This is a continuation from part one and I recommend reading that first (as it's alphabetical order). This post marks the end of this two-part series! As previously stated, I only expect for people to acknowledge and understand them, and don't expect for people to take immediate action to minimize these attacks. In future, we may expand on any of these attacks and talk more broadly about them.

‎

‎Infrared Emanation Analysis:
An infrared emanation analysis attack can be carried out by remotely thermal monitoring the target computer and using its heat emission data to gain information from it. For instance, an attacker who is performing remote thermal monitoring on a PC may be able to obtain the password for a computer by examining which keys have the highest heat signatures after a user logs onto the PC. The attacker may also be able to gain more insight about the operations and data processes taking place on the PC by monitoring the thermal emissions.

‎

Ionizing radiation attacks:
Ionizing radiation attacks are a much less common and much lesser known attack vector against computers that involve exposing a device to high-energy particles or radiation to induce faults. By analyzing the resulting behavior caused by the induced faults, attackers can extract information from the system or compromise security mechanisms.

‎

Magnetic Field Analysis:
Magnetic Field Analysis involves studying the magnetic field of an electronic device to extract information from it. It can be used as an attack vector to remotely extract sensitive information from computers in various ways. It essentially works by exploiting the electromagnetic emanations from a target device to infer sensitive information about the data it is processing and the operations it is carrying out.

‎

Smartphones and tablets are equipped with magnetic sensors or “magnetometers”, which can pick up a variety of different kinds of information from nearby computers via covert magnetic signals. The magnetic sensors integrated into smartphones and tablets are not communication interfaces, but for orientation and positioning. Smartphones have been able to gain information remotely from computers with these sensors even when they are placed inside of a faraday cage, according to MAGNETO research.

‎

Since the low-frequency magnetic field used in this covert channel can bypass faraday shielding, it is difficult to come to an accurate conclusion on how to prevent or even impede these kinds of attacks.

‎

MOSQUITO:
The MOSQUITO attack, also known as a "speaker-to-speaker" attack, is a technique that enables the covert transmission of data between two air-gapped computers using ultrasonic waves. This method leverages the speakers, headphones, or earphones of the targeted devices to exchange information, without the need for microphones. The attack is based on the exploitation of a specific audio chip feature, allowing for the transmission of data via near-ultrasonic frequencies, typically in the range of 18kHz to 24kHz. The MOSQUITO attack was demonstrated in a proof-of-concept by researchers from Ben-Gurion University of the Negev in Israel. It has raised concerns about the potential for exfiltrating data from both online and air-gapped computers using this covert communication channel. The attack has significant implications for security, as it demonstrates a method for bypassing air gaps and transferring data between isolated systems using built-in audio hardware. The research on the MOSQUITO attack has highlighted the need for enhanced security measures to mitigate the risk of data exfiltration via unconventional channels such as ultrasonic transmissions through audio devices. This attack underscores the ongoing challenges in safeguarding sensitive information and the potential vulnerabilities associated with seemingly isolated systems.

‎

Power Hammer:
The PowerHammer attack is a method of exfiltrating data from air-gapped computers through power lines. It involves the use of a malicious code running on a compromised computer to control the power consumption of the system. By modulating and encoding the data, the attacker can create variations in the power consumption, which are then conducted and propagated through the power lines. This phenomenon is known as a "conducted emission." The attack establishes two frequencies to represent a "1" bit and a "0" bit, allowing the encoding of binary data from the victim's computer into the power consumption.

‎

The PowerHammer attack offers two versions: Line level power-hammering: In this version, the attacker taps the in-home power lines that are directly attached to the electrical outlet, enabling data exfiltration at a speed of around 1,000 bits per second. Phase level power-hammering: In this version, the attacker taps the power lines at the phase level, in the main electrical service panel. This version of the attack is more stealthy but has a lower data exfiltration speed of around 10 bits per second due to greater background noise at the power line phase level.

‎

To defend against PowerHammer and similar attacks, several countermeasures can be implemented, including: Monitoring and measuring the fluctuations in the current flow being transmitted through the power lines to detect any unusual patterns. Implementing signal processing and forms of interference to reduce the effectiveness of the covert channel. Restricting physical access to the power lines and electrical panels to prevent attackers from tapping the power lines for data exfiltration. These defensive measures can help mitigate the risk of data exfiltration through power lines using techniques like PowerHammer, enhancing the security of air-gapped systems against such attacks.

