Slashdot Mirror
Coming to a Desktop near you: Tempest Capabilities
AftanGustur writes "New Scientist has an interesting article about a new toy we will all want. It's a card that plugs in one of your PCI slots and allows you to scan the EMF spectrum and read your neighbours terminal. In about 5 years you might be able to get one for just under £1000. (Modern Tempest Hardware costs about £30000) " Excellent. Now I won't have to read over Rob's shoulder all the time.
I thought you guys all had those Sony Viao's? The tempest wouldn't be too useful on those things...the LCD's don't give out EMF....
"Microsoft announced this morning that it did not design it's keyboards to emit to the EMF spectrum, allowing the NSA a backdoor into your computer. They place the blame on physics."
"ruggedized" or military spec (milspec)
I am, therefore you think.
Pattern of keystrokes? I'd bet it's possible to really confuse the individual spying on you via the typing patterns monitor method... :P
Use a Dvorak
I believe the term you're looking for is "rugged reliability" ;)
"It compiles, SHIP IT!" -Overheard at Microsoft's development lab
Already, a few people have posted expressing their misconceptions about what TEMPEST is. In a nutshell, it's the process by which radiation given off by electronic devices can be captured and analyzed in order to gather information about what that device is doing.
A good example of how it can be used was given during the October 1996 episode of Discovery Channel's "Cyberlife" show.
A couple other decent sites with more information about TEMPEST are:
The Complete, Unofficial TEMPEST Information Page
TEMPEST monitoring in the real world
In about 5 years you might be able to get one for just under £1000.
In about 5 years, I expect to have a flat-screen (19"). These don't work on LCD, do they?
Also due in about 5 years...
**A robot that cooks and cleans and has a cute, cartoon personality.**
**Cars that fly**
**One supreme Linux Distro**
**A final end to the DOJ MS trial**
I can see a future where either:
or
or
Echelon, hell. Beware thy neighbor. Shame, iddnit?
-Omar
What is the legal side of this like?
Is it legal to use this kind of equipment, and if so, what is it legal to read?
I'm concerned with the following paragraph from the article:
And keyboards are also troublesome. They rely on a scanning signal, which radiates the pattern of keys being pressed. So the patent suggests using a random number generator to continually distort the scanning signal.
That's one of the the most vague things I've ever read in my life. That's like saying "I didn't want anyone to see me when I robbed the bank, so I used a random number generator to distort the police radio signal." It's apparent that they have some particular application of a random number generator in mind and that it is probably effective, but how on earth it's applied is neither implied nor apparent.
Does any have a clue what they're referring to?
. . . to go on and on about privacy and security for ourselves, and then start jumping at a chance to spy on everyone else? Not that I don't want one myself, mind you (though the "respectable" reason is to reverse-engineer and protect myself), but it kinda seems silly to think that way.
The truth of the matter is still the information war. We don't object to the act of spying, we just want to make sure WE'RE doing the spying, not the guy next to us.
Bad things often happen to good people,
It is up to them to see that they remain good.
This is old news.
I have an Atari Jaguar with Tempest capabilities...
--
I've seen that people invented a coat that will be used in the planes to isolate the cockpit, allowing you to use your notebook during takeoff and landing. Maybe I should put it all around my room. But I don't think my TV will still work after this re-styling.
--I like 2 kinds of women : GIFs and JPEGs--
Even still -- in this light, I'd like to get anti-aliasing integrated into my X server. We've still got some time, anyway.
-----------
"You can't shake the Devil's hand and say you're only kidding."
While it is not as difficult to scan a computer ("tempest" style), it is not that difficult to shield a computer.
LCDs / laptop displays are a first step to reducing possibly compromising signals. LCDs work with a much lower signal level than CRTs (thus lower emissions) - but while they are harder to scan LCDs it still is possible.
The only way to prevent emissions is to shield the computer. L0pht had pictures of a do-it-yourself shielded computer about a year ago, but I was not able to find it again (shielded too well, eh?). While the CRT is the foremost target for shielding (because its emission levels are the highest), one has to shield all and everything.
