 |
| The new bridge - Image from Pixabay |
Once
upon a time there was a bridge, a suspension bridge to be precise. It was 1.6
km (1 mi) long, making it at that time – the year was 1940 – the third longest
suspension bridge in the world. But this proud bridge did not live for more
than four months. The wind picked up, the bridge began to sway and it collapsed.
I'm
talking about the Tacoma Narrows Bridge in Washington State. The physical
phenomenon that led to the collapse of this bridge is called resonance. In
short, this means that an object that is exposed to vibrations, amplifies that
vibration on its own. You know that from rattles in the car, but playing on the
swings is also a form of resonance. The wind was blowing in Tacoma at the time,
and the wind happened to hit the bridge with its natural frequency (expressed
in a popular way, this is a frequency at which an object is comfortable and
starts participating happily: it resonates). This caused the bridge to move
along with the wind and eventually the materials could not handle that much
movement and the bridge collapsed. See Wikipedia
for more information and the famous video of the
collapse.
Bridges
aren't the only things that can break due to resonance. Last year there was a
news story about computers mysteriously crashing. The ingredients of that story
seem to have sprung from fantasy, but the people who saw that bridge collapse
couldn't believe their eyes either. Those fantastic ingredients are an old type
of hard disk and Janet Jackson's hit song Rhythm Nation from 1989. All sound –
and therefore also music – consists of vibrations that propagate through a
medium. When I talk to you, my vocal cords vibrate the air (the medium), and
your eardrums pick up that vibration. And well, the sound of Rhythm Nation
contains exactly the natural frequency of that particular type of hard disk. The
hard drive will then resonate and destroy itself. The computer, in which the
hard disk is located, will also stop working.
As a
result, the music video in question has been officially declared a
cybersecurity exploit. An exploit is a way for an attacker to exploit a
vulnerability in a system. The vulnerability here is the sensitivity to
resonance, the exploit is playing Rhythm Nation. And that doesn't even have to be
on the same laptop: other nearby laptops can also die as a result. It is not
very likely that someone will attack your computer in this way. As mentioned,
these are old types of hard disks (5400 rpm), and the computers you use most
likely no longer even contain a hard disk, but SSD memory (and for the sake of
convenience we continue to call this memory without moving parts a hard disk).
There
you go with your lists of standard threats, which you use in a risk analysis.
Both cases have in common that the danger came from an unexpected quarter.
Well, that bridge, one might have been able to calculate that, at least with
today's knowledge. But a song by Janet Jackson crashing a hard drive, you just
don't make that up. And I can hardly – hardly – imagine an attacker ever
looking for such a method to destroy a computer.
However,
research is being done into how information can be extracted from so-called air
gapped computers. An air gapped computer is one that is not connected to a
network. The air gap can also relate to a network; then there actually is a
network, but that in turn is not connected to other networks that are
considered unsafe. In this way a situation is created in which the data is safe
in its own environment. But there are smart people who are looking for ways to
extract information from such systems anyway. For example, I remember an attack
involving the blinking of the network card light in the past. A classic attack
is eavesdropping on the electromagnetic radiation emitted by all electronic circuits.
Measures against this fall under the ominous denominator tempest.
Such
attacks typically target high value assets. As an ordinary private person you
don't have to be worry about it. As an extension of this, what you could have to
deal with is car theft. Thieves eavesdrop on the signal from your modern car
key – the kind you don't have to put in the lock to unlock and start your car.
That's why I've been keeping my car keys in a closed can at home for years.
That works like a Faraday cage: a construction that blocks electromagnetic
radiation. However, if I am sitting on a terrace, my key can still be tapped
and the signal can be 'extended' to my car with certain equipment. Special key
cases are being sold, that also promise to work like a Faraday cage. Only then
of course you still have to take the key out of your pocket to open and start
the car yourself. Choose what is more important to you: security or ease of
use. I'm not going to buy such a case. How many crooks with such equipment are
there, anyway?
And in the big bad world…
This section contains a selection of news articles I came across in the
past week. Because the original version of this blog post is aimed at readers
in the Netherlands, it contains some links to articles in Dutch. Where no
language is indicated, the article is in English.
- users of the password manager Bitwarden should not have their password auto-filled when loading a web page. [DUTCH]
- some hardware malware is very persistent.
- a fake email attack can be done very quickly.
- Linux servers are not immune to ransomware.
- MS Word contains a vulnerability that does not even require the victim to open a received attachment.
- you have to be aware of undermining of the upcoming elections. [DUTCH]
- a storage medium can be a critical factor for system availability.
- Your bank really never asks for your PIN. [DUTCH]
- visitors to the Eurovision Song Contest run the risk of digital fraud.
.jpg)
No comments:
Post a Comment