‎

Power Supply Glitching attacks:
Power supply glitching attacks can be carried out remotely if an attacker has partial access to the power supply of a building or the targeted device. These attacks involve the deliberate introduction of voltage or current spikes, known as glitches, into the power supply of a device. Research has shown that such attacks can be performed remotely and are a serious threat to the security of electronic devices, including microcontrollers and system-on-chip (SoC) devices. The attacks can lead to various security threats, such as misinterpreting instructions of processors, failure to erase or overwrite data, or retaining data from memory when not instructed. To protect against such attacks, detection circuits and other hardware and software-level defenses, such as bidirectional TVS, eFuse, multiphase voltage regulators, and IP for voltage glitch detection, can be implemented. These measures are essential to safeguard devices against the potential risks associated with power supply glitching attacks.

‎

Proximity Sensors:
Proximity sensors are used to enhance security, power savings, and user interaction. While these kinds of sensors are usually integrated into smart devices such as smart phones and tablets, they have been undergoing a broader integration into personal computers more recently. They pose a significant risk to user privacy and anonymity as they can be used to detect when the user is at, near, or away from their computer, keystroke inference (essentially serving as a keylogger), user profiling (creating a profile of a user based on their presence and interaction with the device), and simplifying the process of tracking the user. A piece of electrical tape over a proximity sensor can disrupt its sensing capabilities and may render it ineffective.

‎

Smart Meters and Power Line Communication (PLC) Monitoring:
Smart meters (electric, water, and gas) are key elements in the advanced metering infrastructure (AMI). They enable advanced metering of utility usage, and can detect all wired electrical, water, and gas-related events taking place within a building. Which includes identifying when appliances are turned on, when light switches are activated, and even gathering information about computer activities. This makes it easy for utility companies (or other parties who have access to the meter’s information) to tell if there are people in a house at a given time or if they are away, what rooms they are in, and what electronic devices they are interacting with.

‎

The data collected by smart meters are transmitted through various wired and wireless means, including, but not limited to: Bluetooth, WIFI, cellular networks, radio frequencies, Zigbee, and power line communication (PLC). All of these vectors of wireless data transmission increases the risk of data interception, potentially allowing third parties and law enforcement to monitor electronic activities and gather information about where people are, and what they are doing in a particular building. Smart meters also emit electromagnetic fields, which could enable further privacy-threatening vulnerabilities.

‎

Power line communication (PLC) is prone to different kinds of attacks and data extraction methods. Both smart meters and PLC can facilitate the installation of eavesdropping devices and transmission of data to unauthorized parties.

‎

To minimize the privacy-threatening nature of smart meters and PLC, it is recommended to purchase an in-home power generator to power your PCs and other sensitive electronics. Or only use your laptop on battery power. Shielding the area of your home where you smart meter is installed can be crucial to prevent the electromagnetic fields emitted by it from seeping into your home and potentially interfering with your electronics. Mylar can work but it must be taped hard against the wall or it will not suffice. Furthermore, some utility companies still allow their customers to use traditional meters for a fee.

‎

Ultrasound Cross-Device Tracking (uXDT):
Ultrasound Cross-Device Tracking (uXDT) is a technology that poses a serious risk to user privacy and anonymity. It involves the emission of ultrasounds by ads or JavaScript code, which are then interpreted by nearby devices, enabling the tracking and potential deanonymization of users. This technology has been demonstrated to be capable of linking different devices to the same person, thereby creating detailed user profiles and potentially compromising anonymity. One of the most concerning applications of uXDT is its potential to deanonymize Tor users. By emitting ultrasounds that contain hidden instructions, nearby devices can be triggered to send details back to advertisers' servers. This can lead to the linking of a user's computer with their other devices, such as a mobile phone, allowing advertisers to build comprehensive advertising profiles. In the context of Tor users, this poses a serious risk of deanonymization, as the real IP and other sensitive details can be leaked through this process. This form of tracking can be mitigated if users disable on the sound on their computers to prevent ultrasound from being played, and disabling all microphones. But it is theoretically possible that ultrasound messages could be interpretted by computers that don’t have microphones.

‎

Website Fingerprinting:
Website fingerprinting is a form of traffic analysis that is aimed towards identifying the websites a user is visiting by analyzing the encrypted traffic. This is accomplished by collecting various kinds of information from individual browsing sessions, such as packet sizes, timing, and other characteristics, and then using machine learning techniques to match these patterns to known websites. ISPs and third parties such as law enforcement could potentially monitor encrypted web activity from users in order to extract insights on what they are doing. Random Packet Defense (RPD) is a method that involves injecting into the user’s network traffic to obfuscate the patterns that could be used for website fingerprinting. The downside is that RPD can lead to excessive network overheat. There are other techniques for preventing these kinds of attacks but they have not been fully proven to work.