If the mechanism is believed to be thermal, then this is 4-6 orders of magnitude more powerful than WiFi. It's like removing the cavity from a microwave oven and blasting it at someone. This is horrifying.
It's very scary shit. We could soon have no privacy at all in our own homes because of other people's WiFi networks. If the output is strong enough, all you have to do is connect to/crack someone's WiFi and use it to get a layout of all their neighbor's places.
I had no idea about this and the implications are truly terrifying and amazing.
Its not just wifi at home the entire world is now a big mesh network. So theoretically it means literally everything everywhere which has wifi coverage can now be tracked with amazing accuracy. Quite possibly the most scary/invasive tech.
That's a bad analogy for an unsecured wifi. Wifi is radiated energy in radio spectra. They're not looking through your window; you're shining a flashlight through your walls and they wrote down the pattern you're strobing into the street (and that pattern isn't even secret; you're using the common pattern everyone uses to send messages intended to be universally understood).
Did I read the article correctly in that it is possible to disrupt WiFi networks to make devices disconnect from it, without breaking its encryption? Wow.
Well this is terrifying. Pretty soon you'll have to crack open your appliances to snip the antennas to prevent them from calling home, rather than just not giving them the wifi password...!
Yeah the majority of them aren't Wifi lightbulbs afaik it's mostly routers and other similar devices, so they really do have the power of a low-mid range smartphone.
Realistically though as long as it can send a request I think attackers would prefer lower power devices someone's computer may be able to send many more r/s but much harder to gain control of versus the $30 iot device.
> The Wi-Fi radio runs on extremely low power by transmitting data via a technique called backscattering. It takes incoming Wi-Fi signals from a nearby device (like a smartphone) or Wi-Fi access point, modifies the signals and encodes its own data onto them, and then reflects the new signals onto a different Wi-Fi channel to another device or access point.
Seems like this chip is purpose built for surreptitious surveillance.
Title is misleading. This isn't generating Wi-Fi signals. It's generating non-Wi-Fi signals (i.e. effectively noise) in the Wi-Fi frequency bands, in a way that encodes information and can be detected using existing Wi-Fi chipsets (e.g. measuring channel noise), as a very low bandwidth communications channel.
The bit rate with off the shelf Wi-Fi chipsets as receivers is ~10 bits per second.
This is definitely interesting and clever, but as a security researcher I will say I consider this particular research lab a bit of a paper mill. Their entire schtick is they pick any random emission from a computer that can be picked up remotely, and hype it up as an airgap-defeating measure. The thing is, once you accept that either 1) if your air-gapped computer has malware that can do this, you've already lost, or 2) if you need to be resilient to that, your "air gap" needs to be a sealed vault insulated from sound, EMI, and any other physical transmission medium, then this whole body of research becomes purely academic.
IIRC they've done LEDs, temperature, inductor noise, ultrasound, etc. When I first started looking into this I could come up with a good dozen of their ideas without looking. Of course all this stuff works. It's cute, it's clever, but it's not particularly obscure nor difficult to make work, and it all relies on having malware on the target machine to begin with. Yes, computers are noisy beasts, and you can encode information in the noise; we've known this for decades, picking a new technique and implementing it isn't particularly interesting after the fifth or sixth time.
Personally, I find their techniques primitive and boring. Like here, they set the RAM bus frequency to 2.4GHz (DDR-2400). Yes, of course, if you do that, then RAM traffic generates noise in the Wi-Fi band. Then they just used the most boring and trivial encoding possible on top of that. I don't remember ever reading one of their papers and thinking they'd used a clever technique. It always seems to be "pick a leak vector, then do the least amount of work possible to make it work at a few bits per second and get a paper out".
The interesting side channel papers are those where you can get information from emissions (e.g. crypto keys) without malware on the target computer, during normal operation. Those are real threats. And this is not what this group is researching.
I've got a cheap Chinese 2.4GHz analog video transmitter in a box somewhere which is _way_ overpowered (600mW from memory, instead of the legal max of 25mW) it completely knocks out all my 2.4GHz wifi when I switch it on (and I strongly suspect all my neighbour's wifi as well). I've got much a less overpowered 5GHz which my 5GHz wifi doesn't seem to care about.
This is an automatic bluetooth pairing attack. With the right equipment (which can be as simple as a Pringles can and an antenna aimed through a window) you can execute this attack from a hundred meters away. That's not physical access.
reply