This is pretty much off-topic though it does potentially talk about an openSUSE-based PC at two ends of a connection. Just a quick, basic layman's response is all I'm looking for. Please, if this thread gets more than 10 posts long and delves into anecdotes about systems deployed in army conflicts in the 1970s, please delete it. Full paranoia tin-foil hat mode on: If, theoretically, a PC running openSUSE in one location, is communicating via encrypted video calls or SSH across the Internet, with another openSUSE PC in another location, and then the connection at one location (staffed by tech-averse personnel) mysteriously goes down, the provider then sends out an engineer who unexpectedly suggests that wiring behind the wall socket is 'draining the power', and proceeds to do some unknown work to the cabling that may hypothetically involve the covert placement of a bugging device on the line... breathe out, stay with me... Does that potentially compromise any secure connection, be it SSH, encrypted voice/video call etc. that is established between these computers, or does the encryption (provided it's strong enough) make it impossible to intercept with a physical device on the line? I'd have presumed the latter, because it's no different to trying to hack it from anywhere else, but I might be overlooking a technicality. To clarify, the PC connects to a router that is wired to a wall box serving as an 'entry point' of the connection into the property. Any such bugging device would therefore be placed between the router and the outbound cabling onto the street. gumb special agent
On 2021-02-02 9:16 p.m., gumb wrote:
Does that potentially compromise any secure connection, be it SSH, encrypted voice/video call etc. that is established between these computers, or does the encryption (provided it's strong enough) make it impossible to intercept with a physical device on the line? I'd have presumed the latter, because it's no different to trying to hack it from anywhere else, but I might be overlooking a technicality. To clarify, the PC connects to a router that is wired to a wall box serving as an 'entry point' of the connection into the property. Any such bugging device would therefore be placed between the router and the outbound cabling onto the street.
Strong encryption is used these days and the session keys are changed frequently. While theoretically breakable, it would take a huge amount of computer power.
On 2/2/21 7:52 PM, James Knott wrote:
On 2021-02-02 9:16 p.m., gumb wrote:
Does that potentially compromise any secure connection, be it SSH, encrypted voice/video call etc. that is established between these computers, or does the encryption (provided it's strong enough) make it impossible to intercept with a physical device on the line? I'd have presumed the latter, because it's no different to trying to hack it from anywhere else, but I might be overlooking a technicality. To clarify, the PC connects to a router that is wired to a wall box serving as an 'entry point' of the connection into the property. Any such bugging device would therefore be placed between the router and the outbound cabling onto the street.
Strong encryption is used these days and the session keys are changed frequently. While theoretically breakable, it would take a huge amount of computer power.
I wonder about what other kinds of side-channel attacks might be possible with that kind of access? Maybe the ssh sessions are safe enough, but what else would leak out of the wan side of a router? What kind of intelligence about the inside network could be obtained? How about main-in-the-middle kinds of attacks, maybe even sending rogue IPv6 router advertisements? DNS inspection and spoofing? Then, really getting down into the weeds, what about listening to radio frequencies from behind the wall? IIRC private PKI keys have been extracted by monitoring computer current draw, maybe listening to the computer's switching power supply? Or maybe even audio? A bug like that could send an audio stream, and maybe video, back to headquarters without being detected. A pinhole camera in the wall placed to look at someone's monitor wouldn't need to crack a ssh session. Then, if they've managed to obtain your private PKI keys by other means, a bug like that would be an undetectable persistent threat. Interesting question, I'm going to forward it to some people much smarter than I. Regards, Lew
On 03/02/2021 03.16, gumb wrote:
This is pretty much off-topic though it does potentially talk about an openSUSE-based PC at two ends of a connection. Just a quick, basic layman's response is all I'm looking for. Please, if this thread gets more than 10 posts long and delves into anecdotes about systems deployed in army conflicts in the 1970s, please delete it.
:-D
Full paranoia tin-foil hat mode on: If, theoretically, a PC running openSUSE in one location, is communicating via encrypted video calls or SSH across the Internet, with another openSUSE PC in another location, and then the connection at one location (staffed by tech-averse personnel) mysteriously goes down, the provider then sends out an engineer who unexpectedly suggests that wiring behind the wall socket is 'draining the power', and proceeds to do some unknown work to the cabling that may hypothetically involve the covert placement of a bugging device on the line... breathe out, stay with me...
You are not talking of the power, electricity mains, socket?
Does that potentially compromise any secure connection, be it SSH, encrypted voice/video call etc. that is established between these computers, or does the encryption (provided it's strong enough) make it impossible to intercept with a physical device on the line? I'd have presumed the latter, because it's no different to trying to hack it from anywhere else, but I might be overlooking a technicality. To clarify, the PC connects to a router that is wired to a wall box serving as an 'entry point' of the connection into the property. Any such bugging device would therefore be placed between the router and the outbound cabling onto the street.
