Security News > 2022 > December > COVID-bit: the wireless spyware trick with an unfortunate name
We've written, admittedly with a mixture of fascination and delight, about their work on many occasions before, including wacky tricks such as GAIROSCOPE, LANTENNA and the FANSMITTER. This time, the researchers have given their new trick the unfortunate and perhaps needlessly confusing name COVID-bit, where COV is explicitly listed as standing for "Covert", and we're left to guess that ID-bit stands for something like "Information disclosure, bit-by-bit".
How can you use the radio noise of an SMPS switching millions of times a second to convey anything other than noise?
Guri was able to trick the SMPS into switching its high-frequency switching rates in such a way that it generated low-frequency radio patterns that could reliably be detected and decoded.
If you record the faint electrical "Audio" signal that gets generated in the wire loop by the electromagnetic radiation it's exposed to, you have a 48,000Hz digital reconstruction of the radio waves picked up while your "Antennaphone" was plugged in.
Using some clever frequency encoding techniques to construct radio "Noise" that wasn't just random noise after all, Guri was able to create a covert, one-way data channel with data rates running from 100 bits/sec to 1000 bits/sec, depending on the type of device on which the CPU load-tweaking code was running.
Desktop PCs, Guri found, could be tricked into producing the best quality "Secret radio waves", giving 500 bits/sec with no errors or 1000 bits/sec with a 1% error rate.