Two members of the U.S. Congress recently wrote to the Government Accountability Office (GAO), requesting an investigation into whether modern computers and mobile phones are still exposed to a risk of "physical radiation eavesdropping" originating from the Cold War, once again bringing the old technology of side-channel attacks back into the public eye.
Oregon U.S. Senator Ron Wyden and Representative Shontel Brown pointed out in the letter that when a computer is running, it not only performs calculations, but also generates weak electromagnetic and acoustic signals along with the flow of current. These signals may penetrate the device casing and leak into the external space. In the hands of an attacker with sufficient skills, these leaked signals may be captured and restored to keyboard input, encryption keys, or data being processed. This type of intrusion method that uses physical "side effects" is collectively called a side-channel attack.
This type of technology can be traced back to Bell Labs' military research project TEMPEST in the 1940s, which focused on how seemingly secure communications devices could be remotely "eavesdropped" from outside a room or even across the street through electromagnetic radiation. A later declassified NSA report in 1972 described leaked radiation from the equipment that could travel as far as half a mile along power lines or water pipes, with the author even describing it as a "miniature radio broadcast." To this end, U.S. government departments have specially built high-protection computer rooms called SCIF (Sensitive Isolated Information Facility), which physically separate confidential computing equipment from the outside space through heavy shielding and strict isolation.
In contrast, civilian technology products have never enjoyed similar levels of protection standards. Smartphones, PCs, routers, and various peripherals are not required to shield or mask their own electromagnetic and acoustic radiation. Wyden and Brown criticized the government's long-term silence on this issue, which has resulted in ordinary consumers having "a lack of protection and ignorance." The related threat is not only a counterintelligence issue for the U.S. government, but may also be used by foreign adversaries to steal key technological assets of U.S. companies. In conjunction with the GAO review, the pair also released a new Congressional Research Service report that systematically combs through decades of publicly available research on TEMPEST and its modern variants.
Although side-channel eavesdropping sounds almost science-fiction, experiments from academia and private institutions have repeatedly confirmed that information does "leak" from consumer electronics. In 2015, researchers at Tel Aviv University built a wireless receiving device for less than $300. It is small enough to be hidden in a piece of pita bread, but it can capture the electromagnetic radiation of a laptop processor several feet away and extract encrypted data. Another team demonstrated that by simply using an ordinary smartphone microphone to collect the high-frequency slight noise emitted by a computer's voltage regulator, and then analyzing it, they could deduce the encryption key. However, these experiments also show that real attacks often require carefully arranged environments and superb technology, and the information obtained is usually incomplete.
Wyden, long known for pursuing "underdisclosed" intelligence agencies' surveillance practices, did not say whether he had any classified clues. In an exchange written for Wired magazine, he emphasized that as signal processing technology continues to advance, the feasibility of such attacks is expected to significantly increase, and the advanced means pioneered by state-level actors often "sink" over time into the hands of industrial espionage and even criminal gangs.
The lawmakers’ letter to GAO asks not only for an assessment of the current scale of the risk, but also for an analysis of the cost and feasibility of letting manufacturers build protections into consumer products. They suggested that in the future, it may be necessary to use the technical specifications of the US Federal Communications Commission (FCC) or the enforcement methods of the Federal Trade Commission (FTC) to put pressure on manufacturers and promote the consideration of safety factors such as shielding and noise reduction in the design stage.
Even as Congress becomes more serious, security experts still remind the public that side-channel attacks are still a "premium espionage technique" that is extremely rare outside national security circles. Cooper Quintin, a researcher at the Electronic Frontier Foundation (EFF) Threat Lab, said that this type of attack is real but extremely difficult to execute. "There is no need for ordinary activists to build SCIF or worry about side-channel attacks all day long." He believes that it is far from that point yet.
Interestingly, some technological trends in consumer electronics have inadvertently weakened the utilization space of this type of physical leakage. In order to improve energy efficiency, mobile chips continue to reduce power consumption, physically reducing electromagnetic radiation intensity, and naturally reducing leakage signals. Researcher and hacker Samy Kamkar pointed out that mainstream hardware from major manufacturers such as Apple and Google usually has relatively good control over unexpected signals. Although he has built a laser microphone device that can "hear" knocks through subtle surface vibrations, this ability is still a special tool that only a few people have.
At the same time, the development of artificial intelligence may change the balance of offensive and defensive games. Machine learning is outstanding in extracting patterns from noisy data, which exactly meets the needs of restoring useful information from weak and mixed physical radiation. Coupled with the addition of networked home appliances, industrial controllers and various smart home devices, the design disciplines are often less stringent than those of flagship mobile phones and notebooks, and the overall attack surface is therefore further widened.
Future GAO assessment reports may affect the U.S. government’s formal definition of “hardware baseline security.” Even if it is just setting more stringent radiation standards for wireless devices, or requiring manufacturers to conduct shielding effect testing before mass production, as long as unified specifications are formed, it may bring about a meaningful increase in protection overall. Prior to this, most risks were still "invisible" and radiated quietly from the devices on people's desktops and pockets. Whether anyone has the ability and motivation to capture and exploit them is the answer Congress hopes to get this time.