Assuming they did not touch the computer itself, the quick answer is "no". This is the type of attack that encryption is designed to defend you from. However, video/audio: not all protocols are sufficiently secure. Some do not encrypt at all, others the encryption is managed by the provider of the conferencing service, so you you have to trust them... however, these people do not need access to the socket: they already have silent, transparent access. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 03/02/2021 11:21, Carlos E. R. wrote:
You are not talking of the power, electricity mains, socket?
No I mean the telecoms socket, but the information communicated to me was 'draining the power', which sounds like nonsense. Apparently, unnecessary wiring complexity was discovered due to the existence of other, disused connected sockets in the property, so they can only mean draining some bandwidth, but I think either the engineer was trying to dumb down their terminology or it was just a dumb engineer!
Assuming they did not touch the computer itself, the quick answer is "no". This is the type of attack that encryption is designed to defend you from.
However, video/audio: not all protocols are sufficiently secure. Some do not encrypt at all, others the encryption is managed by the provider of the conferencing service, so you you have to trust them... however, these people do not need access to the socket: they already have silent, transparent access.
I think the elongated short answer is no, except in some exceptional specific circumstances where placement of a bugging device could be used to gain credentials via some other way (i.e. listening, unique key sound fingerprinting, etc.) No reason to be mildly neurotic about it, and no reason to stop being mildly neurotic about it. gumb
On 03/02/2021 16.44, gumb wrote:
On 03/02/2021 11:21, Carlos E. R. wrote:
You are not talking of the power, electricity mains, socket?
No I mean the telecoms socket, but the information communicated to me was 'draining the power', which sounds like nonsense. Apparently, unnecessary wiring complexity was discovered due to the existence of other, disused connected sockets in the property, so they can only mean draining some bandwidth, but I think either the engineer was trying to dumb down their terminology or it was just a dumb engineer!
It can actually mean "power", as in miliwatts. The signal goes to several sockets, so you can get at least reflections. Maybe there are old phones still connected, so there is some reduction in the "power" you get.
Assuming they did not touch the computer itself, the quick answer is "no". This is the type of attack that encryption is designed to defend you from.
However, video/audio: not all protocols are sufficiently secure. Some do not encrypt at all, others the encryption is managed by the provider of the conferencing service, so you you have to trust them... however, these people do not need access to the socket: they already have silent, transparent access.
I think the elongated short answer is no, except in some exceptional specific circumstances where placement of a bugging device could be used to gain credentials via some other way (i.e. listening, unique key sound fingerprinting, etc.)
No reason to be mildly neurotic about it, and no reason to stop being mildly neurotic about it.
:-D -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 2021-02-03 3:23 p.m., Carlos E.R. wrote:
The signal goes to several sockets, so you can get at least reflections. Maybe there are old phones still connected, so there is some reduction in the "power" you get.
Phones wouldn't do that. There's supposed to be a filter on ADSL lines, to previent interference between phone & modem. Cable modems have nothing to do with phones, so nothing there either. Also, those devices can accept a fairly wide range in level.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2021-02-03 at 15:33 -0500, James Knott wrote:
On 2021-02-03 3:23 p.m., Carlos E.R. wrote:
The signal goes to several sockets, so you can get at least reflections. Maybe there are old phones still connected, so there is some reduction in the "power" you get.
Phones wouldn't do that. There's supposed to be a filter on ADSL lines, to previent interference between phone & modem.
True, but assuming that installation has "problems" one possible problem is that the filters are not properly installed.
Cable modems have nothing to do with phones, so nothing there either. Also, those devices can accept a fairly wide range in level.
Assuming ADSL, phones, being analog devices, are more sensitive to "issues" (two phones in the same line do reduce the signal values). All that can be covered by the strange wording of the technician when talking to laymen. - -- Cheers, Carlos E. R. (from openSUSE 15.2 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHkEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCYBsMMhwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVMIQAmMu12fbSc0wSRichbboC x3rVCzAAoIAG2qX4lWpkHSqWbJR0w4Fly470 =r5UB -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2021-02-03 at 15:52 -0500, James Knott wrote:
On 2021-02-03 3:48 p.m., Carlos E. R. wrote:
two phones in the same line do reduce the signal values Two phones will result in a 3 dB decrease in power or one half. The system can tolerate a lot more than that.
Maybe, maybe not :-) - -- Cheers, Carlos E. R. (from openSUSE 15.2 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCYBsOQBwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVrzYAnRJt14dapZorQUvslzte U9Pp4E6SAKCR8odIiX1M7Is8p/TS4BZNE/AxEg== =3/EW -----END PGP SIGNATURE-----
participants (5)
-
Carlos E. R. -
Carlos E.R. -
gumb -
James Knott -
Lew Wolfgang