CRT Eavesdropping: Optical Tempest 219
PortalCell writes "LED status monitors may potentially leak data in a few applications, but worse: Markus Kuhn has now revealed (pdf) that it's possible to read your monitor indirectly just by observing how the blue flicker lights up the room! Forget taping up LEDs or living in a metal box - now you might have to do without sunlight to be secure!" Hopefully people will also stop submitting the LED story now.
Knowing your enemy (Score:3, Insightful)
I see a lot of potential in this sort of technology, though. When the government wants to crack down on terrorism / kiddie porn / the "threat" of the day, they will usually issue tens to hundreds of search warrants and confiscate tons of computer equipment in the name of "finding the bad guys." They will no longer have an excuse to do that, since they will now be able to eliminate potential suspects just by looking at light that was leaked from their residences. This will be a true victory for those of us (remember SJ Games?) who are scrutinized by our government without reason: they will have no reason to break into our private homes, steal our legitimately purchased equipment, and go on a "fishing expedition" in search of wrongdoing. No judge could ever let them harass a criminal suspect unless they have exhausted all other avenues and proven to the judge that that suspect is actually engaged in wrongdoing.
And that is good for us all.
-s3r
Sunlight==good (Score:5, Insightful)
According to the text it's just the opposite:
That's just another reason why I'd rather not subscribe to /. Not only do the editors fail to avoid dupicate stories, those submitting them don't even read them properly.
Re:Sunlight==good (Score:3, Insightful)
Well, at least I'm secure... pasty white, but secure.
Re:Sunlight==good (Score:3, Insightful)
People can't see the LED's if they can't see in your windowsless building. You also won't be able to see the sun
Next, Randomly Scanning monitors (Score:2, Insightful)
Re:Ridiculous (Score:2, Insightful)
As far as the examples given: Let's just say that I'd like to see it in action before believing it...
Computers And Networks Leak Like Sieve (Score:5, Insightful)
On of the guys I used to work with would talk about the truck that would park outside their NOC to listen to their ethernet via radio receivers on the truck. One can guess where the truck came from, but the scary part is that this was more than a decade ago. They were doing things that might possibly be of interest to spooks, or perhaps a well-funded competitor.
It's fun to engage in a fantasy world where government spooks are around every corner, but in reality there's no justification for spending large amounts of money or time to protect yourself from imagined threats like that. I am more worried about somebody breaking into my house to steal my stuff or script kiddies from Germany installing an IRC server on my boxes than the government spying on me.
Most of us do not have anything that would justify non-criminals to bother with us. Those of us that do usually have the budgets to do something about it. And the criminals are not terribly sophisticated, so common sense and a decent system administrator are usually enough to meet the standard threats. Most criminals are opportunists, if you present a challenge, they'll move on to the guy who has his root password set to "password".
The people who have highly sensitive stuff know that there's no real security in most hardware and software and work to build environments to protect their stuff. They probably do not buy their hardware from Dell.
Those of us who really only need to protect our banking and personal information as well as our bandwidth don't need to worry about monitor emission security just yet. For banking information, it's much easier to get that information in much more mundane ways than eavesdropping on your monitor. You should worry about what your local convienence store does with their copy of your credit card receipt.
Re:On the other hand... (Score:3, Insightful)
The method used is very simple, and could be vastly improved by using better/more sensors, more computing power (for higher order filters/longer convolutions), or more time to experimentally tune the process to the characteristics of the target display. It must be assumed that the big boys (i.e. world governments, maybe some corporations) have access to all three of the above.
A really good point (Score:3, Insightful)
Or they could tell the receptionist they're here to see Bob, and then go look at the paper files. I think it would be easier to do the latter.
But very few would attempt the second kind of attack, because it's hard to say "Oh yeah, I was just checking out security. Just playing." when someone discovers you digging through files on someone else's property.
In the same way, stealing information via CRT flicker requires too much of a physical commitment for it to gain much popularity I think. At least in most cases - it might be different if your office is accross from a competitor's. Even then, seems like it would be easier just to zoom in and watch them type their password.
Interesting article anywho.
.
Re:Ridiculous (Score:3, Insightful)
Again, my doubt is regarding non-trivial test cases with a normal computer monitor : Yeah if the raster gun was drawing a line on the opposing wall then it could be read, but it's a question about realistic implementation with real hardware.
Re:Sunlight==good (Score:3, Insightful)
Hence, you might have to do without sunlight to be secure -- by not having windows in the room.
A good excuse (Score:2, Insightful)
--
I gave up my +1 bonus, don't mod me down!