Hallo Du!
Bevor du loslegst den Talk zu transkribieren, sieh dir bitte noch einmal unseren Style Guide an: https://wiki.c3subtitles.de/de:styleguide. Solltest du Fragen haben, dann kannst du uns gerne direkt fragen oder unter https://webirc.hackint.org/#irc://hackint.org/#subtitles oder https://rocket.events.ccc.de/channel/subtitles erreichen.
Bitte vergiss nicht deinen Fortschritt im Fortschrittsbalken auf der Seite des Talks einzutragen.
Vielen Dank für dein Engagement!

Hey you!
Prior to transcribing, please look at your style guide: https://wiki.c3subtitles.de/en:styleguide. If you have some questions you can either ask us personally or write us at https://webirc.hackint.org/#irc://hackint.org/#subtitles or https://rocket.events.ccc.de/channel/subtitles .
Please don't forget to mark your progress in the progress bar at the talk's website.
Thank you very much for your commitment!


======================================================================


Hello, all, and welcome, the following talk focuses on the vulnerability of electronic devices to electromagnetic interference with regard to I.T. security, with the subject of empty threats getting more and more traction nowadays. Security specialists Shoki Kazmi and Jose Lopez Estévez with explain and classify the types of attacks that we are exposed to. They both have extensive experience in security research. Having worked at the French National Cybersecurity Agency, Shoki has a Ph.D. in electronics and has recently joined the TV labs at Dark Matter. Join me in welcoming them onstage. Good afternoon, everybody. Thank you for joining us. So we are subjects, me and my sister was here. Um, we are very happy to be here today to talk about m friends for information security and how we may find ways to induce chaos in digital and analog electronic devices thanks to directed energy weapons. So we are both, uh, electromagnetic security experts. Uh, we do also radio communications security analyzes, um, some hardware and embedded system, uh, security research, as well as signal processing. A quick disclaimer, because I recently joined Armorer LLC anyway, so the research was done during my research activities at the French Network and Information Security Agency, and all the content that will be presented today was done during those research activities. Um, I'm grateful for the support and encouragement provided by our mother in allowing me to present this research today with my colleague, José Lopez Estévez. So the agenda for today, we will introduce you the topic of electromagnetic security, then to present you why we are looking for effects induced by M waves. Um, then we will have a look at the vulnerability of some devices and how we may involve those effects and turning them into, um, information security issues. And at the end of the talk, we will draw some conclusions and perspective of concerning our research. So let's start with electromagnetic security. So you 
may have all seen those nice movies or Hollywood movies where they are using some EMP weapons to disable electronic and electric devices like or any, um, facilities using those EMP weapons. So even Batman has an empty weapon in movies. So basically it's for common people. EMP weapons are a fantasy weapon. But since the 90s, many countries have developed capabilities in order to involve EMP weapons, in order to induce perturbation into targeted devices, as well as to try to damage them thanks to high power sources. So. Those sources are involving the same effect as high altitude electromagnetic, uh, uh, waves generated by nuclear or Pearse's, um, and those high intensity fields induce parasitic currents and voltages into targeted devices and all those parasitic currents and voltages induced perturbations on communication devices, as well as any digital, uh, datalink link. So the effects very, uh, from very low level effects. So basic disturbances, um, and countryish also, um, permanent damages on devices. What we are looking for, basically, is to be able to detect and analyze the effects induced by the sources during parasitic exposure so that we are able to design appropriate protections and to harden critical facilities. One important point is basically to link the hardware errors to software failures so that we are able to understand how electronic devices react during President Exposer as well as the whole infrastructure in which we will place them. And from that, we are also able to understand if there are any cascading effect. So basically, if we target one system, what kind of effect we may induce on over connected devices? So, as we said, it's not a fantasy points, a couple of, uh, events occurred in Europe and France, but presented a brief summary of what happens in Europe and other countries. So it starts from very simple, uh, sources. So Aarav guns used by some, uh, malicious, uh, during malicious activities to trigger, uh, winning at a game machine in Jap
an. Then we have some use of, um, the disruptor to neutralize security systems of critical infrastructures and specific places like Jabbari, um, regions or some Russian security systems, um, during so that were disabled during parasitic exposer as well as some bank in U.K.. And so the summary is interesting because it defines a couple of of events in which some sources with high mobility or low mobility have been used in order to disrupt some targeted devices. In the same way, we are able to understand that those devices does not require very high knowledge or skills to be able to design them. This is the last column of this table. And we can see that basically if someone is interested by building some sources, a couple of information are readily available on Internet. So, um, the use of electromagnetic interference to disable or disturb electronic devices is directly linked to the topic of electromagnetic compatibility in which we defined some general standards to test equipment and check that they will not, uh, experience any, um, abnormal behavior when they are exposed in the normal electromagnetic environment. So this is the topic of immunity testing. In the same way we try to limit the limitations of any electric and electronic device in the environment by reducing the noise generated by those devices. So as you may imagine, as you apply basic standards, it is a world of trust and compliance. We test those devices as the laptop here and we try to have the best, um, the best compliance of this device to the so that it can be used in a in any place where it should be used. In the same way, some information security guys have been working on those topics and have seen that basically we can find some correlation between the process data and the elimination of those devices. This called this topic is called Tempesta. And there is also the sidesaddle area in which we correlate the activity of a chip or a system with the data processed by this device. In the same way 
some researchers are working on for injection on the smartcards and to an FPGA. So it's using basically, um, the near field interaction between the source and the target so that we are able to extract some keys or any interesting secrets on the device. So in this way, we see that basically we go beyond the standards applied in VAMC area. We don't stay, uh, we don't comply with the standards because we have we are looking at very small correlations or susceptibility level that may be used to, um, to to to to reduce the security of those devices. So it's a word of deception. So other other risks for information security, it's basically, um, a phenomena, uh, that originated from VMC, so it's a physical phenomena and in the same way. Targeting, targeting information systems based on electronic device is highly useful when we are looking at the security of those other devices. So. The threats are as as, uh, as defined in the previous slide, so we have the imagination, Fred, which might which introduce a phrase for the confusion, the confidentiality of, uh, the information as we are able to recover data from the emanations of the electronic devices and in the same way the integrity and the availability of the device. Is directly linked to the immunity of this device to parasitic fields. So our challenges are the two of these two ones. The first is how can we assess the vulnerability of any electronic device to parasitic exposer and. If we want to do some risk management, we need to be able to rate any attack against any device. So concerning the vulnerability testing of electronic devices, so let let's have a look at the complexity on how we we how we would like to be able to test devices. So we have complex systems. We have a lot of, uh, different kind of material and communication links. Um, we have wired or wireless connections between devices, and we have a lot of entertainment in deterministic interaction between the devices as we are using some specific protocols. A
nd at the time we are injecting waves. Uh, we need to be able to reproduce this, uh, this test set up. We have a problem of scale because we may want to analyze the security of a chip as well as to be able to analyze the security of a building. And this makes a lot of, um, a lot of random parameters appearing to analyze the different attack scenarios with different payloads. The issue of modeling as we cannot model the food infrastructures, uh, um, uh, a huge building with a very, very small electronic device in there due to, uh, modeling issues. Um, and it requires a lot of scientific fields to be to be used in order to be able to model and to analyze the coupling of waves into those buildings. So as we just said, there are a lot of random parameters, and if you want to understand and to be able to predict any vulnerability of the device, we need to do some exhaustive testing. But the problem with the exhibit is that it requires a lot of random configuration. So that. Four specific parameters, we