Georgia Institute of Technology Researchers Bridge the Airgap

An anonymous reader writes Hacked has a piece about Georgia Institute of Technology researchers keylogging from a distance using the electromagnetic radiation of CPUs. They can reportedly do this from up to 6 meters away. In this video, using two Ubuntu laptops, they demonstrate that keystrokes are easily interpreted with the software they have developed. In their white paper they talk about the need for more research in this area so that hardware and software manufacturers will be able to develop more secure devices. For now, Faraday cages don't seem as crazy as they used to, or do they?

Re:Add noise

[cbelt3]

Yep. Ditto. I still recall one young smartass demonstrating to our boss that he could display what was on the Boss's computer monitor from about 30 feet away with an antenna and a circuit he built with a breadboard.

A faraday cage IS the only way to protect against this with 100% reliability.

Re:Add noise

[tlhIngan]

I'd be curious to know (I'm definitely underinformed, so this is an honest question) whether that tactic has lost some effectiveness over time. The classic monitoring-RF-to-read-CRTs stuff depended on getting an adequately clean copy of the distinctly analog output of the CRT. Now, all signals are fundamentally analog signals; but digital signals are analog signals designed to make guessing the correct value really easy(since there are only two possibilities, rather than an arbitrary number of them); and now more than ever it's a safe guess that sensitive data will be heading over a number of RF-emitting digital busses, from the keyboard to the computer, within the computer, and likely to the monitor as well.

  Does the broadband noise still drown out the desired signal sufficiently to prevent reconstruction, or does our increased emphasis on high-speed digital busses (often designed to operate with some amount of error correction in the event of cheap lousy hardware being cheap and lousy) make it more tractable to either unambiguously pick the correct interpretation of a noisy input, or make a number of guesses and use known features of the bus to help eliminate the incorrect ones?

Well, it has lost a lot of effectiveness because we switched from CRTs to LCDs - a CRT has very distinct emission patterns because it has to drive the electron beam around. So you can detect when the syncs happen because they're driven by huge magnetic field coils on the side of the CRT in a standard frequency and pattern (vsync happens at the Hz level, hsync at the kHz level), and the amplifiers that drive the electron guns emit a lot of RF as they operate.

These days the emissions are far lower because we're not having to accelerate an electron beam, so the amplitudes are lower. Sure you can sniff the signal cabling but unless you're using analog cabling, most external signalling use a form of encoding that's designed to minimize RF emissions. Not because of Van Eck, but because they want to spread the peaks of emissions across a broadband range which makes it easier to pass RF emissions tests (e.g., FCC emissions tests).

So using a DVI or HDMI cable causes the signal to smear (TMDS - transition minimized differential signalling - transitions cause the big spikes in RF emissions, so if you can minimize them, you can increase rise/fall times which lowers RF emissions, spreading and smearing the signal across a wider frequency band and trying to hide it in the noise).

Of course, most digital busses don't do this (they assume the entire system will be RF shielded), same as CPUs so with the right receiver, those signals show up pretty clearly, especially if you can compromise the RF shielding.