Slashdot Mirror
CRT Eavesdropping: Optical Tempest
PortalCell writes "LED status monitors may potentially leak data in a few applications, but worse: Markus Kuhn has now revealed (pdf) that it's possible to read your monitor indirectly just by observing how the blue flicker lights up the room! Forget taping up LEDs or living in a metal box - now you might have to do without sunlight to be secure!" Hopefully people will also stop submitting the LED story now.
I better get my tin foil hat out, or get a TFT...
"First lesson," Jon said. "Stick them with the pointy end."
Sounds like Michael doesn't think this is a major security issue ;>
This certainly explains Linux's stellar security record of late.
Friends don't let friends use multiple inheritance.
how practical/feasable/reliable is it? Wont data be missing if a shadow or a person walks in front of it and make it hard to put together?
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
"Hopefully people will also stop submitting the LED story now."
1 22 4
This article was posted Wednesday. Maybe people will get the clue and read slashdot before they send in submissions and just maybe the editors will do the same as well.
http://slashdot.org/article.pl?sid=02/03/06/122
Interesting fact:
The refresh rate on an LED is slower that the transmission rate of just about any current communications equipment.
Secondary Fact:
Most equipment uses LED's to show packet transfer.
than CRT's. Kuhn's attack works by rapidly sampling the light intensity as the electron gun whizzes around the CRT screen. With LCD's, the light comes from a constantly-on fluorescent tube and there's not the same type of scanning; the LCD itself reacts much more slowly than a CRT does. The optical emanations just don't have as much bandwidth and can't carry all that info. Of course you still might leak screen contents thru RF emissions from the video card, but that's the usual TEMPEST that we already know about. (Note: this info is from Kuhn's paper).
This technique relies on the raster nature of CRTs
I'd love to see someone put this into practice as a proof of concept, because other than having a mirror that can be monitored, the composite merged colour of a room couldn't remotely be decoded into what was actually on the screen.
Given Slashdot's track record, we should be glad that the editors haven't reposted the LED story several times already. Heh.
Considering the quality of the output, maby a funky wallpaper and transparent terminals might be enough for all the tin foil hat type persons out there...
A _field_ test of this would probabli yield a even worse picture, methinks...
"First lesson," Jon said. "Stick them with the pointy end."
I've already painted my walls and made a tinfoil hat for my computer - now I'll have to cover my windows with black plastic. Maybe Transmeta knew about this back in the day? Well, I guess it didn't help them, their competitors must have stole their, uh, secrets.
Go Kart Parts - Got to love driving with the ground an in
I see a lot of potential in this sort of technology, though. When the government wants to crack down on terrorism / kiddie porn / the "threat" of the day, they will usually issue tens to hundreds of search warrants and confiscate tons of computer equipment in the name of "finding the bad guys." They will no longer have an excuse to do that, since they will now be able to eliminate potential suspects just by looking at light that was leaked from their residences. This will be a true victory for those of us (remember SJ Games?) who are scrutinized by our government without reason: they will have no reason to break into our private homes, steal our legitimately purchased equipment, and go on a "fishing expedition" in search of wrongdoing. No judge could ever let them harass a criminal suspect unless they have exhausted all other avenues and proven to the judge that that suspect is actually engaged in wrongdoing.
And that is good for us all.
-s3r
Wow, that's really neat. I wonder how good the results of this is compared to say van Eck phreaking (eavsdropping on the EMI emitted by the CRT-gun)?
Regards / ushac
If your server is in a oversized closet opening into an inside room, then the odds of someone actually doing something with it from the outside is pretty slim.
Of course, If you have to worry about a hacker from inside the company, then you have other problems as it is.
"It is a greater offense to steal men's labor, than their clothes"
According to the text it's just the opposite:
That's just another reason why I'd rather not subscribe to /. Not only do the editors fail to avoid dupicate stories, those submitting them don't even read them properly.
I'm a writer, a poet, a genius, I know it. I don't buy software, I grow it.
From the end of page 14:
"Rooms where a significant amount of the ambient light comes from displayed sensitive information should be shielded appropriately, for example by avoiding Windows."
Ha! Take that, Microsoft!
