Recently a TSCMi member brought to our attention a YouTube article referring to a hacking vulnerability of Amazon’s Echo, the audio personal assistant, to provide the opportunity for malicious use as an eavesdropping device. In truth this should not be a surprise. On line Hacking communities have recently been full of such vulnerabilities, and these are not just limited to the Echo. There are a number of similar “smart speakers” and apps that provide personal assistant functions on laptops, smartphones and tablets.
And they’re all smarter than you might think.
John CarterSmart Speakers – smarter than you think!
The enthusiast community engaged in the use of Software Defined Radio (SDR) projects is ever finding new functionality with which to experiment. One recent example, particularly relevant to the TSCMi, is development of software capable of utilising SDR to mount a TEMPEST attack upon laptop screens.
TEMPEST attack capabilities have been around for a long time, but such an attack as this has previously required sophisticated and expensive hardware and associated complex software.
John CarterTEMPEST Laptop screen attack – now in domain of radio hobbyists
As stated on the Home page of our institute web site, one of our key objectives within the institute is described thus:
“the institute endeavours to maintain best practices within the industry, improve standards and educate future practitioners to safeguard the industry.”
This web site is one of the routes by which we can promote and guide our membership such that they may adhere to a core set of principles as illustrated in our Code of Practice and based upon the UK National Occupational Standards (NOS).
But how does this help those who seek TSCM services? How does the potential client identify a TSCM service provider who will be able to correctly identify the right service to meet the client’s needs?
John CarterHelping the Client find the right TSCM service