are able to reproduce any configuration we would like to work on, and this makes some issues with the reproducibility and the generalization of the results. So from a reduced number of configurations, we would like to be able to understand the Goulder, the behavior device for the rule, the whole set of configured possible configuration. And in the same way. When we want to analyze the effects on the complex system, the detection of the sea of the of the effect is complex itself. So as information security researchers, what we would like to be able is to have the ability to rate any kind of attack against a specific device. So the electro magnetic instrumentation required like the users, to disturb or to induce failure on an ISIS. Can be characterized by those three parameters, so the very viability of the device and it cuts costs, is it possible to find it on Internet or do I to do I have to to have a look at specific, um, tutorials to be able to to design it? Um, the dime
nsion of the source. Can I put it in my bag or in a car? So this defines the mobility of the source and the capabilities. So do I have the possibility to choose the source for specific frequencies? Um, can I modify the amplitude of my source? And those parameters are very important to understand how they can be used to defeat specific electronic devices. So for that, it requires a lot of technical knowledge, maybe, maybe not. After looking at the Internet, we have seen that there are a lot of resources for that. Um, the effective range of the source, do I have to be close to my target or can I stay a bit far from it? Uh, do I need some information about my target? Do I have to test it before being able to do it in real scenarios? Can I industrialize my source so once I have designed Marceau's, can I sell it or, um, and easy target specific. Do I have to design a source for each target that will I may have to work on? So for looking at this problem, there are two ways, the first is starting from the source itself. So I have my source. It can be connected to an antenna or an injection probe. So then we are in into propagation mode, the radiation in the free space, or do I inject my waves in cables? Then I am in the connected one. We have also the link between both of them. We have the coupling to the target. Is it from the recoupling? So am I targeting a wireless interface of my target or is it a backdoor coupling phenomena? I am using my waves into some conductive part into the in the system. And I have my effect, which is the last part of my propagation, if I start from the source, then I will defined specific scenarios for a specific devices. But if I start from my target and I take effect in a very general environment, then I might be able to to check all the parameters that I may experience when I want to harden a critical infrastructure. So we have chosen the second way of having a look at this problem, and we are working on the effect induced by parasitic field
 on electronic devices. OK, so, um, now I am going to introduce our strategy for, uh, the analyze the analysis of effects on specific targets so we will see that it's not a trivial problem. And, um, I will present, uh, the decisions, the choices that we have made to address this issue. Um, so here we are, um, um, trying to observe, uh, the, um, effects of, uh, the, uh, presence of electromagnetic, uh, parasitic signals, uh, around the, uh, the target. And for that, the game generally is always the same. Uh, whatever the field, uh, the scientific field, you send the stimuli. So it's our parasitic field. And, uh, you want to observe changes on the target, uh, that will respond to your stimuli and you want to correlate the stimuli and the changes and, uh, the challenges here are, uh, that as a shoki introduced, uh, because of the the complexity of the problem, uh, there are a lot of, um, different kinds of stimuli that we can, uh, uh, send to the target. Uh, we can also, um, use, um, um, uh, additional additions of, uh, different stimulations. And, um, the second problem is that we have to determine what to look at, uh, to decide that there is an effect on the target or not. So, in fact, the one of the main challenges in that game is to design the right glasses to see the effects of the electromagnetic stimulations. So that's what we we proposed. That's what we did. Um, and we proposed, uh, well, usually you want to identify the critical functions of the system you want to monitor. So it's, uh, kind of the the health, uh, parameters of your system. And, um, then you have to find a way to monitor, uh, those critical functions and maybe define some metrics to then compare or, uh, classify, uh, the different, uh, uh, effects that you observed, uh, on those observables. So sometimes it can be easy. If you think about, uh, rotating robotic arm, maybe you can just say, OK, it still works or it doesn't work anymore. And when it doesn't work anymore, you say I have an effect. 
