Re: Ever notice ...
"Is pretty cool, suspect such a thing could also be achieved by blinking a status light or something."
Yep. Hard drive light - https://www.theregister.com/2017/02/23/hard_drive_light_used_to_exfiltrate_data/
Router light - https://www.theregister.com/2017/06/06/data_exfiltration_with_routers_leds/
Also monitor pixels, LCD brightness, drive noise, power cables, case temperature, and basically any property of a computer that can be in any way controlled or monitored. Every time you see a headline about getting data out of a computer in some seemingly insane way, you can pretty much guarantee Bu-Gurion University is involved.
As for the inevitable whining about these attacks not being practical because it requires access to the machine, that remains just as stupid as ever. Just because an attack requires physical access doesn't mean it's irrelevant because then an attacker could just do anything they want. We even have a variety of names to describe some of the circumstances where physical access is very relevant. It usually involves either compromise of something you trust, as in supply chain attacks, or access for a short time, as in evil maid attacks. In both cases, physical access provides the initial compromise, but the attacker still needs some way to actually do anything afterwards.
That's the entire point of this sort of research. The traditional approach to guarding against attacks like that is to air-gap machines - don't connect to the internet, block off the USB ports, and so on. Even if your supply chain is compromised, it doesn't matter because you never connect to the outside world anyway. What Ben-Gurion keep showing is that there are all kinds of ways to get data out that aren't normally protected against. It doesn't matter that the proof-of-concepts aren't usually especially practical or that most of them are fairly trivial to block once you know about them. If you're paranoid enough to worry about evil maids and supply chains, you also need to be paranoid enough to do more than assume that just because you haven't plugged an internet cable in everything must be secure.