[Cryptography] Useless side channels
Alexander Klimov
alserkli at inbox.ru
Mon Feb 12 09:09:20 EST 2018
On Mon, 12 Feb 2018, Perry E. Metzger wrote:
> > A nitpick: Figure 9 (page 11) of <https://arxiv.org/pdf/1802.02317>
> > shows a more realistic situation, where it is the smartphone that
> > is put inside a Faraday cage (bag) next to an air-gapped computer.
>
> I don't consider that particularly realistic either I'm afraid.
>
> If you can get software running on the target's phone, why are you
> bothering with this method of exfiltration when the thing has an LTE
> modem?
Once the data from an air-gapped computer is gathered by the phone, it
will send it to attacker thru WiFi or modem.
> How often do people put their phones into Faraday cages while
> they're still turned on (why not turn it off!?) as a method to
> prevent data exfiltration? If you're worried, why wouldn't you just
> turn the phone off?
Many smartphones cannot be really turned off, that is you cannot
disconnect the battery every time you report to work on an air-gapped
computer, thus workers switch the phone off and put it into a Faraday
bag for extra protection.
> lugging around a lot of test equipment
IIUC, there is no other "test equipment" except the compass in the
phone.
--
Regards,
ASK
More information about the cryptography
mailing list