How Secure are Computers? Breaking the Airgap

I’ve had hams tell me that their shack computer is secure because it is not connected to the internet.  Others have told me that they have security because the machines they do their home finances on is also separate from their hobby/browsing computer.

When I’ve told them that their security largely imaginary, they look at me like I’m making up things.

Stunning how the same hams who “get it” about RFI lack a mental concept how the “air gap” can be bridged.

First how about RF-leakage from HDMI:

https://www.windytan.com/2023/02/using-hdmi-radio-interference-for-high.html

https://hackaday.com/2023/03/07/pulling-data-from-hdmi-rf-leakage/

https://en.wikipedia.org/wiki/Van_Eck_phreaking

This is clever and joins the historic exploitation of leaking signal analysis.  Living in the UK during the TV License Van era, I saw the usage of RF leakage to identify TV Set Users who didn’t have a Reception License (settle down USA folks, different country, laws and expectations).  I just “may have” seen some other usage of RF leakage along the way <wink>.

Now breaking that Air Gap doesn’t need to be just a one-way listening deal.  Here are some links to bidirectional exploits.  The second links to a series of articles, and I found the use of computer fan noises as a data-carrying mechanism interesting.  Remembering that most modern appliances, smart thermostats, smart speaker systems and other IoT devices have microphones, makes this fairly interesting:

https://www.redalyc.org/journal/6617/661773214004/html/

https://thehackernews.com/2020/02/hacking-air-gapped-computers.html

Biggest take away is any form of RFI can also be a data leak, possibly bidirectional.

73

Steve
K9ZW

Inbound DX QSLs

They arrive in packets of 8-12 cards from the NIDXA bureau.

Second half of the recent arrivals

About seventy arrived, from:

• Norway
• Luxembourg
• Holland
• Belgium
• Germany
• Poland
• France
• Spain
• Italy
• Japan
• Hungary
• Denmark

The XYL is thumbing through them while having a coffee, as so many are quite interesting cards.

Afraid I’m going to pull out the confirming QSL exchanged cards, before setting the lot aside while I catch up on my self-induced QSL chaos.

73

Steve
K9ZW

Moral Conundrums – Dangerous DX

Much like yelling “jump” to someone standing on a bridge railing, is working/encouraging DXpeditions to physically dangerous destinations a morally clear thing to do?

It is also freaking expensive – a recent DXpedition trimmed short by conditions was tallied as costing almost $40 per QSO!!!

As DXers are we like the little kids playing near a busy road, daring each other to run across to the other side and back, hoping traffic doesn’t wipe someone out?  Just egging each other on, which is good fun until someone ends up hit &  hurt (or worse)?

Some have suggested we attribute an “extra risk” rating to DXPedition opportunities – where if a location is rated by how much extra risk is incurred.

Obviously taking a trek to sat St Pierre is not much more risky than normal tourism, but is obscure because the route there is complicated, whereas a DXPedition assault to Rockall in the far north Atlantic is so risky that to date only military teams have gone there.  These differing levels would get a score.

What to do with the scores is argued about – whether to even do anything more than making people aware of risks levels?

Personally I am avoiding supporting or working DXPeditions that feature noteworthy risk levels.  I’m not going to guilt myself egging folks to put themselves at risk.  Now if I happened on someone calling CQ from one of these places, I will work myself through the moral conundrum at that moment, but I’m not going to actively push people into danger zones – lest we end up with combat zone operations counting for DXCC!

73

Steve
K9ZW

Just ain’t going there… Mischief and “Mis-speech” in polite company

After getting a series of emails about my Dilbert-lament, with several folks have asked me why “With Varying Frequency” doesn’t chime in on the topics-de-jure, it is time to explain.

I mostly avoid it because I recognize a few things:

• We as fellow amateur radio hobbyists share much more than anything we might differ on
• We are always being encouraged to take positions with partial and openly tainted information
• Things that are beyond our control or influence become moot discussion points.

That said I would appreciate “my” daily Dilbert being restored, but you can label that as for selfish reasons.

73

Steve
K9ZW

DIlbert’s Seppuku Moment

As I like Dilbert I have included http://dilbert.com/ in my morning reads for many years.

Well Dilbert died by its own hands – well its cartoonist Scott Adams hands, as it now resolves to https://linktr.ee/scottadams with little explanation.

Seems you can go view Dilbert if you Subscribe to a website by clicking on yet another redirect.

I’ve always been an anonymous sort of viewer – while realizing I was not truly anonymous I also never explicitly gave my information in the ritual of reading the daily Dilbert strip.

For a while I read the related blog.

When Scott Adams moved his daily blog from text to video, I stopped following.

I was neither interested in the personal time-sink transitioning from a minute or two read (I read fairly fast and often with several things happening) to a headsetted watch-the-screen for as long as I say video experience.

Nor was I wanting to add my name to any curated list.

We will have to see what happens with Dilbert. The strip is fun and I hope it becomes unencumbered again.

73

Steve
K9ZW

Rebuilding Loran with Amateur Radio Help?

There is another movement to rebuild our former Loran navigation system, both as a backup to the GPS Satellite System and as a usuable lower cost stand alone.

John K5HIP asks “Could AI-Fueled Amateur Radio Rebuild Loran-C?” at:

https://gcaptain.com/could-ai-fueled-amateur-radio-rebuild-loran-c/

Reality is Politics killed Loran, as the proponents of GPS need alternatives swept away.

Some say the entire North American Loran system was less costly than a single GPS Satellite.

I know that for several years I flew behind an avionics system that was multi-sensor gathering & reconciling both GPS and Loran.

Certain an easy option to reconsider.

73

Steve
K9ZW