Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This isn't a very novel technique; I didn't see any reference to TEMPEST, which has been known for a long time - no physical contact required, it can be done at a distance:

http://en.wikipedia.org/wiki/Tempest_(codename)

Here's an unorthodox application of this technique: http://www.erikyyy.de/tempest/

The most interesting part is that adding noise won't help to mask the signal, even if the signal is much weaker than the noise, since it can still be recovered through processing.



Tempest deals with extracting signals at a distance, from things that are already directly broadcasting them in some form or another.

There's no such thing in this case. There is no USB port or VGA cable that is directly carrying the internal state of one of dozens of different processes/applications being run on the target PC.

This work is quite completely different. Using special knowledge of how specific software has been written and compiled, and also with the ability to throw carefully crafted inputs at the software in question, they're able to use some fun statistical methods to guess what the internal state must be.

The paper and this type of work generally is very interesting because software developers are used to thinking of CPUs as "black boxes" which do their thing invisibly and effortlessly.

This kind of work is just as awesome as all the papers on CPU side-channel attacks (cache, branch prediction, etc) which really seemed to take off around 2005.


>> This kind of work is just as awesome as all the papers on CPU side-channel attacks (cache, branch prediction, etc) which really seemed to take off around 2005.

Maybe you meant late 90ies, when Kocher (and others) published results on side-channel attacks.

http://www.cryptography.com/public/pdf/TimingAttacks.pdf http://www.cryptography.com/public/pdf/DPA.pdf


No, that's not what he meant. He was referring to the x86 microarchitectural side channel trend that started in 2005, with stuff like Aciicmez's BTB timing paper, or Osvik and Tromer's local cache timing.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: