Slashdot Mirror
Monitoring Your Monitor
bje2 writes "Rememeber this story from a couple months ago about reconstructing data from the blinking LEDs of modems...well, CNet is running a story about reconstructing the display of a computer by using special hardware and the reflected glow of the monitor." Kuhn's paper (400k PDF) is available.
CNet is running a story about reconstructing the display of a computer by using special hardware and the reflected glow of the monitor."
...like a mirror!
a grrl & her server
While Kuhn calculated that the technique could be used at a range of 50 meters at twilight using a small telescope
Now I can watch my neighbor surf pr0n from his computer, instead of filling up my hard drive with the filth!
Attention all planets of the Solar Federation! We have assumed control! - Neil Peart
Same article appeared on /. back in March, dinnit?
my porn distributor is going to sue the FBI for p2p-ing my collection through my monitor via DMCA. haha, got you!
geek page at KY speaks
Because the monitor is facing away from the window through which you're snooping.
CRT Eavesdropping: Optical Tempest by michael with 219 comments on 10:57 10 March 2002
And if I were a little more ambitious I would post a link to this story that was already on slashdot a month or two ago...
The real danger here, I think, isn't some kind of "national security" or "bank fraud" or anything like that -- security schmecurity. The real danger, is Quake cheating!
Think about it. If I can reconstruct what is on your monitor, I can tell where you are. Are you down the tunnel? In the water? Are you on top of that goddamnfucking sniper tower? I could reconstruct your screen and determine exactly where you are in the Quake map.
Quick, someone, solve this problem before it tears society apart!!
-- Ken Kinder ken@_nospam_kenkinder.com http://kenkinder.com/
Now I can begin selling my high-tech, computer privacy protection devices.
I will call them curtains.
It's clearly the same as the problem with the blinking modem LED's -- just cover the front of your monitor with duct tape.
free ipod? yeah.
"Until that's resolved, the safest solution is to compute with the lights on. "
Or just close the window shades.
It seems like you can read the contents of a monitor under optimal conditions, but how often do you get optimal conditions? More often that not, a person sits in front of a monitor as he or she works. At best, then, you'd only be able to get bits and pieces of what's on the screen. You also have to contend with different grades of wall paint and/or wallpaper (not to mention furniture behind you) which might make this endeavor fruitless in most cases.
It's a nice trick in a lab, and probably worth publishing. But I think there are too many uncontrollable variables to make this practical.
Just get a pair of those glasses that have mirrors on the outer sides of the lenses. Mind you, everything will be backwards, but you can see what's going on while pretending to look in the other direction.
:)
As for monitor LED monitoring, big deal. They can find out if my monitor's on, in powersave mode, or off. Yeah, big security risk there.
We will be doing a special on Printing Your Printer. More details at 11.
Moon Macrosystems. Sun's biggest competitor.
Now I can justify the 21 LCD at work on the grounds that the CRT poses a risk of industrial espionage.
Nope, no sig
Looks like it doesn't apply to flat panels. It relies on the CRT electrons coming out of the monitor and striking a photosensitive component. Not to mention, what if you have a large person using a small monitor? It would seem to me that you'd have to have an unobstructed view for this to work.
This could be detrimental to geeks though. Quoting the article: the safest solution is to compute with the lights on. Dangit.
There is no reasonable defense against an idiot with an agenda
:wq
I think there was a story on /. before about catching the radiation from the monitor to reconstruct the images.
I wonder which technology can produce the more accurate picture?
"A plan fiendishly clever in its intricacies"- Homer Simpson
People face there monitors so they are visable to windows. i cant belive the number of first floor offices i see where the monitor's display can clearly be seen with the the naked eve through the window. so dont point your monitor outside.
Tempest is a real risk, but you have to evaluate how sensitive your information is and is a tempest attack likely.
the easiest way i think to reduce these attacks to to put up a big fence around your facility, atleast 50m from any window.
Now you can reconstruct Slashdot from the reflected glow of old stories!
Um, wrong. The original article involved researchers demonstrating that certain modem/network devices allow you to read the actual data stream based on the blinkenlights. Spying is theoretically possible (though unlikely) with this.
Remember the comment in that story about Kuhn's paper on this technique?
Of course, we all know that high tech spy computers have monitors that throw a readable image onto the user's face. You see it all the time in the movies. They're reconstructing the image by analyzing the glow bouncing off of your walls and face.
"I'm not impatient. I just hate waiting." - My Dad
There's some really nice signal processing going on in the paper; it isn't like he just feeds the raw signal into pixels or anything.
