Nit picking: there's no such thing like magnetic wave. Tho it's impressive, I doubt its practicality as attacker have to be very close to target (at least 1.5m). But someone who needs paranoid security may start double shielding. lol
They already have that covered. There is no system they cannot compromise except those which are air gapped and heavily protected. If it is connected to the internet its game over. If it is wifi enabled they can bypass wifi protocols to directly access the device remotely. If it is airgapped and you use any conventional means to transfer data to and from an internet enabled device, sd card, usb stick etc they can use styxnet style firmware to infect the offline device. At one time this type of activity would be specifically targetted to individual suspects. Today, if you look at the big picture, the surveillance, the infiltrated software projects, the backdoors being discovered in hardware and CPUs it clearly is being done en mass and I doubt there are many uncompromised systems.
Sure, but that's the point. By definition, air-gapped devices are never connected to the Internet. They don't have wifi. And, in order to be secure, you can't copy arbitrary data to them. Sure, you need to install an OS and apps. But you get that stuff from trusted public sources, where targeted attacks are unlikely. As much as possible, the device is read only. You keep private keys there. You write and code stuff there. And sign and encrypt it before copying. You use throwaway transfer media, such as CDs or SD cards. And sure, nothing is certain. But you do what you can. For serious work, I only use old consumer-grade machines with quad-core Core 2 CPUs. They have vPro, so they're OK for VMs. But they don't have the other chips needed for ME, and so less likely backdoored.
Yes, you can take it to the point where an adversary would have to use techniques like those described in the article but it literally will take the use of throwaway transfer media to keep it secure until someone finds a way to properly sanitize usb stick and sd card firmware as they are the only physical link to the airgapped system and you have to know, when the researchers are working on ways to break faraday cage protection they damn sure already have the transfer media sewn up.
Do you seriously think that all blank CDs and SD chips are backdoored? I mean, you can buy them directly from China. So they'd have Chinese backdoors, if any. Unless Chinese manufacturers have been pwned, which I guess is possible.
I dont know... its possible and if its possible you can be sure there are people doing it, so it would be good practice to assume yes. Who would have believed any of the stuff we have seen supposedly respectable companies, organisations and governments involved in during recent years could have happened, if it wasnt for people like snowden we probably still wouldnt believe it. Having said that I dont know if blank cd's can be compromised, Ive never heard of it.
I don't know either. Anything's possible. Snowden's releases confirmed lots of stuff that had generally been considered conspiracy theory. But unless you're going to stay offline or play it totally safe, you gotta take your best guess at the threats, and decide how to deal with them.
Sony implemented rootkit installer on CD, but it abused Windows' autorun so not sth like stealth backdoor. Since CD don't have firmware, it should be extremely hard to do that. Maybe you have to exploit a vulnerability in reader or converter within very limited space of TOC or other chunk such as copy guard (it violates CD standard tho). But state actors don't need to go such a troubling way to compromise those protected by Faraday cage, they can do just they've been doing i.e. bribe, honey trap, or make a cooperator regular staff. COGINT is just 1 path they can use among others. It's unfortunate until Snowden, most of them are believed to be conspiracy theory, while many military experts had written about those staff from around late '90s. But it may be true now as well. You probably have seen mosquito or Ladybug type of spy robot. It means they can safely publish them, and actually they're going beyoned that already, as they don't disclose what is really important (development of F-117A was labeled as BLACK, meaning they deny existence of the project). It will be fairly safe assumption that until 2050, spy robot will be invisible size. Again there're some good read about these nano weapons. We're coming to time to start to discuss how to regulate them.
