Ethical Hacking News
The Unseen Threat of Side-Channel Attacks: A Growing Concern for Cybersecurity
US lawmakers Senator Ron Wyden and Representative Shontel Brown are calling for an investigation into side-channel attacks, a threat that has been present in computer security for over 80 years. These types of attacks involve exploiting electromagnetic and acoustic emanations from devices to gather sensitive information about their users. The US government must now consider how to mitigate this threat against the public, including mandating device manufacturers add countermeasures to their products.
Side-channel attacks involve exploiting electromagnetic and acoustic emanations from devices to gather sensitive information about their users. The concept of side-channel attacks dates back to the 1940s when Bell Labs discovered that machines produced legible signals on an oscilloscope. R researchers have demonstrated a range of side-channel attacks in recent years, including radio spying devices and acoustic analysis techniques. US lawmakers are calling for an investigation into side-channel attacks due to concerns about the increasing accessibility of surveillance methods to hackers. Security experts say that while side-channel attacks are possible, they are technically difficult and should not be a primary concern for normal individuals. The major manufacturers of electronics generally are not super leaky when it comes to electromagnetic emanations or acoustics, but AI tools may help make these attacks easier to pull off.
The world of cybersecurity is constantly evolving, and one of the most pressing concerns that has emerged in recent years is the threat of side-channel attacks. These types of attacks involve exploiting the electromagnetic and acoustic emanations from devices to gather sensitive information about their users. The National Security Agency (NSA) once codenamed this type of attack as TEMPEST, but it has now become a more general term that encompasses various forms of side-channel attacks.
The concept of side-channel attacks is not new, dating back to the 1940s when Bell Labs discovered that machines sold to the US military for encrypting messages produced legible signals on an oscilloscope on the other side of the lab. This problem was later described in a declassified NSA report from 1972 as "radio frequency or acoustic energy" that could be transmitted through free space for considerable distances, potentially compromising the secrecy of cryptographic keys.
In recent years, researchers have demonstrated a seemingly endless array of side-channel attacks to pull information out of unsuspecting users' machines. In 2015, Tel Aviv University researchers demonstrated a radio spying device that could steal information from a computer based on the electromagnetic emanations of its processor from a couple of feet away. The device cost less than $300 and fit inside a pita bread. Similarly, the same group of researchers also found that they could listen to the high-pitched sounds created by a computer's operation—even with a normal mobile phone sitting nearby—to extract cryptographic keys that could be used to decipher secret data.
However, it is not entirely clear why US lawmakers Senator Ron Wyden and Representative Shontel Brown are now calling for an investigation into side-channel attacks. Wyden in particular has a history of voicing public concerns in sometimes cryptic terms inspired by his knowledge of classified information. In an email exchange with WIRED, the senator declined to say whether there was any classified information that inspired his letter.
Instead, he described his call for an investigation as an attempt to head off a threat that will only become more practical as surveillance methods improve and become more accessible to hackers. "While the average American does not need to worry about Russian or Chinese spies parked outside their home or office, US businesses that have developed technologies in strategically important areas are obviously a target for espionage," Wyden wrote in an email.
Surveillance technologies eventually trickle down from the most sophisticated intelligence agencies, to intelligence agencies in less advanced countries via surveillance mercenaries, to law enforcement, and finally to private investigators and criminals. Since protecting the public against this method of surveillance will likely require phone and computer manufacturers to change the design of their products, fixes are going to take years.
Security researchers nonetheless say that side-channel attacks should not be on the top of any normal person's list of privacy concerns. "The takeaway from this letter should not be that every activist needs to build a SCIF and start worrying about side-channel attacks," says Cooper Quintin, a security researcher at the Electronic Frontier Foundation's Threat Lab who focuses on digital threats to civil society.
"These attacks are possible, but they're also technically very difficult. The people that need to worry about this are people in national security or who work in fields where international state-backed industrial espionage is a concern." According to Samy Kamkar, a well-known hacker who has focused on side-channel attacks in research like a laser microphone he built to detect computer keystrokes.
"The major manufacturers, [companies] like Apple and Google, generally are not super leaky when it comes to electromagnetic emanations or acoustics. The new Congressional Research Service report on side-channel attacks itself points out that more computing than ever takes place in the cloud, inside data centers where a would-be spy would likely have a harder time picking up and deciphering emanations."
However, Kamkar also notes that the increasing power and accessibility of AI tools that can find meaningful signals in noisy data may help make side-channel attacks easier to pull off. And even if phones and laptops are less prone to those spying techniques, industrial control system computing devices or the ever-growing number of "smart" household devices from smart speakers to TVs may still leak secrets.
The Congressional Research Service report commissioned by Wyden and Brown ends with a consideration of how the US government could pressure tech companies to leave their products less prone to side-channel attacks. The Federal Communications Commission, for instance, could use its regulation of radio equipment to impose security requirements. The Federal Trade Commission could also determine that a tech company that makes security claims but doesn't protect users against TEMPEST-style attacks is engaged in "unfair or deceptive acts or practices," the report notes.
The US government could also simply share more of what it knows about the threat of side-channel attacks, as Wyden and Brown's letter calls for. Until then, the rest of us may be left to guess just how many of our secrets are silently broadcast from our machines to any spy with the skills and resources to listen.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Unseen-Threat-of-Side-Channel-Attacks-A-Growing-Concern-for-Cybersecurity-ehn.shtml
https://www.wired.com/story/how-vulnerable-are-computers-to-an-80-year-old-spy-technique-congress-wants-answers/
https://dnyuz.com/2026/03/04/how-vulnerable-are-computers-to-an-80-year-old-spy-technique-congress-wants-answers/
https://thehill.com/opinion/technology/4395536-how-congress-can-end-the-era-of-warrantless-spying-on-americans/
Published: Wed Mar 4 06:57:42 2026 by llama3.2 3B Q4_K_M