-m
Imagine a van driving slowly down the streets of a neighborhood every 10 minutes, monitoring the blue TV glow coming out of windows.
Not reconstructing the actual image - just watching the gross flicker patterns, and matching them against all TV stations in real time.
If it finds someone that's not on a known TV station, it pauses for a minute and logs a longer sequence of flickers to match against the flicker patterns of a large library of videos.
Talk about precise marketing info!
Talk about potential blackmail material - ("Did you enjoy your viewing of 'Under-age Girls' last night Mr. Politician? Doing a bit of research, were you?" What about the previous 15 nights?")
Maybe we need to extend "peeping tom" laws to cover any deliberate use of EM radiation coming out of our homes...
My boss is an old spook who spent time at NASA and some other defense contractors. While there (about 10 years ago) he worked on this project. From what he tells me, they were able to monitor displays from a good distance without any troubles. Not only did they do this ten years ago, they also developed a coating for the monitors that would reduce the radio emissions. That way no one could monitor them...
I don't know what this guy patented but it's already been deemed useless by 10 year old US Government research.
Sit back and relax as Windows 98 installs on your computer.
Jeeze, this is going around your E to your A, people.
Anybody remember the tempest device? Able to lock on to a RF signal produced by hardware and reconstruct it, get displays, and rummored to be able to even spy on a CPU's activity if finely tuned enough. I read a rather lenghty article on how to build one years ago, but I'll be damned if I remember where I found it. I suggest a goodle hunt. The frightening thing is, the people who built it, were able to pick out a single display in a large office building -- eight blocks away.
RF signals are easyer to get to than the reflection of a monitors glow, I would think.
My new top secret key -> C>N|KB
They were doing Van Eck Phreaking which was looking for the electrical eminations of a monitor through a solid wall in an effort to reconstruct the display.
Little Different than staring at the monitor from a distance.
As a rock-in-roll Physicist once said, No matter where you go, there you are.
This is no cause for alarm, just put some sort of lightproof cover over your monitor =P
prosebeforehos.com
This is news? It is a well know effect ... The real trick is picking background noise out of your signal (hint : it is very trivial).
...
... ... ...
...
:-)
Here is a trick for you kiddies
The US power grid is 60 cycles,
That means Fluorescence lights turn on and off 120 times a second
That means filament lights have a detectable 120 hz intensity ripple
60 cycles gives you a wavelength about the size of north America
So the whole US turns on and off 120 times a second
In Europe it is 50 cycles
What does this mean from space?
The whole power grid turns on and off between 120 and 100 times a second (depending which frequency it uses)
Watching the phase of a single light compared to the rest of the grid tells you if that part of the grid has a large inductive load (big motors), resistive load (big computers), or capacitive load (big particle accelerator) on it.
Watching a light that doesn't flicker in sync with the local grid tells you it is on internal generator power (big target).
And you ask how do we know the facility is a viable target?
Lesson : if you want to avoid being noticed stay on the grid and stay in phase. Otherwise big brother will find you and send your coordinates to a circling B-52
TastesLikeHerringFlavoredChicken
Doesn't your first statement "From what he tells me, they were able to monitor displays from a good distance without any troubles" contradict "I don't know what this guy patented but it's already been deemed useless by 10 year old US Government research"?
Here is a good source of information about TEMPEST attacks, including the "Urban Folklore" LCD displays on laptops eliminate the risks of TEMPEST attacks (answers a few posts in this thread). It may be more than 10 years old as these guys claim to have been around 17 years.
Phillip.
Property for sale in Nice, France
Burn my karma!
They that quote Benjamin Franklin on liberty and safety deserve neither.
1. Get a bunch of monitors
2. Get a bunch of composite to VGA Converters
3. Attach All.
4. Play Brittney Spears videos 24/7
This will produce enough noise to negate any spy system other than direct view. Brittney might damage the watchers as well.
Who watches the watchers while watching the watched?
SD
âoeWho knew something as harmless as willful ignorance could end up having real consequences?â
He said that you could (theoretically) be outside the room quite some distance away as long as you had a half-way reasonable telescope. Of course you get a trade-off with distance, ambient lighting level (S/N ratio is the big problem) etc.
But he reckoned that if I sat at this computer right here with all the lights off and the curtains open the reflection of the monitor on the wall behind me should be readable from the bottom of the garden. (The monitor isn't facing the window so you can't read it directly with a telescope.)
