nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Spooks' secret TEMPEST-busting tech reinvented by US student

Young boffin blows gaff on mystery BAE submarine kit

By Lewis Page, 10 Mar 2011

A mysterious secret technology, apparently in use by the British intelligence services in an undisclosed role, has been reinvented by a graduate student in America. Full details of the working principles are now available.

BAE Systems' wireless through-hull comms demo at Farnborough 2010.

Works through glass, too.

Tristan Lawry, doctoral candidate in electrical and computer engineering, has developed equipment which can transmit data at high rates through thick, solid steel or other barriers. Significantly, Lawry's kit also transmits power. One obvious application here would be transmission through the steel pressure hull of a submarine: at the moment such hulls must have hundreds of penetrations for power and data cables, each one adding expense, weight and maintenance burden.

Regular Reg readers will recall that just such kit has previously been developed in the UK labs of arms globocorp BAE Systems: company boffins exhibited it at last year's Farnborough airshow, like Lawry suggesting that it would be of use in submarines. Intriguingly, the BAE inventors also revealed to the Reg that "other parties" within the British government – whom they couldn't name – had asked them to keep secret all details of how their equipment works.

This naturally enough led us to suspect that similar gear had in fact previously been developed in the secret labs of the UK government: the intelligence services are known to have large technical arms which occasionally invent things well before they are discovered elsewhere. The best-known example of this is public-key encryption, secretly developed by British communications spook-boffins years before being independently reinvented in US academia.

Just what the British spooks are doing with the through-metal power'n'comms gear is, of course, a secret. Nonetheless it's no secret at all that these days communications and computer systems can be remotely eavesdropped upon simply by picking up their own internal emissions: a properly-equipped van parked outside a building can snoop into electronics inside even if they make no use of wireless connections. This sort of thing is expensive and very difficult – not something that most organisations have to worry about – but serious spooks can and do carry out such operations.

This has led to the adoption of electromagnetic shielding and many other systems – for instance in accordance with the so-called TEMPEST standards – to protect systems which routinely handle highly sensitive data. Even if intruders manage to get in at some point and plant a receiver or bug inside such a room or building, it still won't be able to transmit what it picks up out through the shielding: and also its battery will run down after a while.

So how does it work?

If you had the through-metal technology now reinvented by Lawry, however, your intruder – inside mole or cleaner or pizza delivery, whatever – could stick an unobtrusive device to a suitable bit of structure inside the Faraday cage of shielding where it would be unlikely to be found. A surveillance team outside the cage could stick the other half of the kit to the same piece of metal (perhaps a structural I-beam, for instance, or the hull of a ship) and they would then have an electronic ear inside the opposition's unbreachable Faraday citadel, one which would need no battery changes and could potentially stay in operation for years.

Spooks might use such techniques even where there was no Faraday cage, simply to avoid the need for battery changes and detectable/jammable radio transmissions in ordinary audio or video bugs.

Naturally, if you knew how such equipment worked you might be able to detect or block it – hence the understandable plea from the British spooks to BAE to keep the details under wraps.

Unfortunately for the spooks, Lawry has now blown the gaff: his equipment works using ultrasound. His piezo-electric transducers send data at no less than 12 megabytes a second, plus 50 watts of power, through 2.5 inches of steel – and Lawry is confident that this could easily be improved upon. It seems certain that performance could be traded for range, to deal with the circumstances faced by surveillance operatives rather than submarine designers.

It also seems pretty much certain, now that they know what they're looking for, that counter-surveillance people will begin sticking transducers of their own onto the walls of their secure facilities and rooms. If they pick up ultrasonic vibrations – which will travel a long way if they're capable of carrying 50 watts of power – they'll know that they've been penetrated, and either hunt down the kit or just start transmitting jamming ultrasonics of their own.

Who knows, such countermeasures may already be routine in some circles, or the tech may well be in secret use for some completely different purpose. But the mere fact of the government suppression of BAE's technology tends to indicate that some sort of valuable trickery along these lines has been – or still is – going on.

The spooks will just have to hope that whoever-it-is doesn't watch this vid in which Lawry explains how his kit works ...

... or read this statement from the Rensselaer Polytechnic Institute, where he's working on his PhD. The through-barriers kit has put Lawry in the running to win a $30,000 student prize, which may be causing certain boffins in Blighty's secret labs to grind their teeth even more. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing