- Link to the paper: https://www.nature.com/articles/s41377-025-02119-y
From the abstract:
> Here, we demonstrate a covert communications method in which photon emission is rapidly electrically modulated both above and below the level of a passive blackbody at the emitter temperature. The time-averaged emission can be designed to be identical to the thermal background, realizing communications with zero optical signature for detectors with bandwidth lower than the modulation frequency
It sounds like maybe they're modulating the emissivity of a diode up and down so that over time, its IR spectrum looks like black body radiation. Only someone looking at the intensity of the thermal radiation coming from the diode at really fast timescales (kilohertz or megahertz) would notice that there was a signal being transmitted.
- Yep. I guess it was "hidden" until they published the method to detect the signal.
- > We do have encryption methods, but at the same time we’re always having to create new encryption methodologies when bad actors find new decryption strategies.
> But if someone doesn’t even know the data is being transferred, then it’s really very hard for them to hack into it. If you can send information secretly then it definitely helps to prevent it being acquired by people you don’t want to access it.
Very strange framing. Symmetric cryptography has been "unhackable" for a while now, for all intents and purposes. The real advantage is surely that nobody notices you're transmitting data at all?
- The cypher may be prefectly impenetrable, but the software running on the transmitter or receiver may be more brittle. You cannot attack what you don't even know exists nearby.
- A secure cipher is indistinguishable from random data, you can't infer what software is on either end just by eavesdropping.
- In practice you can infer a lot. The payload of a TLS stream is formally indistinguishable from random data, but you can still tell on the wire that it's TLS. There aren't a lot of widely-used TLS implementations. It's been a while since I looked at the specifics, but I bet there's a lot of more specific signature data in the plain-text parts of the protocol like supported ciphers. You can make some good guesses from the metadata.
In the case of a physical interception, you can probably infer more. If you, after reading this article, spot an enemy drone that doesn't have any obvious emissions, then, well, there might only be one option for the software running on that drone, namely The Software that your enemy uses on their drones.
Anyway, it's not clear to me from the article whether the source object from the signal will necessarily be invisible. I think every transmitter still at least looks like a point source of blackbody radiation. The signal may not be detectable from thermal background radiation, but if the background itself is coming from a big obvious drone, well, you know it "exists nearby".
- Only because TLS never tried to be metadata-resistant in that way.
For example, Noise protocol + Elligator + constant bandwidth, is indistinguishable.
- You do have to try, though, is the point. It's not automatic just because the output of the cipher itself is cryptographically random. And when you do try, the lack of metadata will itself be a clue as to the software generating it.
- > transmitter still at least looks like a point source of blackbody radiation
The whole trick is that on average it is a source of blackbody radiation exactly like any other piece of matter next to it, same temperature. It does not produce a light or dark spot on an IR camera image. It turns hotter ("positive light") and colder ("negative light") with a very high frequency, in a controllable way.
- But once you've located the device, you can use a number of electronic warfare approaches to crack into it, not necessarily through its main radio interface. For instance, electromagnetic interference, heating, etc, all can inject a subtle hardware failure that the software is not ready to handle.
- You really need to look up the Kirchoff principle
- It adds a layer of obscurity, but not real security. If somebody is looking, neither sender or receiver can detect it or know if their ciphertext was intercepted. Depending on the methods used, the cipertext might not be immediately crackable with currently known algorithms and resources. However, it can be archived and broken at a later date, or by an actor who has access to algorithms/resources that aren't currently public.
- Covert transmission is security. Think of a spy or North Korean dissident, mere detection of a transmission means compromise; Eve will extract the plain text using the trusty $10 wrench.
- harvest-now-decrypt-later attacks aren't much of a concern for modern symmetric cryptography. heck, even known-broken ciphers like rc4 aren't easy to break in a non-interactive setting with modest ciphertext sizes and no key reuse.
- The “emitter” can either produce more thermal photons than the background thermal noise or fewer. Because it absorbs thermal energy particles of the time and loses that energy at others, it balances out to background. You have to know at what temporal frequency to sample to see it, otherwise the signal will integrate to zero. Very clever.
- > Only a receiver with the right equipment can pick up the hidden message.
So all an eavesdropper has to do is setup the right equipment then? I guess it is only invisible until the technology becomes more widely available.
- They also have to know where to look.
The big claim in general appears to be that the signal is not obvious because it averages out to normal background radiation noise. The article doesn't communicate this well though.
The bit that you quoted, I think that's just a random sentence that looks dumb out of context. I don't think it means anything special.
- As invisible as radio signals then.
- In general, it is very easy to detect that radio signals are present.
A better comparison is with radio signals for which a method of spread-spectrum modulation has been used, chosen such as to have a bandwidth so wide that the averaged signal falls below the thermal noise level.
