RF power meters have proven to be a surprisingly useful and inexpensive tool to identify inappropriate network activity of _many_ varieties on compromised hosts once baselined. Two pictured are a couple of my favorite ones. Recommended for your toolkit.
2
5
21
Replying to @dragosr
Cheaper than the $9.4mm spent by DARPA on CAMELIA.

Aug 16, 2018 · 8:45 PM UTC

1
1
Replying to @bilcorry
In general though the approach is sound, IMHO, dunno about their project specifics. I’ve only been playing with these RF monitoring tools a short time, and easily recognize a wealth of useful information and signatures there. It begs for more sophisticated defensive analysis.
1
I was joking about DARPA, but the end goal for this tech will be a separate but onboard meter that provides the same functionality without needing an external meter, allowing devices to self-detect compromise.
1
more replies