Slashdot Mirror

← Back to Stories (view on slashdot.org)

CRT Eavesdropping: Optical Tempest

Posted by michael on from the tinfoil-house dept.

PortalCell writes "LED status monitors may potentially leak data in a few applications, but worse: Markus Kuhn has now revealed (pdf) that it's possible to read your monitor indirectly just by observing how the blue flicker lights up the room! Forget taping up LEDs or living in a metal box - now you might have to do without sunlight to be secure!" Hopefully people will also stop submitting the LED story now.

3 of 219 comments (clear)

  1. Sunlight==good by los+furtive · · Score: 5, Insightful
    now you might have to do without sunlight to be secure!

    According to the text it's just the opposite:

    In a sufficiently dark environment and with a large enough sensor aperture, practically significant reception distances are possible.

    That's just another reason why I'd rather not subscribe to /. Not only do the editors fail to avoid dupicate stories, those submitting them don't even read them properly.

    --

    I'm a writer, a poet, a genius, I know it. I don't buy software, I grow it.

  2. Computers And Networks Leak Like Sieve by pryan · · Score: 5, Insightful

    I don't know why everyone is so shocked that people can eavesdrop, there is almost zero emmission security in almost anything deployed almost anywhere. Then again, currently, there's no practical need for such secured equipment in a normal civilian environment.

    On of the guys I used to work with would talk about the truck that would park outside their NOC to listen to their ethernet via radio receivers on the truck. One can guess where the truck came from, but the scary part is that this was more than a decade ago. They were doing things that might possibly be of interest to spooks, or perhaps a well-funded competitor.

    It's fun to engage in a fantasy world where government spooks are around every corner, but in reality there's no justification for spending large amounts of money or time to protect yourself from imagined threats like that. I am more worried about somebody breaking into my house to steal my stuff or script kiddies from Germany installing an IRC server on my boxes than the government spying on me.

    Most of us do not have anything that would justify non-criminals to bother with us. Those of us that do usually have the budgets to do something about it. And the criminals are not terribly sophisticated, so common sense and a decent system administrator are usually enough to meet the standard threats. Most criminals are opportunists, if you present a challenge, they'll move on to the guy who has his root password set to "password".

    The people who have highly sensitive stuff know that there's no real security in most hardware and software and work to build environments to protect their stuff. They probably do not buy their hardware from Dell.

    Those of us who really only need to protect our banking and personal information as well as our bandwidth don't need to worry about monitor emission security just yet. For banking information, it's much easier to get that information in much more mundane ways than eavesdropping on your monitor. You should worry about what your local convienence store does with their copy of your credit card receipt.

  3. Security to do list by appleprophet · · Score: 5, Funny

    1) Remove Windows from computer
    2) Remove windows from computer room