Such radio signals will also not be detectable without special detectors.
WiFi and Bluetooth use spread-spectrum modulation methods but they have relatively low bandwidths, so they can be easily distinguished from thermal noise. Much wider bandwidths are required to prevent detection.
- Now now... Let's be fair...
Radio broadcasts to everyone.
Light you can block off to a single direction.
Oh wait, directional radio antennas exist. Nevermind, yes. Exactly like radio waves.
- > Light you can block off in a single direction.
Sorta, kinda. You're really only just attenuating things a lot. It's tricky to actually block it off fully.
Same with radio waves, as light is literally the same phenomena as radio waves, it's just shaking faster.
- Maybe I'm missing something, but this reads like a complicated way to say "We made an IR diode that gets cold as well as hot."
- While this is equivalent with "gets cold as well as hot", there is a critical difference.
Modulating the infrared emission by cooling and heating a body is slow, so the transmission rate is low and it is also easy to detect, because any infrared detector will show pulsed infrared light.
The whole point of the article is that they have found a method for modulating the infrared emission that is much faster than cooling and heating, so because the modulation frequency is so high any normal infrared detector will not see anything, it would just detect the normal infrared emission that corresponds with the ambient temperature.
They exploit a phenomenon that exists in infrared LEDs made for a low frequency (high wavelength), which when biased forward emit infrared light, like any LED, but when biased backward the reverse happens, i.e. their infrared emission is lower than it should be for a black body at ambient temperature, because a part of the thermally emitted photons are reabsorbed by the semiconductor, generating electron-hole pairs that are separated by the electric field, being thus prevented to recombine and emit again a photon.
Because the increases and decreases in infrared luminosity are done by changing the bias voltage of a LED, they can be done orders of magnitude faster than by cooling and heating.
I do not know whether this proposed application in steganography would ever be worthwhile, but this is certainly a very cool development.
- It's sometimes cool and sometimes hot.
- Or you can call it encryption along different axis. Much like extracting GPS signals from below thermal floor level - you can do it if you 1) know it's there, and 2) know exactly how to key in. It's impressive as heck, but you can always rephrase it in terms of information theory in ways that makes it sound like slightly different shade of mundane.
- I don't believe you're missing anything. This is just stegenography with a possibly new covert channel, right? Apparently the secret depends on advisaries not noticing the special hardware deployed on each end. Would using spread sprectum techniques would work just as well?
- I think the reason the negative luminance is potentially important for secrecy is that it means the average of the signal you’re transmitting is zero, making it indistinguishable from noise.
- Yeah, but saying that doesn't get the military to give you money.
- I would much rather have been called a computerologist than a computer scientist.
- Yep.
- It's impressive how this article made this sound like a breakthrough, didn't even mention the entire historied field of steganography once.
- The paper itself mentions steganography in the second sentence at least.
- Maybe I skipped over it, but the (suspected) narrow band emission of their diodes is something that could be detectable.
Electronic warfare is not about listening, but just seeing the location of the emitter. If you had someone with a different thermal camera/ camera with SWIR, you might see that something is just not right.
- This is basically spread-spectrum / CDMA, but in a different frequency range? As others have mentioned in comments here, GPS signals are already far below the thermal noise floor.
- So it's a camouflaged semaphore?
- I don't understand what makes it hidden if anyone with the right equipment can pick it up. That's like calling X-rays hidden because most cameras can't pick them up.
- True. I think the novel point is that on average, the emitter just isn't emitting. Normally, you can have a very simple piece of equipment that can pick up the fact that a signal source is emitting something, but then you need to get a more specialised piece of equipment to actually collect and decode the transmission. This just raises the stakes to having to have the specialised equipment to see that there is a transmission at all.
- Between 2013 and 2015 I was working on UWB (Ultra-Wideband-Radar). It's stealth, undistinguishable from background noise too. Of course that depends on multiple attributes, but in general the signal can be understood like a chirp within multiple frequencies, thus looking non-linear and especially hard to detect, if there are multiple such devices additionally communicating with each other. Orbital Angular Momentum (OAM) makes it even more efficient at being stealth, without diving too deep into it.
So this negative-light technology is quite interesting in that it's stealth, but it has to come a long way to reach the ubiquity of UWB. I'm curious if and how such technology could be used in space though. Happy to hear more!
One of the most plaguing questions I have is that it's very odd that specialists are so quite about the wide-spread integration of UWB chips in all modern phones and the accompanying "possible" surveillance nightmare. As a government it'd be total horror to be fully penetrated by an adversary like this. If you find otherwise please share the paper here, there's a lot of literature about UWB, OAM, beam-forming, antenna-design and related technology that, when put together easily make someone doubting it at least more inclined to be more open.
