In Learning Tree Course 468 we discuss ways to access computers not connected to a network. Some of the ways we mention are changes in electrical power use and the motion of laptops as different keys are pressed. (I’m not putting links here for a reason: I’d like you to come to the class to learn more about this. That’s selfish, I know, but those who are anxious to learn about this can check with Google for a quick information fix.) The press in the US and around the world has been talking recently about the US National Security Agency creating special USB cables with built-in radio transmitters that can send information from compromised computers, even if those computers are not connected to the Internet.
One good article says the transmitters can be built into the ends of USB cables and can transmit up to eight miles. That would seem to require some power in the transmitter and a frequency high enough to penetrate walls. I’m guessing the transmissions are intermittent to not generate significant heat which might melt the cable – and thus be detected. Or they might be low power and this require a low data rate. Or maybe they’re both. The exact details are understandably not public.
Few, if any, of the readers of this blog will have NSA USB transmitting cables on their computers. However it seems reasonable to assume that bad actors may be already working on designing or acquiring the designs for such cables or for similar devices. Corporate espionage is a risky, illegal, but potentially highly rewarding activity. If cables such as those used by the NSA were available (presumably not out in the open), they could be used to compromise corporate security. What might the appropriate countermeasures be?
First, buy cables from a reputable vendor. Vendors can be compromised, though, and most companies have cables lying around that could be replaced unnoticed with an altered cable.
Second, I suppose that in a high security situation, one could X-ray cables to see if there were anomalies in the connectors. This is probably impractical for most folks, but I suspect it’s happening now where people suspect their cables may be the NSA ones.
Third, one could shield the cables or put sensitive computers in shielded rooms. This is what has been done for decades. When computers do sensitive work, they are disconnected from networks (when possible) and placed in screened rooms. The rooms are enclosed in a wire mesh creating a Faraday Cage which prevents the radio-frequency signals from leaving the room.
One could jam the signals, but this is seldom practical for anyone other than government agencies.
Finally, one could potentially shield the cables and connectors with a tube constructed of wire mesh. That would act sort of like a mini Faraday cage. I’ve never seen such a shield – and Google didn’t help – but I envision something that looks a bit like a thin garden hose. I’m no expert in shielding, but I’m guessing that if such a product is possible, someone is working on it.
The problem is more complex, though. Maybe the transmitters are in the USB internal interfaces or elsewhere. The scope could be much larger than the cables. A screened room is still a great defense for situations like this and may be the best in this kind of situation. I can imagine a run on the shielding materials for screened rooms worldwide.