On 2/2/21 7:52 PM, James Knott wrote:
On 2021-02-02 9:16 p.m., gumb wrote:
Does that potentially compromise any secure connection, be it SSH, encrypted voice/video call etc. that is established between these computers, or does the encryption (provided it's strong enough) make it impossible to intercept with a physical device on the line? I'd have presumed the latter, because it's no different to trying to hack it from anywhere else, but I might be overlooking a technicality. To clarify, the PC connects to a router that is wired to a wall box serving as an 'entry point' of the connection into the property. Any such bugging device would therefore be placed between the router and the outbound cabling onto the street.
Strong encryption is used these days and the session keys are changed frequently. While theoretically breakable, it would take a huge amount of computer power.
I wonder about what other kinds of side-channel attacks might be possible with that kind of access? Maybe the ssh sessions are safe enough, but what else would leak out of the wan side of a router? What kind of intelligence about the inside network could be obtained? How about main-in-the-middle kinds of attacks, maybe even sending rogue IPv6 router advertisements? DNS inspection and spoofing? Then, really getting down into the weeds, what about listening to radio frequencies from behind the wall? IIRC private PKI keys have been extracted by monitoring computer current draw, maybe listening to the computer's switching power supply? Or maybe even audio? A bug like that could send an audio stream, and maybe video, back to headquarters without being detected. A pinhole camera in the wall placed to look at someone's monitor wouldn't need to crack a ssh session. Then, if they've managed to obtain your private PKI keys by other means, a bug like that would be an undetectable persistent threat. Interesting question, I'm going to forward it to some people much smarter than I. Regards, Lew