I’ve had hams tell me that their shack computer is secure because it is not connected to the internet. Others have told me that they have security because the machines they do their home finances on is also separate from their hobby/browsing computer.
When I’ve told them that their security largely imaginary, they look at me like I’m making up things.
Stunning how the same hams who “get it” about RFI lack a mental concept how the “air gap” can be bridged.
First how about RF-leakage from HDMI:
This is clever and joins the historic exploitation of leaking signal analysis. Living in the UK during the TV License Van era, I saw the usage of RF leakage to identify TV Set Users who didn’t have a Reception License (settle down USA folks, different country, laws and expectations). I just “may have” seen some other usage of RF leakage along the way <wink>.
Now breaking that Air Gap doesn’t need to be just a one-way listening deal. Here are some links to bidirectional exploits. The second links to a series of articles, and I found the use of computer fan noises as a data-carrying mechanism interesting. Remembering that most modern appliances, smart thermostats, smart speaker systems and other IoT devices have microphones, makes this fairly interesting:
Biggest take away is any form of RFI can also be a data leak, possibly bidirectional.