--Cam
This whole thing was pretty obvious. If you've ever driven by houses with televisions near windows when the tv is on, you usually see a blue room. Get some really sensitive piece of equipment, and you could measure the blue content and get an image of their screen. Specially tinted windows could reduce or eliminate this threat, but you could tell from the outside that the windows were tinted such.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
No problem for most slashdot readers, since they are most likely asking: "What is this sunlight you speak of?"
paper your walls with tinfoil. reflective materials are a bitch if they're slightly crumpled.
I can see it now. Random scan order on your monitor. CRTs will (probably), eventually be a thing of the past and replaced with somthing that doesn't have a scan timing to be deciphered.
"Forget taping up LEDs or living in a metal box - now you might have to do without sunlight to be secure!"
What's this 'sunlight' I keep hearing about?
Knunov
Why do users with IDs under 100,000 or over 700,000 usually have the most worthwhile comments?
From reading the pdf linked - it sounds like with a sufficiently high sammpling rate ( their words more or less ) it's possible to re-render the text. This should hold true to the way scan-guns work on most monitors.
What's new here? This is almost equivlant to putting a Video Camera infront of a monitor and then hooking the output up to your TV.
There's a gorilla from Manilla whose a fella that stinks of vanilla and has salmonella.
Some of us are browsing /. from the workplace (sure beats doing actual work) and cannot use a better browser than IE, and I guess it's your sig that widens the page with a windowed IE (I get scrollbars unless I suppress your post). Have mercy on us poor souls, thank you.
Yeah, I better get my Tin Foil Top out too..
XML is like violence. If it doesn't solve the problem, use more.
I don't know why everyone is so shocked that people can eavesdrop, there is almost zero emmission security in almost anything deployed almost anywhere. Then again, currently, there's no practical need for such secured equipment in a normal civilian environment.
On of the guys I used to work with would talk about the truck that would park outside their NOC to listen to their ethernet via radio receivers on the truck. One can guess where the truck came from, but the scary part is that this was more than a decade ago. They were doing things that might possibly be of interest to spooks, or perhaps a well-funded competitor.
It's fun to engage in a fantasy world where government spooks are around every corner, but in reality there's no justification for spending large amounts of money or time to protect yourself from imagined threats like that. I am more worried about somebody breaking into my house to steal my stuff or script kiddies from Germany installing an IRC server on my boxes than the government spying on me.
Most of us do not have anything that would justify non-criminals to bother with us. Those of us that do usually have the budgets to do something about it. And the criminals are not terribly sophisticated, so common sense and a decent system administrator are usually enough to meet the standard threats. Most criminals are opportunists, if you present a challenge, they'll move on to the guy who has his root password set to "password".
The people who have highly sensitive stuff know that there's no real security in most hardware and software and work to build environments to protect their stuff. They probably do not buy their hardware from Dell.
Those of us who really only need to protect our banking and personal information as well as our bandwidth don't need to worry about monitor emission security just yet. For banking information, it's much easier to get that information in much more mundane ways than eavesdropping on your monitor. You should worry about what your local convienence store does with their copy of your credit card receipt.
Studying in cam.ac.uk, I went to see a talk by Duncan Campbell on modern espionage in October 2000. In the end he asked Markus Kuhn from the audience to explain his latest work, CRT eavesdropping. So I guess 'news' is a relative concept :-)
--
The Cap is nigh. Time to get a fresh new account.
LCD's do not use a scanning electron beam, so the screen display is not made up by the high bandwidth light output. LCD's on the desk top and on laptops are a step in the right direction. The other solution is never use a computer in a dark room. Kick on a few compact flourescent lights. Their high frequency operation and high output goes a long way to adding lots of noise (opticaly) to the environment. Tempest then becomes difficult the same way it is to eavesdrop on the couple whispering to each other a few rows up at a concert.
The truth shall set you free!
Has any Windows XP source code turned up in there yet?
-- In the beginning was the WORD, and the WORD was UNSIGNED, and the main(){} was without form and void...
um don't most of us shun sunlight now anyway? heck my drapes never open. I think the dust has glued them shut.
-
It never ceases to amaze me how we paranoids are constantly proven right yet so many refuse to believe that they are out to get us.
I already covered my windows with lead a while back to keep the Illuminati mind rays out!
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
This works only for 10 MBs and lower equipment. IE: phone modems, many NICs, etc... etc...
Man is born free; and everywhere he is in chains.
