"While we now look for incoming malware on the TCP/IP connections, clearly we
need to similarly monitor the other ports as well; you can do just as much
damage (or more) with a insider keyboard attack, given some social
engineering. Is the power line next?"
The power line has already been used, but not in the incoming direction.
It was successfully used many years ago to smuggle information out of a highly secured place by modulating the power usage of a drive array, this was enough to allow a sensor coil placed around one of the wires powering the installation to pick up the bits.
Slow as hell, and probably quite noisy but it did work.
I wished I could dig up a citation for it, it was quite an impressive hack, and they never did figure out who did it.
The hack I'm referring to was somewhere in the 70's or 80's, I heard about it in the 80's (86 or so).
I'm sure it's been done plenty of times though, not just recently. The nasty thing about it is that such a leak can be in place for a long time before it is discovered.
Which states that it was introduced in '98, but I'm quite sure of when I heard about it because I remember who told me (a systems programmer for a bank that I worked for in those years).
There was another presentation at Defcon about attacking USB drivers with rogue devices. Basically, they programmed a USB-enabled microcontroller to present a malformed ID string and could use it to inject and run arbitrary code.
We got the idea from the same hack you mention; though as with yourself my boss cant recall any other details apart from remembering it sounded really cool at the time :D
The power line has already been used, but not in the incoming direction.
It was successfully used many years ago to smuggle information out of a highly secured place by modulating the power usage of a drive array, this was enough to allow a sensor coil placed around one of the wires powering the installation to pick up the bits.
Slow as hell, and probably quite noisy but it did work.
I wished I could dig up a citation for it, it was quite an impressive hack, and they never did figure out who did it.