A hot potato: When a computer runs, it doesn't just calculate – it hums, vibrates, and radiates. The flow of current through its circuits produces faint electromagnetic and acoustic signals that can escape beyond the device's casing. In the right hands, those signals can be captured and reconstructed into the keystrokes, cryptographic keys, or data being processed inside. This phenomenon, known as a side-channel attack, has been familiar to engineers and intelligence agencies for nearly 80 years. But now, two members of Congress are asking how much danger it still poses as everyday devices become smaller, more wireless, and packed with more sensors than ever before.
Senator Ron Wyden and Representative Shontel Brown have called on the Government Accountability Office to examine whether modern computers and phones remain vulnerable to what was once known as TEMPEST surveillance.
Originating in 1940s military research at Bell Labs, the code-named project sought to understand how secure communications equipment could betray its secrets through electromagnetic emissions observable from across the room – or even across the street.
In their letter to the GAO, Wyden and Brown warned that these spying methods "do not just pose a counterintelligence threat to the US government" but could also allow adversaries to steal "strategically important technologies from US companies." They also released a new Congressional Research Service report summarizing decades of research into TEMPEST and its modern counterparts.
A 1972 declassified report from the National Security Agency that exposed TEMPEST practices described emissions capable of traveling half a mile through power lines or water pipes – "tiny radio broadcasts," in the authors' words. To counter them, US agencies created highly shielded rooms known as SCIFs (Sensitive Compartmented Information Facilities), where strict safeguards still separate classified computing equipment from uncontrolled space.
Civilian technology, however, never received the same treatment. Smartphones, PCs, routers, and accessories are not required to block or mask their emissions. Wyden and Brown argue that the government's silence on these risks has left consumers "vulnerable and in the dark."
Academic and private-sector researchers have repeatedly confirmed that information can still "leak" from consumer electronics, though extracting it requires skill and proximity. In 2015, scientists at Tel Aviv University built a radio receiver – small enough to fit inside a piece of pita bread – that captured cryptographic data from a laptop's processor a few feet away. The setup cost under $300.
Another team demonstrated that the subtle high-pitched sounds emitted by a computer's voltage regulators could be analyzed to extract encryption keys using an ordinary smartphone's microphone. Both experiments showed that while side-channel attacks are technically feasible, they often yield incomplete information and require specialized conditions.
Wyden, known for pressing intelligence agencies on under-disclosed surveillance practices, has not said whether classified information prompted his latest move. In correspondence with Wired, he noted that such attacks are likely to become more practical as signal-processing technology advances. Sophisticated techniques pioneered by states, he warned, tend to "trickle down" to commercial espionage and criminal networks over time.
The letter asks the GAO to assess not only the scale of today's risk but also "the cost and feasibility" of requiring manufacturers to integrate countermeasures into consumer products – potentially through regulation by the FCC or enforcement actions by the FTC.
Security experts caution that, despite congressional concern, side-channel attacks remain rare outside national-security circles. Cooper Quintin, a researcher at the Electronic Frontier Foundation's Threat Lab, says this boutique form of espionage is real but exceedingly difficult to execute. "The takeaway from this letter should not be that every activist needs to build a SCIF and start worrying about side-channel attacks, because I don't think that's the case," he said.
Ironically, some consumer trends have made these physical leakages harder to exploit. Mobile chips' drive for energy efficiency produces weaker electromagnetic emissions, reducing leakage by design.
Hardware from major vendors such as Apple and Google tends to contain relatively few unintended signals, said researcher and hacker Samy Kamkar, who has built devices such as a laser microphone capable of detecting keystrokes from subtle surface vibrations.
At the same time, advances in artificial intelligence could shift the equation. Machine-learning tools excel at extracting patterns from noisy data – exactly what an attacker would need to reconstruct faint emissions into usable information.
Internet-connected appliances, industrial controllers, and smart-home devices may also lack the design discipline found in flagship consumer electronics, widening the potential attack surface.
It is possible that the GAO's forthcoming study could influence how agencies define baseline hardware security. Even modest changes – such as setting emission standards for wireless equipment or requiring manufacturers to test shielding – could provide meaningful protection if the government decides to act.
Until then, most of the risk remains invisible, radiating quietly through the devices on desks and in pockets everywhere. Whether anyone is listening closely enough to exploit it is, for now, a question Congress wants answered.