Shielding with metal enclosure AND mu-metal (for magnetic shielding): CRT, CPU box, printer, modem.
Shielding with metal enclosure should be enough: keyboard + mouse - a trackball might be better because of heavy/stiff shielded cables,
connecting cables (any - video, printer, serial, network).
A big no-no are radio keyboards or mice - or wireless LAN. The reason should be obvious.
Not that obvious are "leaks". Do not forget to cover floppy + CD-rom doors with a radiation lock (at least a proper door) - and build radiation locks / traps / grids for ventilation in- and outputs.
Practical side-effect of a highly shielded PC: it mutes (compromising) radiation as well as (ventilation/hard disc) noise. A good workstation is quiet - in both, EMF and noise emissions.
Cyber-cops already exist, with the proliferation of inexpensive Van Eck monitoring you will see mercenaries(similar to the information gatherers in Stephenson's Snow Crash) offering their contracted services to law enforcement agencies. This may benefit those of us who do care about privacy by speeding up the development of countermeasures. -Matt
We're all going to go out and buy one right? The market for eavesdropping equipment that does this sort of thing is so small that there are no economies of scale .... the prices will not come down because the cost of the hardware is probably miniscule compared with the R&D.
Did you know that you can do tricks with antialiasing in your fonts to change the text on your screen as it appears to a tempest scanner?
tempest isn't there to read text off your screen. it's there to show that your screen is on in the first place and that it's doing something, and that something matches patterns kind of like typing. so if you say "i was in bora bora the day that system was cracked" they can ask you, "then who was typing on your computer?"
I've finally had it: until slashdot gets article moderation, I am not coming back.
Also, he demonstrated displaying one thing on your screen, and another thing on the attackers screen, which has the potential to be used two ways: either to foil an attacker, or the possibility of a Tempest virus, which secretly transmits your cryptographic key to the white van waiting outside, while displaying something else altogether on your screen!
Ross Anderson's homepage has links to his papers on this topic.
Yes the fact that we may all have flat screen monitors (40 inches wide) which dont emmit emf does limit this and hell i wonder if it has a sensitve enought microphone for capuring speach recogonition. But there are always going to be scurity issue. The data still has to be transefered via metal cables and these are great from giving out loads of emf. Your picture doesn't magically jump to the screen yet. As for the hardrive issue, arn't we all going to have holographic storage by them? Or will we be waiting for the linux4.2 drivers :o) -my tupence (I'm english I'm afraid)
Don't forget about your printer. Security ratings have been denied because a 'W' sounded different than a 'Y'.
To see some pictures of a real TEMPEST shielded PC take a look at some of the old IBM PC/XTs they have at http://www.meco.org. Last Friday I saw a pretty rare SPARCstation. It was a TEMPEST shielded SPARCstation 2. Really heavy machine and a bit larger than a normal SPARCstation 2 due to the shielding. The floppy and power switch were located behind a 1/4" solid aluminum door on the front panel. It was used by the Navy. Maybe next time I'll pick it up and take some pictures. The thing has got to be a rarity.
What now? Everyone builds a lead/iron box in his backyard and stuff all our electronic equipment into it? Might as well enclose our whole house in it. Might help twart off robberies and stuff. Maybe add a couple of turrets and reinforce it.
And viola! We have the ultimate personal fallout,bomb,terrorist,privacy shelter.
Beats the purpose of living.
And where's our bloody moonbase?
:)
have you looked at the date lately?
It disappeared after a big explosion a couple of months ago.
Come on, lad, get with it!
P
Pope
It doesn't mean much now, it's built for the future.
It was mostly about shielding a computer to reduce emissions. All the cases were "ruggedized" (heavier construction, lots of screws) with copper mesh shielding inside the case near seams and openings. The systems were "Tempest certified" to indicate EMR emissions from the cases were reduced below certain thresholds.
