a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by oyster
oyster  ·  3058 days ago  ·  link  ·    ·  parent  ·  post: Today in "Is it For Real, or another episode of Madame Secretary"

So I guess that means, since they have the protection software, that the NSA wasn't worried about using these protected USB's on specific devices only and so that's how it got on ? Like they can plug those USB's in to any computer ? Or maybe could is a better word.





goobster  ·  3057 days ago  ·  link  ·  

Well, security has many levels.

One of the most reliable methods to secure a computer is to "air gap" it, which means that it connects to no network, no wireless, no other computer. The only way to move files onto it is with a USB.

So if you want to hack into an air-gapped computer, you need to compromise a USB that has been approved for use in that computer. And that is, effectively, what this hack circumvented.

Incidentally, they can now hack air-gapped computers by getting close enough to it with a sensitive antenna, and listening to the electrical pulses put out by the individual keys on the keyboard! It's a bit like electronic semaphore. But, it has been proven to work reliably.

user-inactivated  ·  3051 days ago  ·  link  ·  

    Incidentally, they can now hack air-gapped computers by getting close enough to it with a sensitive antenna

You say "now", but the NATO selection process for TEMPEST-secure devices comes from 1981. Way before that, there was laser eavesdropping and the KGB bugging the American embassy through "electromagnetic flooding", whatever that is.