[Cryptography] Useless side channels
Perry E. Metzger
perry at piermont.com
Mon Feb 12 09:23:46 EST 2018
On Mon, 12 Feb 2018 14:09:20 +0000 Alexander Klimov via cryptography
<cryptography at metzdowd.com> wrote:
> On Mon, 12 Feb 2018, Perry E. Metzger wrote:
> > > A nitpick: Figure 9 (page 11) of
> > > <https://arxiv.org/pdf/1802.02317> shows a more realistic
> > > situation, where it is the smartphone that is put inside a
> > > Faraday cage (bag) next to an air-gapped computer.
> >
> > I don't consider that particularly realistic either I'm afraid.
> >
> > If you can get software running on the target's phone, why are you
> > bothering with this method of exfiltration when the thing has an
> > LTE modem?
>
> Once the data from an air-gapped computer is gathered by the phone,
> it will send it to attacker thru WiFi or modem.
Ah. I got the direction wrong. On the other hand...
> Many smartphones cannot be really turned off, that is you cannot
> disconnect the battery every time you report to work on an
> air-gapped computer, thus workers switch the phone off and put it
> into a Faraday bag for extra protection.
...a bag like that isn't a Faraday cage, and you should not be
bringing a phone, on or off, into a secure facility. If your
organization's process relies on workers to remember to turn off
phones and put them in to bags like that, something is wrong. Among
other things, people can't be trusted to reliably remember to do such
a thing.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list