Probably safe, though, because I only have all the lights off if I'm playing games - if I'm doing real work there's usually a light on.
I'm not any sort of expert in this, however from what I know of video the process has to be something like this:
The phosphors in the CRT do not emit only when hit by the electron beam. They have a certain persistence, so a dot keeps on glowing while the beam moves on through other dots. If you get a perfect recording of the signal, then reconstructing the picture requires merely syncing onto the video scan by means of the long and short black intervals (vertical and horizontal retrace), calculating each pixel's actual output by subtracting the fading output of previous pixels, and feeding the resulting video and sync into your own monitor.
However in using this in a normal "spying" situation, you get room lights and other "noise" in the signal. You've got to guess at the average ambient level and compensate (subtract it out) so the picture isn't washed out. Then, you are probably working with such a low level of signal per pixel that quantum fluctuations add significant noise. Subtracting signals accentuates the noise, so you'll wind up with a pretty grainy picture -- after lots of trial and error adjustments to find the best background level compensation, pixel fade rate, etc. But most data on computers is presented in quite high contrast, and stays on the screen for quite a while, so you can improve the picture by averaging frames. So it does sound possible to get a good enough picture for most espionage purposes (extracting text and diagrams, or sometimes just finding out what the guy is reading).
What it probably won't do unless you get really close:
-Spy on your Quake rivals; (I assume, not being a
Quake player myself) the picture changes too fast for frame-averaging to help much, and in general it's a detailed, lower contrast picture so graininess would have a greater impact.
-Pirate the Playboy channel from your rich neighbor, unless you are so hard up that just staring at a screen of approximately fleshtoned grains and imagining there's a nekkid woman somewhere in there is enough...
-Steal passwords protected by the "*" character, unless the login was incompetently programmed and it shows the actual character for a frame before covering it up. And probably not even then, because frame-averaging will often be needed for legibility...
Just handwaving here, but I expect that if someone can get a camera where this process works for any of the above, they probably could have focused it right on the screen and also physically wire-tapped the machine.
Anyone who's ever been in a secure facility run by a halfway competent government or any large corporation knows that there are several countermeasures already in place. Many of them were designed for other reasons but serve the same purpose. For example, at one secure computing facility I've visited, the ENTIRE shell of the building's secure area is entirely surrounded by a Faraday cage of solid metal 1/8" thick. Even the floor and ceiling are covered. Seams are bolted shut. Wires and pipes run thru special conduits that trap EM energy. Doorways have metal-finger contacts and vault-style closing mechanisms. I doubt you'd get much diffused light through those measures. Also, several slightly less secure conference rooms I've seen included double blinds on the windows, including metal venitian blinds and thick pull drapes. Again, pretty light resistant. Now, those measures are designed for things like Tempest resistance (the metal Faraday cage) and preventing optical snooping (deadening the sound hitting the glass, thus preventing using an IR laser to bounce a reflection off the window, in an attempt to reconstruct the sound inside the room). But any company that is serious about security already takes great care to protect that information and wouldn't be susceptible to this problem.
The one thing it does reemphasize is that simply sitting with your back to the wall isn't enough. Well, thanks to Tempest and LED blinking and insecure wireless and hosts of other issues, we already knew that.
Frankly, the one surprising thing about this article is that it made it into the mainstream media. I'm quite surprised that the British government, or whatever home country, didn't consider this research highly classified and quickly squelch its publication.
--Brandon / Split Infinity Music
I have heard of somthing different that does this same purpose much better. I believe it was developed by the NSA. This device analyzes your electrical use. By your monitor's electric drain, it can reconstruct an image.
If you don't understand any of my sayings, come to me in private and I shall take you in my German mouth.
It all sound pretty bogus to me. The claim that blinking LED's can be used to reconstruct what you do on the computer is laughable. To reconstruct from a LED what is being written you would have to be able to correlate each blink as one bit. a 0 or a 1. 8 bits per byte, 1024 bytes per kilobyte etc.. ad nauseum.
Let's use the first half of a ripped mpg version of Star Wars Attack of the Clones.
The first half is 701 MegaBytes or 5,883,382,624 bits (that's close to 6 billion bits)
I can write that on my hard drive in 2 minutes which gives us apporximately 49,028,188 bits per second.
Now can anyone tell me that an LED is capable of blinking at a rate of 49 million times per second? And if it can are we able to discern 49 million blinks with the technology we have? From a distance?
Please...
- A Frog in a pond utters an azure cry. -