Wasn't proof against extreme conditions, though -- I accidentally knocked a cup of coffee into an unpowered keyboard once, was a royal pain to clean up (I counted some 50 screws just for the keyboard case.)
Shielding one's computer is very cumbersome. Is it not easier, knowing the exact frequencies where your electronic components leak data, to just add a small white-noise transmitter that will jam the needed frequencies? If you want to get sophisticated, it can analyze your emissions in real-time and generate the correct noise to cover/distort them...
But in any case, local jamming should be much simpler/cheaper than shielding. Anybody knows if this is a viable option and if not, why?
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Hiding the keyboard signals seem to be reasonably easy to solve - I dunno about the signals coming off buses & disk drives (the only practical way to hide these might be to use a shielded case).
As far as the monitor information is concerned, what if the display was generating by modulating a "white noise" signal? In other words, you start out with a white noise signal, & direct it preferentially toward different parts of the screen to vary intensity (I'm assuming you could deal w/color issues in this somehow).
I guess this would be like the old vector-tracing scopes, except the phosphors would probably decay a lot more rapidly, allowing the pictures to be to be changed more quickly. The random nature of the base signal might make the picture a little more "fuzzy" (depending on the precision of the modulation electronics). As a good benefit, you wouldn't have any problems with refresh rates - since a "refresh signal" wouldn't really exist.
I'm glad that I have some old 386 cases that have 20 pounds of steel in them.
;)
Now I just need to slap some ferrite cores on all of my cables, make sure all my power runs through an active UPS, and turn my computer room into a faraday cage.
Unfortunately, this is no laughing matter.
It is actually slightly frightening that the price of this technology is dropping, if anyone can save up and buy this type of device, nothing is safe.
I know that my bank does not use tempest resistant equipment. Here's a scenario: Thief leaves a tempest scanner in a lunchbox computer (mostly shielded of course) in his car that happens to be parked next to the bank or a vulnerable atm machine....a week later he records the acct#s to mag cards and writes a list of pins. Then in person, at an ATM that dosen't have a camera (yes there are a few of those still out here in rural america) and empties the machine.
Another scenario: Snoops watch neighborhood computer use and start extoring money out of people that look at naughty porn.
Another scenario: A small startup firm is cash strapped, but has developed a crucial piece of software for this new technology. Snoops lift the software, business plan, and pricing scheme out of the startup's computers. Well funded snoops beat the startup to the punch and the startup goes out of business.
A scenario that would be very likely: A competing local company pulls a customer list off of your computer, along with your price list, vendor list, and all of your other vital information.
It changes the picture completely. I can secure my computers to a reasonable extent, but can my Bank, ISP, Phone Company, Power Company, Credit Card company, etc.
Then again, we could just drive past microsoft and grab a copy of the source code for windows too!
I mean it's not like packet sniffing. It is too expensive to go around van ecking script kiddies and other kinda low level computer criminals. To me the main application of this is industrial espionage. It's kind of a cool spy type thing and if it makes it into the main stream media we can probably expect a james bond movie mention.
But I have a hard time believing that this is really a threat to my right to privacy at least for the moment. This card certainly would be if someone really wanted to see me entering my pin in an atm, or my credit card number when I was buying at amazon or whatever. But that's not really an issue of rights or whatever, it just means that petty criminals are going to have access to this technology and then the nightly news will have something new to stir up paranoia about and every company will make a tempest shielded laptop for everyone and then nothing will come of it.
I'm afraid that this is not really about rights so much as vulnerabilities to crime and fraud. If you are a terrorist or a revolutionary or you are worried that you will be spied on while you are using your computer to plan or talk about crimes, stop. If you are a known terrorist or revolutionary then do not use computers, meet your cronies in dark back alleys and you are fine.
I think we (I am assuming most of you are not criminals) are only really going to be at risk when the technology comes to the point that the police can troll up and down the streets in vans and then bust in on anyone they can catch doing something wrong. And I bet that violates the watcha-callit... Constitution thingy.