If someone wanted to steal information from our files, they could do so through the internet.
Or they could tell the receptionist they're here to see Bob, and then go look at the paper files. I think it would be easier to do the latter.
But very few would attempt the second kind of attack, because it's hard to say "Oh yeah, I was just checking out security. Just playing." when someone discovers you digging through files on someone else's property.
In the same way, stealing information via CRT flicker requires too much of a physical commitment for it to gain much popularity I think. At least in most cases - it might be different if your office is accross from a competitor's. Even then, seems like it would be easier just to zoom in and watch them type their password.
Interesting article anywho.
.
Let's not stir that bag of worms...
Don't think my cable co is gonna be happy when they find out that somebody else is watching all those adverts that I've only paid enough for myself to watch...
This attack looks pretty innocuous when you look at how it's possible to reconstruct the video signal via the EM signal your CRT generates.
_ gc i550525,00.html
http://whatis.techtarget.com/definition/0,,sid9
Forget closing the windows. Better build a grounded copper mesh encases your house.
120 characters isn't enough to explain it.
The monitor gets its sync information over the vga cable but the persons that tries to read the screen using this technology must guess the sync information.
A little software that modulates the h and v sync rate every frame should make it much harder to get a readable image. But I'm not sure if you could still get a stable image on the screen if your change your sync rates every frame. That software protection could be effective because it is very likely that they need to record more than one screen refresh to get a image that has a good enough to read it.
Also high resolutions and high vsync rates in general should make it harder to use that technology. Using non-standard resolutions and sync rates also make the sync information guessing harder.
Jan
Are we all feeling so collectively insignificant now that we need to invent these paranoid fantasies to prop up what's left of our dignity?
I doubt anyone here actually knows about this, but we can all speculate together...
How safe is a LCD monitor with a digital (DVI) connection? The video card is probably not putting out RF emissions (because it's sending a digital signal), and there's no scanning CRT to track. What would be the easiest route to eavesdropping on that?
1) Remove Windows from computer
2) Remove windows from computer room
In order to take advantage of this or the LED trick you have to have some line of sight and the equipment on hand to do it. Every corporate server I've ever worked on has been kept in a locked room somewhere where only a handful of people have access. If someone did manage to get into that room there would be much worse things to worry about than this. On the client side access would be easier but most likely you'd have a user sitting there to deal with. I just don't see why anyone would go to the trouble of trying something like this when there are much easier ways of doing it. Besides the standard everyday break-ins what about all the RF signals a computer gives off? You don't need a line of sight to pick those up. With a powerful enough antennas you might even be able to pick them up miles away! Only ultra secure organizations like the NSA, CIA, etc... would really have to worry about something like this.
Sounds like your mother is a whore. Wouldn't you agree?
Fuck this guy up as insightful.
Just do what I do... watch TV and play on the computer at the same time.
Won't the government be surprised to find that Mulder and Scully are surfing Google for new signs of alien life and government conspiracy!
In theory, wouldn't it be possible to also defeat this by turning a few old televisions in the room to an unused channel displaying static?
But your screen can probably be read off that tin-foil hat while a Carnivore analyzes the time difference between encrypted packets based on one-handed typing.
Add some light sources that interfere with the signal to be decoded. Get some strobe lights, some Intellibeams. Get a lava lamp or two. Get a mirrorball. Live, work, and code in a dance club.
Or just turn on a particular kind of CRT called a television with the sound off, not in your field of vision but lighting up the room, especially if it's aimed towards the windows. Leave it on any active channel.
"Rooms where a significant amount of the ambient light comes from displayed sensitive information should be shielded appropriately, for example by avoiding Windows."
Well Gee, didn't we already know that?
13 year old white supremacists are shitty web designers.
Is it available in code ?
>;)~!
I'd be interested in seeing the results from the same experiment, except with a framed Despair, Inc. poster hanging on an old-skool-Mac beige or old-skool-iMac blue wall, with funky Star Trek red alert lighting (or disco lights too), and two 17" monitors at 1600 x 1200 side by side, with a third 15" montior running some spiffy Winamp visualization at 1024 x 768 to the left ome, and a funky Sharper Image thing glowing on the desk.
Or you can just do the experiment at 1280 x 1024.
