At my first computer job, we were warned not to try to use radios in the machine room as the computers emitted radiation that would interfere with the reception. Of course, we all had to listen. Some people (not us) cleverly programmed computers to play music over AM radios using these electromagnetic emissions. Others programmed peripherals such as a line printer to play music. The idea that the computer emitted so much RFI, or radio-frequency interference was new to me and fascinating considering that I was taking electrical engineering courses at the time.
In May, the Hackaday blog had a post about the use of the RF emissions of devices to actually identify the device. Individual devices emit different radio frequency signatures, even those of the same model! The researchers are with Disney Reasearch, and the idea is not only exciting but inexpensive.
Their method is inexpensive because it uses a small USB device sold for receiving radio and TV signals. It’s called an RTL-SDR. RTL refers to the chip used, and SDR stands for Software Defined Radio. These dongles receive a broad range of RF signals, and some can be attached to antennas for better reception. The least expensive of these devices cost well under US$20, so they are popular with researchers and hobbyists.
The Disney researchers modified the RTL dongle a bit and were able to receive a broad range of frequencies. Then they used some math to plot the intensity, or magnitude, of the signals at each frequency. These plots gave them a sort of “fingerprint” of the emissions of the devices they wanted to identify. You can get the details from their report which contains equations, tables, charts, and color images. Their goal was to identify individual devices by emissions as opposed to RFID tags or bar codes. The fingerprints in the image below are from the the PDF of the report.
But maybe a hacker could use this technology to discriminate between devices and discover the locations of compromised devices or “compromisable” devices. If the techniques could be used to identify particular computers (or light sabers as they also demonstrated), and if a device had been compromised by an attacker, he or she could then find that device from among a collection of identical-looking items. Or maybe the attacker could use the technique to find devices of a particular type that he or she knew how to compromise.
One positive feature of the dongles, is that they are unlikely to identify one device with dozens nearby unless the RTL-SDR device were equipped with a very directional antenna. Such an antenna would likely be difficult to conceal. Additionally, the signals emitted by most computing equipment are not very strong. Different countries have different standards for allowed emissions from devices marketed to consumer and commercial users. The U.S. Government has regulations called TEMPEST that are designed to keep emissions at a level low enough to prevent interception of classified data. The TEMPEST regulations are written to prevent interception by very sophisticated equipment, though, and an RTL-SDR dongle is not that sophisticated.
It will be interesting to see whether anyone tries to use this technology for the uses I’ve identified.
To your safe computing,