LED Lights: Friend or Foe? 606
elfdump writes: "In an article (pdf) soon
to be published in ACM Transactions
on Information and Systems Security, security researchers have discovered
that data transmitted through modems and routers can be remotely reconstructed
from the equipment's LED status indicators. According to experiments, their
light-to-information retrieval method is successful even when the light is
captured 'at a considerable distance' from the source. If you want to prevent
people from spying on your data, you may want to tape up those blinking LEDs!"
Mmm hmm. (Score:1, Interesting)
Tempest (Score:5, Interesting)
To do this with an LED would require that the LED be actually driven by the data signal. Most of them go on at the start of the packet or byte and go off at the end, they don't go on for 1 and off for 0. So, you might be able to do a little traffic analysis, but you would not be able to recover the data.
Bruce
And what about IR? (Score:2, Interesting)
Re:bullshit (Score:4, Interesting)
Of course, all this relies on the construction of the modem. Using a slightly less naive algorithm (when a packet arrives, turn the LED on for 1 ms and then shut it off) would defeat this unique kind of sniffing. Still, after staring at my lan hub for a few minutes, I'm wondering if it uses the former technique for flashing the light...
Yeah Right (Score:2, Interesting)
Re:Tempest (Score:3, Interesting)
Re:Tempest (Score:5, Interesting)
Indeed. Here is a program [erikyyy.de] that implements just that. Tempest for Eliza is an interisting program... it actually played classical music on my AM radio using the monitor color intensity! There's a mod for mp3 even. Check it out.
cheers,
fsm
Re:bullshit (Score:2, Interesting)
Move over 802.11x (Score:3, Interesting)
Actually, now that I think of it, that must have been what all those big clunky lights were on ST:TOS. Networking of the future!
I'm a clueless slashdot reader (Score:1, Interesting)
WRONG!!!!!!
Wrong because the modem router (probably 56Kbps) is the critical point. Also wrong because even if an LED is showing the data stream on a 100Mbps link, it's still possible for the data to flow at a slower rate, even the rates they mention in the article.
What I found extremely cool in the article was that it explained how a KEYBOARD could be modified to exploit the scroll lock LED to transmit keystroke data to an optical capture device. Another possible exploit is to mod a keyboard so that an IR LED is installed inside but beside the scroll lock LED (leaving the scroll lock LED intact); the emissions would probably still be detectable but not by the human eye.
Now, what do you think the NSA is doing (Score:1, Interesting)
I still think that Tempest operations are more likely.
Trivia fact... The State Farm Insurance Company's world headquarters building in Bloomington, Illinois, is built to defeat tempest operations. All windows through out the facility are darkly tinted and have embedded micro mesh wiring to keep EM emissions from leaking out. Their safety system for securing their outgoing data lines and satellite communications center is built, well... lets say it's built better than anything you might find on all but the latest military facilities.
The SW tower used to house the mainframe systems. Because of this, that tower has even additional EM and Visual shielding. The rooms are all set back from the windows, with an interviening metal sandwich/composit wall (making all outside windows a hallway, unlike the other three short towers and the high rise exec tower). Floors as well in this tower got a treatment of EM shielding, and all floors are raised on purpose with data drop floor panels for routing cables. Cable trunk guides and tubeways are EM shielded as well.
They may mean more than you think (Score:3, Interesting)
Phillip.
this reminds me of ... (Score:2, Interesting)
you should hear what ever sound is in the room you are aiming at I never tried it but someday I will