Uh, but you also, um, sometimes need to have, uh, more, uh, finer granularity in your, uh, matrix. Uh, so for the rotating robotic arm, you can think about, uh, the positioning error, uh, of your arm. Uh, so you will have to find a way to measure that and then monitor that during the tests, uh, to determine then if, uh, there was an effect, if that effect was really correlated to your stimuli. In order to analyze, uh, the, um. The vulnerability of your system. So. We adopted a generic approach, we thought, OK, uh, instead of adapting our approach to the, uh, specific context, uh, we thought about, um, uh, generic approach, which is, uh, system centric. So our idea was to, uh, try to analyze the effect, uh, as the operating system, uh, can see them. And it's interface based, so as introduced by Shawqi, there are different types of coupling on the device and um, we enumerated the interfaces, uh, for the physical coupling that are available on the device. And, um, we found a way to, um, have access to some information coming from those interfaces, uh, at the operating system level. And in the end, we have, uh, software that is running on the operating system and that is monitoring the different interfaces, uh, looking for effects. In fact. And what's interesting with that strategy is that we we don't really need to understand the propagation of the physical effects, uh, through to the software effect. In fact, we we try to have an observation of the software layer level effects during the test. And as for the vast variety of different stimuli that, uh, an attacker could use, we decided to, uh, consider the, um, the lowest attacker profile. So, uh, low cost source, uh, low bandwidth, uh, source. So, uh, we basically use a software defined radio with, uh, uh, several amplifiers and, uh, the, um. The physical, electromagnetic, uh, waves that we, um, have sent to the target, uh, are, uh, what we call RF pulses. So it's a low profile, uh, low ataca profile, and we have two 
setups that are depicted here on the left, uh, we have our, uh, radiated propagation, uh, set up. So, uh, it's in a Faraday cage. We have our targets, uh, running the monitoring software that we designed. And, uh, we have, uh, an antenna inside the Faraday cage, which, uh, will send the Cemile. And outside the cage we have, uh, uh, monitoring computer, which will, um, gather the information collected by the monitoring software and, uh, our, uh, RF sources instrumentation. And on the right, we have the equivalent, uh, set up for the connected, uh, propagation. So once we define the test scenario and test configuration, we put a couple of devices in the Faraday cage and now we will show you some effect induced by regearing parasitic exposer and by understanding how we were able to correlate the effects to the parasitic field. We have found a way to involve in wave for as a new technique to inject data into devices or to interact with devices, and we will show you how we did it. So just for us at the beginning, we use some general computers and we monitor some common APIs and even logs on the computer and we send our parasitic signal to the target. So here we have a couple of logs. Uh, you don't need to read them because we summarize them for you and we have them here. For example, the two, uh, keyboard links we are testing. So the two and the USB, um, and we have seen some. So we were able to get those effects. So we were able to correct data that was received by the computer, um, and to randomly inject a valid keystrokes on the computer. On the USB, we have been able to disable the hub, uh, disconnect, uh, devices, peripherals that were connected to the computer and also to correct descriptor. So this is back door coupling effect because we were targeting Datalink, which are not intending to collect energy. Then we wanted to test some scary systems or like industrial control system, we put a several matau in Faraday cage and we tested some of the behavior of the of t
he seven motor where it was running a specific. So the normal behavior of the device is the blue one. Um, no. We'll try to show it to you here. OK, here you see the blue, the blue, which is a normal the normal behavior device, and in green and orange we send it our purses and we can see here that the we have been able to modify the position of the of the several motor as well as the speed of it. So we are able to randomly manipulate the several motor using our of. Then we worked on, uh, some digital, uh, processing, uh, algorithm or here it is, the, um, the, um, preregistration algorithm, uh, running on any and FPGA. The distortion algorithm is used to compensate the power amplifier distortion where we are using it in the nonlinear region. So we compute the known we predict the nonlinearities of the power amplifier, which is T minus one, and the actual distortion induced by the amplifier is two. So if you do ten minutes one by T, you have one. But in the same way, if you're