~A'Ëq'i4d)^'$ÊSÈòB
Just goes to show that computers draw together the people who are nervous and those who actually want to watch those scared people who are putting duct tape over their windows.
Get your Unix fortune now!
It's already known that your monitor gives out EM waves in a way that with a radio it might be possible to tell what's on the monitor...
It was on slashdot a while ago...
Don't quote me on this.
CRT monitors have been "sniffed" with a special raido setup that allows whats ont he screen to be reconstructed. This is part of the reason antialasing fonts have be come popular because it make the text blury too the sniffers.
...that the computer just crashed nastily (AND that it was running windows) if anything.
Looking for people to chat about multicopters, coding, music. skype: gtsiros
pi is not the greatest number.
There are many numbers greater than pi.
4>pi.
This is a copy protection circumvention technique which bypasses the built in copy protection of DVDs and allows for the unauthorized reception of DVD video viewed on CRT displays. I'm going to call Jack Valenti right now, shame on all of you...
if youre monitor and graphics cards had high refresh rates, what if you were to alternate screens of gibberish into the refresh at random cycles, and have some form of lcd shutter goggles that are synced to block the gibberish from you. Anyone think that could work or be feasible?
This
What will this mean for OLEDs? They will be able to read the information directly off of the OLEDs AND the reflections!
Counting a lamp, a desklamp, flashing LEDs, an aquarium lamp, a lightning ball thingie, and candles, my computer room has 10 - 30 light sources that *aren't* my monitor.
:)
Good luck decrypting my photonic code when I set the lightning ball to react to my tunes.
Take a +5 comment from a previous article and submit it as a story. If the moderators thought it was good, then the editors should, too!
Truely superb work. However, if you notice, red does not come through on the reconstructions. Perhaps this is something to do with his use of P22 phospors, or I missed some important detail.
So, what does this teach us? If you are doing anything illegal on your computer, and you do not want to be caught, stick with red text on a black background. Or, if you want full color on a good CRT, put a hood on it like those turn-of-the-century cameras. Imagine the look on your co-workers face (or friends at a LAN party) when you stick your head under the hood and go to work. Then listen to them laugh as you reach for your coffee and spill it all over the place because you can't see anything. Oh well.
--- At my sig, unleash hell.
Why do people waste time on useless studies? (ok, not useless) This technology would never be something put into use as it is not feasible and will definetely not be reliable to use as a spying tool. The only peopl to pursue this might be the government as they are always looking for ways to find out what people are up to.
God, maybe someone standing behind me can see what's on my CRT too?
Dave
I write a blog now, you should be afraid.
It would require optimal lighting conditions, correct paint (by this I mean how it absorbs or reflects light as well as how it shifts light in the color spectrum), and very specific measurements of the room and all reflective surfaces. I really doubt this.
I have a ton of LED's in my computer room. It used to have an odd glow, but some electrical tape over them fixed that. Now, with the exception of my speakers, you can't see any of the LED's - it's now secure from LED sniffing.
:)
So, I just applied the same fix for this, since my monitor faces a window. There is now a few strips (about 30) of electrical tape covering my monitor and the flicker is gone.
I appologize for any typing errors though. Every fix has a downside
I knew there was a good reason to run my screen a 1600x1200x75Hz. Someone would have to be receiving a 144MHz optical signal to get a decent reading of my screen, and from far away it's not easy...
-Adam
According to the article, with the aid of a device called a telescope I can see someone's screen from a long distance. What will they think of next, using a magnifying glass to see thing that are very very small?
From the folks who brought you "that LED story," comes "that CRT story." Check the PDF.
Wrists killing you? Not in 2 weeks. Learn Dvorak.
Can this evesdroping happen witha lcd screen too?
Hacker Media
See, my girlfriend is always complaining because I keep the blinds pulled all the time. My computer is right next to the window, and the glare gets to me. Plus, I sleep on the side of the bed that's toward the window. (Small apartment, same room.) So, now I have a good excuse: it's to protect me from government scrutiny. It's better than the old excuse, which is that I'm a vampire.
--
I gave up my +1 bonus, don't mod me down!
Buy a tinfoil hat, a shotgun, some TV glasses, and a bomb shelter and move to Iceland.
I hate those losers who can't come up with a decent sig. Oh, wait...