My work back then was sold to military by one of my professors behind my back, and after confronting the professor about it he laughed it off telling me it's normal and okay. I refused to publish about it, as I was finding it difficult to find a positive usage scenario, plus he was profiting of off my work that I needed for a grade financially outside of university and of course of no intention of integrating my work. To add salt to that wound he instructed me to change my applied-science paper to be more of a guide for a few select PhDs who'd receive the financial grants, making my work a footnote at best. I have no words. Later I learnt by a friend working on his Dr. degree how he got betrayed by his Dr Father. He was working on a science-backed improvement for a factory, after telling his Dr. Father he found that he patented the technology and sold it to the factory. When he found out, he heard a similar story to mine, where his Dr. Father basically told him, "lesson-learnt, better me than someone else". He finished his degree and kept his profile-low for years after that to not cause conflict.. quite sad.
My initial plan was to provide IPS to the campus with a few-cm accuracy and gesture recognition through walls as a cool gimmick with future work focusing on accessibility scenarios.
But with current devices it's possible to use the UWB chips in distributed mesh (similar to find-my) to create an ultra-high-resolution 3D-feed with city-wide, real-time and through-wall sensing at mm-accuracy. I'm not even factoring in resolution upgrades using AI.
Cook me, if you want, this was genuine scientific work taking months of work back in 2015 to be able to build, but being backstabbed by your professor was quite unreal to find out. Later I got similar signals from friends at Fraunhofer and Max-Planck. Just listening to their work stories made clear they were fooled doing science, when they in tandem were quite frankly building military reconnaissance technology, but distributed in small disconnect groups of low-paid scientists (PhD/Dr/MSc).
- It seems simpler to use a secure radio protocol instead of relying on security by obscurity for communication.
- A covert signal is still beneficial even if the signal is secure. The existence of the signal is valuable metadata.
For a contrived example, imagine I'm in a warzone:
- Secure = Enemies can't read my messages. Good. But they can still triangulate my position.
- Covert = Enemies don't know I exist
- Another example: in some regimes merely using Tor is illegal, or say in the US using it is enough to justify a search warrant for probable cause, with no evidence of any actual wrongdoing. The EU Chat Control lobby is also trying very hard to criminalize encryption. The simple act of trying to communicate privately is taken as indicative of criminal wrongdoing in the modern world. Being able to communicate without adversarial parties knowing you're communicating is a boon.
- +1. As another example see https://en.wikipedia.org/wiki/Numbers_station -- people can't decipher the messages, but they strongly suspect something spy-y is going on. If they couldn't even detect it, there would be no suspicion.
Also hi StevenWaterman, I recognize you from previous comments! I think this is the first time that's happened to me on HN
- Also even if they know you are transmitting, it may still be beneficial to prevent them from knowing how much you are transmitting.
Imagine the enemy detects some of your transmission, even knowing it's encrypted, they can still look at the data rate (or estimate order of it):
- 5 bps = probably a random transmitter, maybe audio spy device, maybe remote detonated weapon
- 5 Mbps = probably a feed from military hardware or personnel
Similar inferences can be made about volume, if they can identify distinct transmissions. Etc. If tricks like these can make the enemy confuse 5 Mbps TX for a 5 bps one, it has obvious tactical utility.
- Unless they have "the right equipment". Then you are right back at the same situation.
- Nobody has "the right equipment" everywhere all at once, especially not with operators (human or otherwise) set to monitor it all the time.
In the real world, obscurity is the cornerstone of security.
- If you know it exists and becomes popular, in the right situation you will make sure to have it. The dynamics don't change with this.
- A lot of spy movies or police procedural movies show someone coming with a magic detector for hidden spying cameras or microphones that is used to sweep a room and remove all offending devices.
The device presented in the parent article would be undetectable by any classic detectors.
However, if such a method would ever become widely used in reality, it would not be difficult to make detectors for it. So it could have a window of opportunity, between the first development of spying devices based on it and the development of countermeasures.
- DSSS is sort of both security and obscurity at the same time. The very act of spreading your spectrum out via a secret key also has the effect of reducing the amplitude of your transmission, ideally below the noise floor. A receiver on the other side wouldn't see anything except noise unless they had the same key.
- The same is true for any other method of spread spectrum modulation, e.g. for FHSS (frequency-hopping spread spectrum) or for ultra-wideband pulses.
The detection of weak signals requires long integration times, which remove from the output any spread spectrum signal present in the input, unless you know and apply before the integration the correct scrambling or frequency-hopping sequence.
- Secure channels can still be jammed. Undetectability is a fundamentally different goal than secrecy.
- I am sure you could encrypt the warmth message somehow.
- Unless your adversary is scanning for RF emissions, which is getting more and more common.
98 points by wjSgoWPm5bWAhXB 2 days ago | 60 comments