­Hola All!


Curioso, tras descubrir hace años el phreaking Van Eck[1], leo en el blog de Schneier[2] sobre la aplicación práctica y a un coste asequible de la evolución
de ese concepto, ahora con el nombre molón y mediático de TEMPEST.

Ya no se trata de visualizar una pantalla...


[1]https://en.wikipedia.org/wiki/Van_Eck_phreaking [2]https://www.schneier.com/blog/archives/2016/02/practical_tempe.html

-
A reveure!!
Enric
__________________________________________________________________
FidoNet: 2:343/107.1 | beholderbbs.org | fidonet.cat | .es | .ws
InterNet: kishpa(at)kishpa(dot)com | kishpa.com | GPG#0xDCCB8CFC

... Ninguna mujer es fea si la miras por donde mea.
--- crashmail + golded + binkd
* Origin: Black flag & crossed bones : Eye Of The Beholder BBS! (2:343/107.1)

Enric Lleal Serra wrote to All <=-

Hola All!

Curioso, tras descubrir hace años el phreaking Van Eck[1], leo en el
blog de Schneier[2] sobre la aplicación práctica y a un coste asequible de la evolución de ese concepto, ahora con el nombre molón y mediático
de TEMPEST.

Lo he entendido bien? Se trata de "capturar" la impresion en pantalla CRT?

Si es asi, joder...


... MultiMail, the new multi-platform, multi-format offline reader!
-+- MultiMail/Linux v0.49

--- BBBS/Li6 v4.10 Dada-1
* Origin: Eye Of The Beholder BBS - The Fidonet's Corsair (2:343/107)

­Hola Javi!

El Jueves 25 Febrero 2016 a las 15:39, Javi Lopez escribió a Enric Lleal Serra:

Lo he entendido bien? Se trata de "capturar" la impresion en pantalla
CRT?

Eso era el Phreaking Van Eck... Lo de Tempest es peor:


*Practical TEMPEST Attack*

Four researchers have demonstrated[1] a TEMPEST attack against a laptop, recovering its keys by listening to its electrical emanations. The cost for the
attack hardware was about $3,000.

News article[2]:

To test the hack, the researchers first sent the target a specific ciphertext -- ­in other words, an encrypted message.

"During the decryption of the chosen ciphertext, we measure the EM
leakage of the target laptop, focusing on a narrow frequency band," the
paper reads. The signal is then processed, and "a clean trace is produced which reveals information about the operands used in the elliptic curve cryptography," it continues, which in turn "is used in order to reveal
the secret key."

The equipment used included an antenna, amplifiers, a software-defined radio, and a laptop. This process was being carried out through a 15cm
thick wall, reinforced with metal studs, according to the paper.

The researchers obtained the secret key after observing 66 decryption processes, each lasting around 0.05 seconds. "This yields a total
measurement time of about 3.3 sec," the paper reads. It's important to
note that when the researchers say that the secret key was obtained in "seconds," that's the total measurement time, and not necessarily how
long it would take for the attack to actually be carried out. A real
world attacker would still need to factor in other things, such as the
target reliably decrypting the sent ciphertext, because observing that process is naturally required for the attack to be successful.

For half a century this has been a nation-state-level espionage technique. The cost is continually falling.

[1]https://eprint.iacr.org/2016/129.pdf [2]https://motherboard.vice.com/read/how-white-hat-hackers-stole-crypto-keys-fr
om-an-offline-laptop-in-another-room

Si es asi, joder...

Bien "jodíos" estamos, sí. :-)

-
A reveure!!
Enric
__________________________________________________________________
FidoNet: 2:343/107.1 | beholderbbs.org | fidonet.cat | .es | .ws
InterNet: kishpa(at)kishpa(dot)com | kishpa.com | GPG#0xDCCB8CFC

... La mujer es un hermoso defecto de la naturaleza. (Milton)
--- crashmail + golded + binkd
* Origin: Black flag & crossed bones : Eye Of The Beholder BBS! (2:343/107.1)