I know that electromagnetic emissions from a device can be used to extract information from a system, e.g. TEMPEST or Van Eck phreaking.
I also know it's possible to induce a signal into a communications channel using electromagnetic induction, e.g. a telephone wire. Has the concept been proven for communications channels such as ethernet and USB? Are there any papers on this?
I don't know of any attacks on Ethernet or USB, but here are two related topics that might interest you.
Fault attacks. A fault attack involves injecting some sort of error or faulty data into a computation. It is sort of the dual of a side-channel attack. Some research papers you might enjoy:
Optical Fault Induction Attacks, CHES 2002.
Low Cost Attacks on Tamper Resistant Devices, Ross Anderson, Markus Kuhn, Security Protocols 1997.
See also Ross Anderson's Security Engineering, particularly the chapters on Emission Security and Physical Tamper Resistance.
Active side-channel attacks. You might be interested in learning about NONSTOP and HIJACK. These are military codewords that are not fully understood, but there is some running speculation that they relate to side-channels that arise when equipment carrying sensitive data is irradiated by a high-strength signal.
I'm not aware of such attacks. It may be significantly harder than attacking telephone wires due to the high frequencies used in todays USB/Ethernet.
I also imagine it would be of questionable merit. If you want to inject data, you can use Wifi, physically tap into cables or attach to Thunderbolt/Firewire ports and perform DMA transfers. Don't see much point in attaching some specialized induction device.
The more mainstream works on extracting information have considered smart power meters. They've been used to infer what devices you're using and even what TV channel you're watching. See last ACM CCS conferences.