injecting some RF passes during the computation of the distortion, uh by uh and just by the amplifier. So here it's the DJ for Jamie. We were able to modify the behavior of the protesters, an algorithm, and by modifying this behavior here, it's, um, this curve here in black. We see here that we have some elevation of the side lobe of the source, so it means that we are jamming all devices that are co-located to the radio frequency. So, for example, the mobile station around the target is one. So we were able to to modify the package emitted by the by the by the mobile station. Then it sends data with a high error rate. So any device that received the signal received corrupted data. And on the right, in the same way as we increase the silence, all the devices that communicate around this cell, we have oversells. If they are using the frequency, Bandelier, the targeted one, then we are able to stop the communication on this level. So this is the cascading effect we have been talking about. Yeah, an
other interesting point in that example is that, uh, the, uh, the computation of the distortion, uh, factors, uh, is not, uh, perform usually, uh, every second. I mean, it's, uh, more on the scale of the minute. So, in fact, with, uh, just one, uh, malicious intervention, uh, you can, um, um, you can make the, um, the, um, the radio front end, uh, self jerm itself, uh, during several minutes until the computation of the distortion, uh, factors. We also instrumented the analog interfaces, uh, and, uh, we are going here to present the results we had on, uh, thermal transducer and also on, uh, acoustic, uh, transducers, uh, microphones. So, uh, there are there is some literature about the, um, uh, from the EMC community about the susceptibility of, uh, analog circuits. And, uh, it's admitted now that, uh, some analog, uh, circuits, um, do some, uh, envelope detection. So it's a kind of, uh, amplitude modulation, uh, of the parasitic signal and, um, uh, especially, uh, for, um, um. Um, operational amplifiers, uh, there is also, uh, uh, an offset that is added to the signal. Uh, yeah. When, uh, parasitic field is, uh, present on the target and also, um, as it, uh, we are talking about, uh, analog interfaces, uh, they are usually end up on ATCs. So all the work that work that has been made about the vulnerability of, uh, analog to digital converters, uh, can also be used, uh, in that case. So during our tests, we have been monitoring the, uh, behavior of, uh, the Terminator, the thermal dyad of the CPU of our target, and we noticed that, uh, when our, uh, parasitic field was on, um, we saw that, uh, the temperature that was reported by the diad, uh, was kind of erratic. So, um, how can it be used by an attacker? Um, we try to derive, uh, scenario, uh, exploiting that, uh, factor. And we ran additional tests and we noticed that the the temperature that was reported by the thermal diode, uh, was, um, um, kind of, um, homothetic to the electric field magnitude, the parasitic
 electric field, uh, magnitude. Um, so that means that, uh, the attacker is able to, uh, finally control the behavior of the, um, the temperature reading, uh, on the target. So we imagine the scenario where, um, uh, an attacker uses that to send information to, uh, malicious, uh, process that is, uh, monitoring continuously the temperature on the target. And, uh, in some cases, I mean, in, um, cases where you have, for example, uh, put an air gap strategy in place in order to separate, uh, uh, several, uh, information systems of heterogeneous criticized. Uh, this kind of threat, uh, can be, uh, serious. And also, of course, if I can, uh, if an attacker is able to control the temperature that is, uh, uh, transmitted from the Dyad to, uh, the Espoo or a reader of the temperature, uh, one can easily think about sabotage, uh, scenarios. During our tests, we also monitored, um, the audio front-end, so we basically just recorded the audio, uh, coming from the audio card. Uh, and, uh, we we we made that, uh, with the microphone on with the microphone, uh, with a wired microphone, uh, plugged in or without microphone. And, uh, we always, uh, have been able to notice that, uh, um. There were some effects of the presence of the parasitic fields'. And again, we try to imagine scenarios where this could be a threat for information, uh, security and a system. And, uh, from that observation, we have several works there were derived and we consider that the analog microphone is, uh, usually, uh, user interface that gives access to, um, the voice assistance, uh, interfaces. Uh, and we designed the several proof of concept, uh, exploiting this, um, way to interact with, uh, the system, uh, in order to execute, uh. Arbitrary voice commands on, uh, the target. We need to proof of concept on the right, you see the radiated one. So in that case, um, the, um, the coupling interface was the, uh, the headphones cable. And, uh, we also, um, um, performed additional tests, uh, and, uh, DNA t
