I've noticed the once ubiquitous ferrite core bulge (to prevent cables from functioning as antennae when plugged into leaky equipment) has been absent from the typical modern USB cable.
Is it possible this USB hub lacks a ferrite core entirely? Or are USB peripherals sufficiently advanced nowadays that they've been tucked away neatly, Apple-style?
As such information is only sent along the communication path from the device to the computer, it was hitherto thought to be protected from potentially compromised devices outside this path.
That sounds like a very... naive statement, given that radio interference is not an uncommon phenomenon and things like this have been known for years:
Carefully designed antenna geometry could be used to target a key sniffer on a specific machine at a distance. This would make it easy for someone disguised as cleaning or maintenance staff to target a specific machine. On the flip side, even gathering all keystrokes in the immediate area in a jumble would still yield useful data to an attacker.
As I've stated before, we're reaching the point where every device, no matter how trivial, needs to be encrypted and robust against spoofing and replay attacks.
You can implement all the encryption/authentication at the application layer, depending on your use case. USB can stay as-is.
In theory sniffing attacks can extend to anything. The basic problem is that:
1) All electronics create EMI.
2) We have very cheap ways to measure EMI with high sensitivity.
The brute force solution is to faraday cage everything, but even then something leaks out and it is just a matter of time before more sensitive equipment is available at low cost.
At least in places where rule of law exists the use of rubber-hose cryptanalysis is significantly restricted especially for powerful authorities.
Strapping someone into a fMRI with a loop that says "YOUR PASSWORDS FIRST CHARACTER A B C ..." isn't (yet) so obviously restricted.
Rubber-hose cryptanalysis can also, at its extremes, be resisted by denial (potentially at the cost of disfigurement or death) at least by some people. Mind-reading cryptanalysis may require that you commit suicide in advance of being questioned to protect information. They aren't equivalent.
I can picture a Sci-Fi story, where someone claims to have a brain scanning technology that can pull information out of someone's head in this fashion. However, the twist is that the device can't read memories. It can only overwrite memories. So the way the extraction tech actually works, is that a virtual reality memory of torture is projected into the subject's brain, breaking the subject and getting them to divulge the information. Then, after the torture, the torture memories are erased with a scene of their mind being "read."
Of course, this doesn't work 100% of the time, so the startup which produces this new tech tries to use it to cover its tracks.
That is sort of like the old "Scotty with the phaser" explanation for transporters.
FMRI extraction of text has already been performed in a controlled setting. No one has demonstrated it with an adversarial subject in the open literature, yet.
An interesting consideration for the extraction of cryptographic keys is that the extraction could be very noisy and yet still be a massive speedup for a search. If the attacker can try a billion combinations per second they may not need to get that many bits of search space reduction from the subject.
Is it possible this USB hub lacks a ferrite core entirely? Or are USB peripherals sufficiently advanced nowadays that they've been tucked away neatly, Apple-style?