Coming to a Desktop near you: Tempest Capabilities

← Back to Stories (view on slashdot.org)

Coming to a Desktop near you: Tempest Capabilities

Posted by Hemos on Monday November 8, 1999 @01:24AM from the fun-with-van-eck-phreaking dept.

AftanGustur writes "New Scientist has an interesting article about a new toy we will all want. It's a card that plugs in one of your PCI slots and allows you to scan the EMF spectrum and read your neighbours terminal. In about 5 years you might be able to get one for just under £1000. (Modern Tempest Hardware costs about £30000) " Excellent. Now I won't have to read over Rob's shoulder all the time.

16 of 111 comments (clear)

Min score:

Reason:

Sort:

Another Microsoft conference by blogan · 1999-11-07 20:33 · Score: 3

"Microsoft announced this morning that it did not design it's keyboards to emit to the EMF spectrum, allowing the NSA a backdoor into your computer. They place the blame on physics."
Re:Laptops and Tempest by jd · 1999-11-07 20:33 · Score: 2

Any unshielded electrical device with a variable current (including LCDs) will give out EMF radiation. It's the nature of the beast.
For that matter, light is EMF radiation, so unless you have your LCD in a coal-mine, it's reflecting EMF all the time it's switched on.
Then, there's the fact that screen monitoring isn't the only monitoring you can do. I used to use a radio, tuned into the bus for the PET, as a sound card. Worked surprisingly well, for all that very clunky metal shielding. What's to stop a much higher-quality receiver from seeing the data, in an unshielded box, being sent TO the LCD, or to any other device on the machine?
It's a mistake to assume that Tempest technology is single-function and that that single-function only works in a single situation.

--
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Keyboard Eavesdropping... by jarv · 1999-11-07 20:37 · Score: 2

Pattern of keystrokes? I'd bet it's possible to really confuse the individual spying on you via the typing patterns monitor method...
Use a Dvorak :P
More Information by Plasmic · 1999-11-07 20:41 · Score: 3

Already, a few people have posted expressing their misconceptions about what TEMPEST is. In a nutshell, it's the process by which radiation given off by electronic devices can be captured and analyzed in order to gather information about what that device is doing.

A good example of how it can be used was given during the October 1996 episode of Discovery Channel's "Cyberlife" show.

A couple other decent sites with more information about TEMPEST are:
The Complete, Unofficial TEMPEST Information Page
TEMPEST monitoring in the real world
5 Years by SamIIs · 1999-11-07 20:42 · Score: 3

In about 5 years you might be able to get one for just under £1000.

In about 5 years, I expect to have a flat-screen (19"). These don't work on LCD, do they?

Also due in about 5 years...
**A robot that cooks and cleans and has a cute, cartoon personality.**
**Cars that fly**
**One supreme Linux Distro**
**A final end to the DOJ MS trial**
Random number generating keyboard warriors by Plasmic · 1999-11-07 20:51 · Score: 2

I'm concerned with the following paragraph from the article:

And keyboards are also troublesome. They rely on a scanning signal, which radiates the pattern of keys being pressed. So the patent suggests using a random number generator to continually distort the scanning signal.

That's one of the the most vague things I've ever read in my life. That's like saying "I didn't want anyone to see me when I robbed the bank, so I used a random number generator to distort the police radio signal." It's apparent that they have some particular application of a random number generator in mind and that it is probably effective, but how on earth it's applied is neither implied nor apparent.

Does any have a clue what they're referring to?
1. Re:Random number generating keyboard warriors by PD · 1999-11-07 21:15 · Score: 2
  
  Keyboards scan in the same pattern, all the time. If you know the pattern, then you just get the timing of the keyclicks and from that you can figure out what keys were pressed.
  
  Instead, keyboards should be scanned in a random pattern, and the time of keyboard clicks will not be helpful to determine what key was struck.
  
  --
  If tits were wings it'd be flying around.
2. Re:Random number generating keyboard warriors by slim · 1999-11-07 21:16 · Score: 2
  
  Sure. Maybe.
  
  Both keyboard and PC share a (pseudo) random number algorithm. When you power on, they negotiate a seed. At every keypress and/or clock tick, they both move on to the next random number, which will stay in sync. Keypresses are XOR'd with the random number before transmission.
  
  Hence, the snooper needs to work out what the pseudo-random number algorithm is, *and* calculate the seed, in order to glean information from the RF emitted by your keyboard.
  --
3. Re:Random number generating keyboard warriors by wowbagger · 1999-11-08 05:29 · Score: 2
  
  I think by they they meant that the microcontroller that is in the keyboard should scan the rows of the keyboard randomly, rather than sequentially.
  
