thinking when dealing with unproven theories.
It also happens to be the first phrase that came to mind when we heard about Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification, a paper presented during the 2021 Annual Computer Security Applications Conference (ACSAC). As described in the mainstream press, the paper detailed a method by which researchers were able to detect viruses and malware running on an Internet of Things (IoT) device simply by listening to the electromagnetic waves being emanated from it. One needed only to pass a probe over a troubled gadget, and the technique could identify what ailed it with near 100% accuracy.
Those certainly sound like extraordinary claims to us. But what about the evidence? Well, it turns out that digging a bit deeper into the story uncovered plenty of it. Not only has the paper been made available for free thanks to the sponsors of the ACSAC, but the team behind it has released all of code and documentation necessary to recreate their findings on GitHub.
Unfortunately we seem to have temporarily misplaced the $10,000 1 GHz Picoscope 6407 USB oscilloscope that their software is written to support, so we’re unable to recreate the experiment in full. If you happen to come across it, please drop us a line. But in the meantime we can still walk through the process and try to separate fact from fiction in classic Sagan style.
Continue reading “Identifying Malware By Sniffing Its EM Signature”
Summer is fading into a memory now, but as surely as the earth orbits the sun, those hot and sweaty days will return soon enough. And what can you do about it at the level of a single, suffering human being? After all, a person can only remove so much clothing to help cool off. Until someone figures out a way to make those stillsuits from Dune, we need an interim solution in which to drape ourselves.
We’ve seen the whitest paint possible for cooling buildings, and then we saw a newer, whiter and more award-winning paint a few months later. This paint works by the principle of passive cooling. Because of its color and composition, it reflects most light and absorbs some heat, which gets radiated away into the mid-infrared spectrum. It does this by slipping out Earth’s atmospheric window and into space. Now, a team based in China have applied the passive cooling principle to fabric. Continue reading “How Much Is That Shirt In The (Atmospheric) Window?”
The world around us is a scary place, with a lot of visible and invisible dangers. Some of those invisible dangers are pretty obvious, such as that of an electrical shock from exposed wiring. Some are less obvious, for example the dangers of UV radiation to one’s skin and eyes commonly known, but also heavily underestimated by many until it’s too late. In the US alone, skin cancer ends up affecting about one in every five people.
Perhaps ironically, while the danger from something like UV radiation is often underestimated, other types of electromagnetic radiation are heavily overestimated. All too often, the distinction between what is and isn’t considered to be harmful appears to be made purely on basis of whether it is ‘natural’ radiation or not. The Sun is ‘natural’, ergo UV radiation cannot be harmful, but the EM radiation from a microwave or 5G wireless transceiver is human-made, and therefore harmful. This is, of course, backwards.
Rather than dismissing such irrational fears of radiation, let’s have a look at both the science behind radiation and the way humans classify ‘danger’, such as in the case of 5G cell towers. Continue reading “On 5G And The Fear Of Radiation”
TEMPEST is the covername used by the NSA and other agencies to talk about emissions from computing machinery that can divulge what the equipment is processing. We’ve covered a few projects in the past that specifically intercept EM radiation. TEMPEST for Eliza can transmit via AM using a CRT monitor, and just last Fall a group showed how to monitor USB keyboards remotely. Through the Freedom of Information Act, an interesting article from 1972 has been released. TEMPEST: A Signal Problem (PDF link dead, try Internet Archive version) covers the early history of how this phenomenon was discovered. Uncovered by Bell Labs in WWII, it affected a piece of encryption gear they were supplying to the military. The plaintext could be read over that air and also by monitoring spikes on the powerlines. Their new, heavily shielded and line filtered version of the device was rejected by the military who simply told commanders to monitor a 100 feet around their post to prevent eavesdropping. It’s an interesting read and also covers acoustic monitoring. This is just the US history of TEMPEST though, but from the anecdotes it sounds like their enemies were not just keeping pace but were also better informed.