Tempest refers to stray electromagnetic radiation that is "read" by appropriate radio equipment nearby, this article is about stray light emissions that are picked up by a photosensor.
Get one of those bright lights which are used to help people in the North with seasonally affected disorded (SAD). Put it next to your window. Turn it on. I quarantee, there won't be a bit observed anywhere if you pump some serious light of your windows.
...now you might have to do without sunlight to be secure!
What is this sunlight you speak of?
And I guess, their network was Banyan Vines? ;-)
What's "sunlight"?
Sparks:Gadget:Beer Maker
e is better
you can evesdrop on conversations by hiding in a bush and using a gadget to read the vibrations of a window from the reflected light on it.
You can pickup cordless, and maybe even cellphones (digital/encryption though).
You can open up the phone junction box outside the building and tap the wires.
You can pick-up the emf from a monitor or tv and reconstruct the image (pretty hard i think).
You can use the earth wire in a house to transmit data from bugs hidden in plugs.
You can use tools like netbus etc.. to view peoples computer over a network.
You can trick security guards with dumb-busty-blondes(tm)*
*I in no way endorse the use of busty-blondes(tm) or in anyway imply that they are all dumb, or that security guards are shallow/thick and are easily seduced.
You can look into windows with telescopes
You can recover badly deleted data from disks
You can packet sniff
You can abuse the fact that your an admin for that network and get anything you want
You can even use money to get information
And now you can use LEDs and monitor flicker too... And the FBI wants _more_ rights to tap you?!?!? how does that work?
This comment does not represent the views or opinions of the user.
The MPAA has just released a memo to all government agencies and private detectives hoping to use this method for surveillance. Apparently you cannot use it while someone is watching a film or other copyrighted work on their monitor as this is a violation of the DMCA. They had originally planned to ban this technology completely, but Bush decided that it would put the USA at a distinct disadvantage in the surveillance world, so they settled for this fix instead.
If you want to protect yourself, have a dvd looping in a small window on your monitor and spies will be forced to stop watching, or face the penalties. This law also applies to Russia and all other countries by order of US international law(tm)
This comment does not represent the views or opinions of the user.
The next thing you know, they'll be telling me that people can get information on what I'm doing, using no specialist equipment just by standing behind me and looking at the screen over my shoulder! I'll have to start doing everything using ssh (Secure SHpectacles).
"E pur si muove!" - attributed to Galileo Galilei, 1564-1642
As for needing a 500Hz refresh rate, that isn't the case. The persistance of vision that allows your eyes to see a constant picture on the screen has nothing to do with how long the picture is there, only how many times it is there in a second. Anything 60 or more is fine. If you have a surface that continues to display the picture long enough for the next retrace beam, then you don't need even 60, since the picture really is there all of the time.
Televisions, although being 30 frames a second, display an interlaced picture which means there are 60 pictures displayed a second, which is aparently good enough to trick our eyes. Movies aren't anywhere near 60 frames per second either, so each frame is flashed on the screen two or three times so that there are at least 60 flashes per second. It doesn't matter how short the flashes are, just so long as there is at least 60 of them and they contain enough light for out eyes to see them. (Shorter flashes will need more light.)
queue lots of arguments about whether it's blue or green that has the longest wavelength.
so just add a few strobelights, a mirror ball, some other types of disco lighting to the computer room and Voila.. no more security risk and the work environment has been improved...
Now to get this project's captial budget approved in the name of company security...
Do not look at laser with remaining good eye.
I remember on Tommorows World (UK TV Science program) many many years ago (80's I think) they showed someone sitting outside a building picking up radio emmisions from screens and redisplaying them.
Don't worry, if you have anything worth stealing it's probably already long gone...
Of all the techno-fetishists who say the vacuum tube is dead, and now we have a PMT spying on a CRT ...
I love vacuum tubes!
The red part of the test screen didn't make it. Just use a red-only color scheme and you're ok, for as long as you can stare at a red screen. Hey maybe that will be training for a Mars mission?
I'd be real concerned if pros like you were not keeping my data safe . I will also sleep well at night knowing that the government has no interst in my personal letters and phone calls or my company's records. I will continue to use my high speed internet access without fear of eavesdropping. The constituion and people like you protect me!
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Cover the CRT/LCD of your screen with duct tape. One downside: Duct tape isn't really that transparent, but I guess that was my point... :)