  Howerver, there is a much simpler approach to reading a keyboard in a hard to read fashion: you don't scan! Instead, pressing a key ties the row and column together, and thus pulls the column up and the row down. You read the row and column with comparators, and thus no scanning. We do this on the equipment I help design because since we are measuring radio signals, we cannot be trashing the spectrum up.
  
  IIRC, one time they did a Tempest survey on a computer that passed with flying colors, not because it didn't emit any signals, but rather because it threw out so much hash you couldn't recover any useful information from it.
  
  Sounds like the old TRS-80 Model I: plastic case with no sheilding at all. You could pick one of those babies up on an AM radio for a quarter mile!
  
  --
  www.eFax.com are spammers
Predicatable retro-gaming joke... by slim · 1999-11-07 20:57 · Score: 2

This is old news.

I have an Atari Jaguar with Tempest capabilities...
--
Tempest isn't exactly foolproof by scrytch · 1999-11-07 21:17 · Score: 2

Did you know that you can do tricks with antialiasing in your fonts to change the text on your screen as it appears to a tempest scanner?

tempest isn't there to read text off your screen. it's there to show that your screen is on in the first place and that it's doing something, and that something matches patterns kind of like typing. so if you say "i was in bora bora the day that system was cracked" they can ask you, "then who was typing on your computer?"

--
I've finally had it: until slashdot gets article moderation, I am not coming back.
Tempest Attacks by Evil+Greeb · 1999-11-07 21:17 · Score: 2

I remember being in a Ross Anderson lecture where he demonstrated how by filtering out the top 30% frequency, you could hide your information from a Tempest scanner. PGP 6.0.2 apparently does this, so if you're worried about the government decrypting your transmissions then maybe you should use that!
Also, he demonstrated displaying one thing on your screen, and another thing on the attackers screen, which has the potential to be used two ways: either to foil an attacker, or the possibility of a Tempest virus, which secretly transmits your cryptographic key to the white van waiting outside, while displaying something else altogether on your screen!
Ross Anderson's homepage has links to his papers on this topic.
Re:Laptops and Tempest by jd · 1999-11-07 21:51 · Score: 2

The fall-off is proportional to the square of the distance (ahhh! physics! :). I don't know what the threshold for detection is, with a modern Tempest device, but if you know the threshold and the energy output, you should be able to calculate the maximum range.
You're right, of course, a laptop won't be detectable at the same range as a CRT, but the actual range isn't fixed, as the radiation doesn't just stop.
(eg: If you rigged up Jodrel Bank to a Tempest device, you'd probably be able to capture an LCD on the moon, with only minimal distortion. Jodrel Bank's resolving power would be the key factor there, rather than signal strength.)
Using a primitive, unfocused arial, a low-power amplifier, and minimal screening, you're probably right on the estimates - 1000 yards for a CRT and 10 yards for an LCD sound about right. Rig up a squarial or a satellite TV dish, beef up the amplifier, and improve the screening and you can probably add at least one, maybe two, orders of magnitude.

--
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Can you jam Van Eck emissions? by Kaa · 1999-11-07 22:21 · Score: 2

Shielding one's computer is very cumbersome. Is it not easier, knowing the exact frequencies where your electronic components leak data, to just add a small white-noise transmitter that will jam the needed frequencies? If you want to get sophisticated, it can analyze your emissions in real-time and generate the correct noise to cover/distort them...

But in any case, local jamming should be much simpler/cheaper than shielding. Anybody knows if this is a viable option and if not, why?

Kaa

--

Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Re:Suggestion by Tet · 1999-11-07 23:11 · Score: 2

I know, I know, it's not possible...
Of course it's possible! It'll mean a reworking of X font handling mechanisms, and it'll certainly be a lot of work, but it definitely *is* possible.

--
"The invisible and the non-existent look very much alike." -- Delos B. McKown
Umm, did anyone read the article? by Otto · 1999-11-07 23:35 · Score: 2

All this thing is is a tuner card on a pci board.

BFD. Ham radio people have been making stuff like this for years. Maybe not so nice a version, but hey...

Of course, it is a difference when it's a mass-market item, and more people have the ability to hack away at the software.

Anyway, basically the card is a variable tuner to go through the spectrum and see what's out there. Pipe any signals you may find into the system and decode to your hearts content...

It's pretty entertaining what's out there on the airwaves.. Fun with HAM radios.

---

--
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.