Types of Side Channel Attacks:
Electromagnetic Attacks
Electromagnetic (EM) attacks are essentially power monitoring attacks with a further magnetic component, adding depth and detail to the signals being analyzed.
EM attack methods combine power monitoring attacks with monitoring of the magnetic spectrum at various distances. Today’s low-power devices usually require that an attacker be near the device being monitored at least once to install monitoring hardware.
An example of an Electromagnetic attack at consumer level is Radio Frequency Identification (RFID) skimming, which can be done from a few feet away. This is something to consider now that contactless bank cards and travel permits are commonplace.
In the case of a physically compromised cryptographic system, physically accessing the device to get close-in readings of the microprocessor(s) in action (e.g. a CMOS chip or CPU). Clearly this type of technique is only really worthwhile for high-value targets, though the falling price of equipment and improvements in the techniques involved mean that an increasing number of methods are no longer inaccessible to anyone but state-level security operations.
Acoustic cryptanalysis makes use of the sounds made by various devices to work out the content that’s being input or displayed in a number of different ways. One of the earliest known side channel attacks was used by the British Security Service (MI5) against the Egyptian Embassy in London in 1965 to deduce rotor settings on a mechanical cipher machine used for secure communications.
By recording key strokes, input from keyboards (including ATM keyboards) can be worked out based on the slightly different sound each key makes. With the right microphone, the sound made by print heads on an ink jet printer can be used to reconstruct what was printed. Recently security researchers have been able to prove that it’s possible to record the coil whine from an LCD monitor to work out what’s being shown — previously listening to coil whine was only a laptop security issue.
In fact, with consumer-level devices, the constant drive for lower power (e.g. EnergyStar ratings on old PCs, low power Bluetooth LE) aren’t just part of a campaign to be eco-friendly; lower emissions and greater shielding are a key part in protecting devices from electromagnetic and other side channel snooping.
Sources: medium.com
Edited by Mario Vulcano
Station HYPO 
8 July 2021 at 20:36
The Great Seal Bug shown in the Part 1 photo and video was a landmark achievement in Cold War surveillance technology. It contained no electronic components and remained passive except when illuminated by an RF source in a van parked outside the embassy. That made it nearly impervious to the standard Tempest/TSCM sweeps of the era. You can find an interesting description of how it worked on the Crypto Museum web site:
https://www.cryptomuseum.com/covert/bugs/thing/index.htm
Once discovered, the bug was secretly spirited away for detailed study by U.S.and British labs. So, why did we keep its discovery secret for so long? Two possible reasons: (1) admitting it had gone so long without discovery would have been embarrassing, and (2) the U.S. and British were busy designing and fielding their own versions of the device.
Peter Wright was part of the British team assigned to analyze the Great Seal Bug. He went on to a full career with MI5, retiring as its chief scientist.
Bitter over a pension dispute at retirement time, Wright moved to Australia and published a tell all memoir of his days with MI5. It’s a good read with descriptions of many of the black bag jobs, Tempest exploits and side channel attacks of his tenure. Although no longer in print, you can still find copies of “Spy Catcher” (ISBN 0-440-29504-1) on Amazon and other sites.
LikeLike