ests to see the test. Um, they conducted, uh, propagation path. And, uh, we were able to inject, uh, voice commands by injecting the parasitic signal inside the power network. Uh, when the phone was, uh, charging. So this research has been published. Uh, attack in Paris, uh, but we have still the two, uh, quick, uh, videos, uh, to, uh, about those, uh, those tests. So I need to recover my mouse. So in this video is the jacket, the test set up we have we are in the dark age. Uh, our target is the smartphone and we can see the, um, the headphone cable on the left, uh, side of the screen. And, of course, uh, our antenna, uh, that is, uh, sending the parasitic signal. And we can notice that, uh, there is some activity on the audio front end because the the the dart, the red dot, uh, on the um, the upper right corner of the, uh, the phone screen. And in that example, we sent, uh, long, uh, voice commands, uh, asking to open, uh, uh, website. And at that time on that that the Android version, um, there was no real feedback to the user and, um, the the website was open without any other interaction with the target. And the way they conducted case, so here we you see how our set up, so we have the power supply with the computer plugged in and here we have an injection probe with this cable going to our, uh, radio frequency source. And our target is here on the desk and is plugged to the the power socket, uh, with, uh, Ginuwine charger. And in that case, we were just asked to open, uh, an application. So if you need more information about, uh, technical details on those, uh, proof of concept, uh, you can refer to the talks we made in huckleberries and we also released a Tripoli paper. And, uh, here we just try to imagine, uh, to perform our quick risk analysis about, uh, those kind of, uh, vulnerabilities. And, uh, of course, the, um, the, um, anything you can do by using the voice command interface can be done using those techniques. What's also interesting is that we compl
eted, um, the the study by trying both the front door and back door coupling scenarios, uh, we also did the right thing and they conducted testing. And, uh, we tried to estimate the, uh, the attacker profile and, uh, the, um, the. That will require the power, uh, and, um, the equipment that is required to perform those kinds of attacks and of course, these attacks are, uh, highly targeted attacks because, uh, the attacker needs to, uh, uh, change the, uh, at least the the waveform, the parasitic waveform, uh, to adapt himself to the, um, the the situation, the target, the phone, for example, or the, um, uh, power network specificities. OK, so we just some additional details about the injection voice command injection techniques, um, concerning the second one, we have seen that it's a USB cable that is targeting targeted um, we have connected this USB cable to the computer also. And we have seen that the signal was going through the power network and the granting of the of the computer and was reaching through the USB shield, the microphone. So this is interesting because it is, uh, some known issues from the EMC community. So the crosstalk between the USB port and the microphone. I see. But from the information security point of view, we have, we did not have seen any study that was showing that we were able to inject, uh, defined signals on this voice command interface. Um, thanks to all those tests we have. So we have been able to analyze to detect and analyze the effects induced by ISIS or intentional electromagnetic interferences. Um, during periodic exposer, um, we have been able to classify the effects, so defining the criticality of each effect. With regards of the application, um, we have been able to estimate the impact for the security of the device to test the devices and all those informations contributes to, uh, the information security risk analysis and to help us to put some additional protective devices so that I am I cannot be involved to perform th
ose kind of attacks against electronic devices. And more generally, uh, we, um, observe that the electromagnetic electromagnetic attacks are a kind of a realistic threat, uh, even if generally if you want to perform more than, uh, denial of service attack, uh, it will be, uh, targeted attack because you will need to, uh, to, um, adapt your attack set up to your your target and to the, uh, the contexts around the target. We also wanted to emphasize that, uh, the attacker profiled, uh, for these kind of attacks is, uh, getting lower and lower, uh, because of technological evolutions, uh, the, um, uh, devices that are needed to create some of the required, uh, sources, um, is, uh, more and more affordable and available, freely available to anyone, uh, on the Internet. Uh, and it's we we can say the same, uh, on the, uh, the power amplifiers, for example. And, uh, one last word to try to join people to this kind of research, um, we noticed that, uh, the