So in the mean time I guess I can just keep an eye out for the flowers by irene vans outside my house and go on with my unshielded self.
With all the worry/complaining surrounding government spying (think Echelon) I don't like the idea of my neighbors also spying on me, nor do I want to spy on them.
All this thing is is a tuner card on a pci board.
BFD. Ham radio people have been making stuff like this for years. Maybe not so nice a version, but hey...
Of course, it is a difference when it's a mass-market item, and more people have the ability to hack away at the software.
Anyway, basically the card is a variable tuner to go through the spectrum and see what's out there. Pipe any signals you may find into the system and decode to your hearts content...
It's pretty entertaining what's out there on the airwaves.. Fun with HAM radios.
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
If these things become common and cheap then I think it would be a Good Thing in a backhanded sort of way. Individuals and businesses will demand security against cheap and prevalent Tempest monitoring. In other words, Plug and play EMF protection. If the script kiddie next cubicle over can't monitor your workstation then it will probably be difficult for the spooks as well. This could turn into yet another way to really get the spooks' goats.
VNC
:-)
Think "desktop telnet": you can view (and manipulate) another computer's desktop remotely. Yes, you do need a password and the computer's IP, but how many of us here are spies? (You can all put your hands down now.)
You can view a Windows machine from *NIX, a Mac, and vice versa. No need to install expensive, proprietary software to see those X apps run. (Unless you really need a lot of speed.)
Okay, I'm starting to sound like a marketroid. But seriously--this rocks. We're using it at my school, and we love it.
Oh, did I mention it's GPL'd?
Isn't this pretty much the same thing as Van Eck Phreaking as mentioned in Cryptonomicon?
I guess when you receive such a signal, you have to "syncronize" that to form a picture. That means the equipment would have to be set for, say, 60Khz horizontal signal/100 Hz refresh rate.
Would hard-to-find resolutions/refresh (Eg. 1600x1200/120 Hz) make it harder to intercept ? IMO, the eavesdroper would have to have at least a monitor as good as that one, am I right ?
-
Roses are #FF0000, Violets are #0000FF, find / -name '*base*' |xargs chown -R us && mv zig greatjustice
All that'll do is put the tools exclusivly in the hands of criminals. It COULD be legislated that all new computer equipment coming into the country was tempest grade, but then we would be resistant to unreasonable search & seizure...can't have that now, can we?
Perhaps, but the victim is broadcasting his signal (which the Tempest equipment or celluar scanner picks up) right through me. Why can't I intercept it?
I'd rather equip computers with Tempest shielding, so they don't broadcast their signals out. Even if Tempest were illegal, there'd be nothing else to stop someone from building a receiver.
Tempest can mean two things. First, as the NSA uses it, it is just a standard for testing emissions of electronic devices.
As the layperson uses it, it is the device that spies on these electronic devices.
I do what the voices on my console tell me to do.
I'm wrapping my box in tin foil tonight!
Finally, I can tell my Tempest joke to some people who will get it: Have you heard about Tempest 2.0? No. Apparently my brain is no longer "Tempest certified" hehe
-- Your ad here $20 --
makers of premium channel descramblers and early satellite dish owners tried the same hokey defense and LOST. You don't own the signals even when they're passing through your home, over your land, or through your skull.
And that is where I and the courts disagree. IMNSHO it is up to the `victim' to deal with shielding or scrambling the signal. I don't see anything more wrong with intercepting radio EMF than visual EMF; certainly there are laws against going up and peeking in someone's window, but I'm hardly spying someone if I see them in a public place or my from the privacy of my house. It's as if they were living in a glass house; just as there ought to be walls that can't be seen through with visual light, there should be walls (i.e. Tempest shielding) that are opaque to Tempest-range radiation.
Tempest shielding (or jamming) ought to be ubiquitous. Even assuming that Tempest equipiment and the use of Tempest were banned, there would be nothing to stop one from procuring (buying on the black market, or simply building it) and using it - unless you propose permitting random searches?