New 'negative light' technology hides data transfers in plain sight

(unsw.edu.au)

58 points by wjSgoWPm5bWAhXB2 days ago

7 comments

thatcherc4 hours ago
Link to the paper: <a href="https://www.nature.com/articles/s41377-025-02119-y" rel="nofollow">https://www.nature.com/articles/s41377-025-02119-y</a>From the abstract:> Here, we demonstrate a covert communications method in which photon emission is rapidly electrically modulated both above and below the level of a passive blackbody at the emitter temperature. The time-averaged emission can be designed to be identical to the thermal background, realizing communications with zero optical signature for detectors with bandwidth lower than the modulation frequencyIt sounds like maybe they're modulating the emissivity of a diode up and down so that over time, its IR spectrum looks like black body radiation. Only someone looking at the intensity of the thermal radiation coming from the diode at really fast timescales (kilohertz or megahertz) would notice that there was a signal being transmitted.
Retr0id2 hours ago
> We do have encryption methods, but at the same time we’re always having to create new encryption methodologies when bad actors find new decryption strategies.> But if someone doesn’t even know the data is being transferred, then it’s really very hard for them to hack into it. If you can send information secretly then it definitely helps to prevent it being acquired by people you don’t want to access it.Very strange framing. Symmetric cryptography has been "unhackable" for a while now, for all intents and purposes. The real advantage is surely that nobody notices you're transmitting data at all?
- beloch1 hour ago
 It adds a layer of obscurity, but not real security. If somebody is looking, neither sender or receiver can detect it or know if their ciphertext was intercepted. Depending on the methods used, the cipertext might not be immediately crackable with currently known algorithms and resources. However, it can be archived and broken at a later date, or by an actor who has access to algorithms/resources that aren't currently public.
 - Retr0id55 minutes ago
 harvest-now-decrypt-later attacks aren't much of a concern for modern symmetric cryptography. heck, even known-broken ciphers like rc4 aren't easy to break in a non-interactive setting with modest ciphertext sizes and no key reuse.
 - beloch50 minutes ago
 It all depends on who the message needs to be secure from, and for how long.
 - Retr0id38 minutes ago
 Sure, but for symmetric ciphers it's not hard to hit the "by anyone, for my lifetime" threshold. NIST does not define a sunset date for AES-256, for example.
- nine_k2 hours ago
 The cypher may be prefectly impenetrable, but the software running on the transmitter or receiver may be more brittle. You cannot attack what you don't even know exists nearby.
 - Retr0id2 hours ago
 A secure cipher is indistinguishable from random data, you can't infer what software is on either end just by eavesdropping.
 - andrewflnr49 minutes ago
 In practice you can infer a lot. The payload of a TLS stream is formally indistinguishable from random data, but you can still tell on the wire that it's TLS. There aren't a lot of widely-used TLS implementations. It's been a while since I looked at the specifics, but I bet there's a lot of more specific signature data in the plain-text parts of the protocol like supported ciphers. You can make some good guesses from the metadata.In the case of a physical interception, you can probably infer more. If you, after reading this article, spot an enemy drone that doesn't have any obvious emissions, then, well, there might only be one option for the software running on that drone, namely The Software that your enemy uses on their drones.Anyway, it's not clear to me from the article whether the source object from the signal will necessarily be invisible. I think every transmitter still at least looks like a point source of blackbody radiation. The signal may not be detectable from thermal background radiation, but if the background itself is coming from a big obvious drone, well, you know it "exists nearby".
 - Retr0id33 minutes ago
 Only because TLS never tried to be metadata-resistant in that way.For example, Noise protocol + Elligator + constant bandwidth, is indistinguishable.
 - nine_k2 hours ago
 But once you've located the device, you can use a number of electronic warfare approaches to crack into it, not necessarily through its main radio interface. For instance, electromagnetic interference, heating, etc, all can inject a subtle hardware failure that the software is not ready to handle.
 - Retr0id2 hours ago
 Hence, "the real advantage is surely that nobody notices you're transmitting data at all?"
 nine_k3 minutes ago
 Not just that you are transmitting any data, but that there's some "you", or your device. "All clear, nothing to see here".
 - g-b-r1 hour ago
 You really need to look up the Kirchoff principle
TheOtherHobbes4 hours ago
Maybe I'm missing something, but this reads like a complicated way to say "We made an IR diode that gets cold as well as hot."
- TeMPOraL1 hour ago
