Schneier on Security

Clive Robinson • September 15, 2020 12:49 PM

@ ALL,

The risks of environmental sensors leaking information has been known for decades.

Some longterm readers may remember that the frequency the CPU crystal (xtal) runs at can via the fact it changes be used to measure the temprature inside a computers case, thus it’s work load.

This can then produce information about where the computer is by the load cycle identifing the latitude and the environmental temprature the longitude.

Further work enabled the likes of “Honey Pots” to be detected by comparing network timing thus easily revealing individual computers that were set up to appear to be entire networks. The attack required to get the network timing would appear to the honey pot operator as a “brain dead script kiddy attack” thus get ignored. However the willey hacker having enumerated the network and having high suspicion that it is a honey pot then does not use their hard won zero day exploit on it, thus prelonging the zero day exploit life.

But thus being able to determine that one set of hardware is acting as two or more hosts alows all sorts of other Advanced Pen Tester tactics to be developed.

Over at the UK’s Cambridge Computer Laps one researcher showed that what are now in effect known as “Dark Services” and their users could be revealed remotely.

I’ve pointed out frequently that the “Smart Meter” sensors have sufficient bandwidth to be able to determin what channel or video a person is watching in their home, when they get up how long they shower for when the cook, wash clothes vaccume the house or even in some cases put their phone on to charge…

The important point the researcher does not bring forward is “efficiency-v-security”. As we make things more efficient their power signiture and other signal bandwidths open up alowing more information to leak.

It’s important to know this as you then start to realise that even though someone might think that “low pass filtering” the signal mathmatically (averaging) removes the information, in fact it does not. It simply moves the signal energy across the bandwidth. There are known techniques that can partially reverse this and in effect strip off some of the averaging effects getting the signal back.

Whilst it’s a fairly complex subject there are obviously people out there with the required skills and a desire for a high salary. Which tells you that people are going to put the effort in.

So the moral is do not alow access to any of these sensors or their signals because they will be used to get PII etc about the user.

If you do not believe that have a think for a moment about an obvious example, Google and it’s input field spell checker sending your typing cadence back to Google. Do you realy think Google does not exploit that?