M.S. community, the, uh, information security community and, uh, the specific, uh, physical cryptanalysis and, uh, site channel, uh, and for the tax, uh, communities, uh, worked, uh, on their own path. Uh, but in reality, we are looking at the same problem and, uh, just we have different points of view and different objectives. So, uh, maybe it's time to, uh, join together and, uh, try to, uh, uh, share the resources and the knowledge about the, uh, these issues. So we thank you very much for your attention. As usual, you have all the references that we used to to create this iStock. And our e-mail address is, if you have any questions or if you want to interact about those topics, we will be happy to do so. Thank you. So step up to the microphones and we also take questions online. We have a single angel answering the question, feed anybody a microphone to. Go ahead. Yeah, thank you very much for the interesting topic. I saw your lab equipment and you didn't screen the church or any cables. Why? Or and there may be anot
her question. Did you test this with screening of the cables and how much, uh, is affected or. Yeah. The cable in the results, uh, on those, uh, research topics, we did not really, uh, we tested several USB cables and then several, uh, genuine chargers. I mean, uh, Cat's out of the box, uh, chargers. And we observed that, uh, the we were able to on the audio frequency band, we were able to recover our signal for a frequency response was kind of flat. So, uh, it didn't really affect, uh, the effect on the target. Thank you. Microphone number one, thank you for the talk. This was all very new to me, so I'm very, very scared right now because I am learning how to fly a small aircraft. And a lot of it is there's a lot of communication that happens via radio. And I'm wondering, when you talked about the effective range, what kind of threats are we looking at for something, say, at an altitude of, say, even 2000 feet and a moving target? Does that make it very, very difficult, knowing that I don't know much about what you just said, but it was really quite scary. Um, concerning the range, so as we as we presented, we did not, uh, work on, um, the suicide, we directly, uh, assessed the effects on the target. If you have any kind of device you would like to work on, basically you put it in, um, in a test environment, you check what kind of effect you may expect, depending on the characteristics of the source we have. You have defined and then defining the range is just using some general, uh, theoretical equations that define you the amount of power you need to generate to reach the signal level. You need to disrupt your device, um, for small drones or any, uh, any kind of those devices. We didn't we did not specific tests. But yeah, it's an open question and we would really happy to work on that if. Yeah. If I can, uh, add something in your case, I guess you have to estimate the propagation path that we described, uh, in the specific conditions that you described, in fact.
 Thank you. Thank you. Thank you very much, microphone to go ahead. Thanks for the talk. I very, very small question about the sheep missed or that you set up and you can, with RF energy, increase the temperature or observe the temperature of the processor. Was it actually a separate, uh, sensor? And how long was the cable and what's output impedance of the sensor to check those parameters? Yeah, I think the it was on, um, on an old motherboard, on a computer. The, uh, Terminator, uh, was interrogated by a superior chip. And I guess the the dimensions of the, uh, the PCB line between the, uh, the CPU diode and, uh, the superior chip was, uh, some something like 10 centimeters, I guess. Thank you very much. I think we have a question from the line. You've showed us some example of that injection, so this was an active attack. What about the passive ones, like getting the data from the device, for example, pixels of the screen or touch typing the keyboard? Um, as we yeah, the talk was focused on the effect of, uh, intentional electromagnetic interference. So that's why we didn't talk about the other specific parts of Tempesta attacks or general attacks. I don't know if that answers the question. Well, thank you for your response, and I think that's all for questions. Oh, no, there's one more from the online feed. I know that it it is this isn't really a topic of your research, but could you give some pointers to recent research on EUM emancipation like Tempest attacks or there was something on a year last year, I guess, uh, Craig's me stock. Uh, tempesta attacks on a yes. I get it was such an attack but with uh uh so uh, several feet range for example. I think it can be a good pointer. Mark, Mark, Mark was research at Cambridge University is also a well, a very good resource to understand the topic of Tempesta. Thank you very much. And I think that's it, that's your honor. Applause for our speakers. Thank you. Thank you.