  Or you can call it encryption along different axis. Much like extracting GPS signals from below thermal floor level - you can do it if you 1) know it's there, and 2) know exactly how to key in. It's impressive as heck, but you can always rephrase it in terms of information theory in ways that makes it sound like slightly different shade of mundane.
  - g-b-r1 hour ago
    No, this has nothing whatsoever to do with encryption, and no real security, probably
    - TeMPOraL1 hour ago
      Depends on how you modulate it. Think e.g. frequency hopping / spread spectrum: it's encryption, just done on modulation instead of transmitted data.
- wpollock1 hour ago
  I don't believe you're missing anything. This is just stegenography with a possibly new covert channel, right? Apparently the secret depends on advisaries not noticing the special hardware deployed on each end. Would using spread sprectum techniques would work just as well?
- RobotToaster2 hours ago
  Yeah, but saying that doesn't get the military to give you money.
  - JellyBeanThief2 hours ago
    I would much rather have been called a computerologist than a computer scientist.
- thewanderer19832 hours ago
  Yep.
dustfinger3 hours ago
> Only a receiver with the right equipment can pick up the hidden message.So all an eavesdropper has to do is setup the right equipment then? I guess it is only invisible until the technology becomes more widely available.
- behehebd2 hours ago
 As invisible as radio signals then.
 - Hobadee1 hour ago
 Now now... Let's be fair...Radio broadcasts to everyone.Light you can block off to a single direction.Oh wait, directional radio antennas exist. Nevermind, yes. Exactly like radio waves.
 - TeMPOraL1 hour ago
 > Light you can block off in a single direction.Sorta, kinda. You're really only just attenuating things a lot. It's tricky to actually block it off fully.Same with radio waves, as light is literally the same phenomena as radio waves, it's just shaking faster.
scottyah4 hours ago
It's impressive how this article made this sound like a breakthrough, didn't even mention the entire historied field of steganography once.
- jkhdigital4 hours ago
  The paper itself mentions steganography in the second sentence at least.
nyc_data_geek12 hours ago
Makes me look at steganography in slips on sunglasses an entirely new light.
charcircuit4 hours ago
It seems simpler to use a secure radio protocol instead of relying on security by obscurity for communication.
- StevenWaterman4 hours ago
 A covert signal is still beneficial even if the signal is secure. The existence of the signal is valuable metadata.For a contrived example, imagine I'm in a warzone:- Secure = Enemies can't read my messages. Good. But they can still triangulate my position.- Covert = Enemies don't know I exist
 - TeMPOraL1 hour ago
 Also even if they know you are transmitting, it may still be beneficial to prevent them from knowing how much you are transmitting.Imagine the enemy detects some of your transmission, even knowing it's encrypted, they can still look at the data rate (or estimate order of it):- 5 bps = probably a random transmitter, maybe audio spy device, maybe remote detonated weapon- 5 Mbps = probably a feed from military hardware or personnelSimilar inferences can be made about volume, if they can identify distinct transmissions. Etc. If tricks like these can make the enemy confuse 5 Mbps TX for a 5 bps one, it has obvious tactical utility.
 - applfanboysbgon3 hours ago
 Another example: in some regimes merely using Tor is illegal, or say in the US using it is enough to justify a search warrant for probable cause, with no evidence of any actual wrongdoing. The EU Chat Control lobby is also trying very hard to criminalize encryption. The simple act of trying to communicate privately is taken as indicative of criminal wrongdoing in the modern world. Being able to communicate without adversarial parties knowing you're communicating is a boon.
 - pinkmuffinere4 hours ago
 +1. As another example see <a href="https://en.wikipedia.org/wiki/Numbers_station" rel="nofollow">https://en.wikipedia.org/wiki/Numbers_station</a> -- people can't decipher the messages, but they strongly suspect something spy-y is going on. If they couldn't even detect it, there would be no suspicion.Also hi StevenWaterman, I recognize you from previous comments! I think this is the first time that's happened to me on HN
 - mvrckhckr2 hours ago
 Unless they have "the right equipment". Then you are right back at the same situation.
 - TeMPOraL1 hour ago
 Nobody has "the right equipment" everywhere all at once, especially not with operators (human or otherwise) set to monitor it all the time.In the real world, obscurity is the cornerstone of security.
- bob10293 hours ago
 DSSS is sort of both security and obscurity at the same time. The very act of spreading your spectrum out via a secret key also has the effect of reducing the amplitude of your transmission, ideally below the noise floor. A receiver on the other side wouldn't see anything except noise unless they had the same key.
- jkhdigital4 hours ago
 Secure channels can still be jammed. Undetectability is a fundamentally different goal than secrecy.
- hmmokidk3 hours ago
 I am sure you could encrypt the warmth message somehow.
- esseph3 hours ago
 Unless your adversary is scanning for RF emissions, which is getting more and more common.