Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security

CRT Eavesdropping: Optical Tempest 219

PortalCell writes "LED status monitors may potentially leak data in a few applications, but worse: Markus Kuhn has now revealed (pdf) that it's possible to read your monitor indirectly just by observing how the blue flicker lights up the room! Forget taping up LEDs or living in a metal box - now you might have to do without sunlight to be secure!" Hopefully people will also stop submitting the LED story now.
This discussion has been archived. No new comments can be posted.

CRT Eavesdropping: Optical Tempest

Comments Filter:
  • by danro ( 544913 )
    I better get my tin foil hat out, or get a TFT...
    • On the other hand... (Score:2, Interesting)

      by danro ( 544913 )
      Considering the quality of the output, maby a funky wallpaper and transparent terminals might be enough for all the tin foil hat type persons out there...

      A _field_ test of this would probabli yield a even worse picture, methinks...
      • "A _field_ test of this would probabli yield a even worse picture, methinks..."

        The method used is very simple, and could be vastly improved by using better/more sensors, more computing power (for higher order filters/longer convolutions), or more time to experimentally tune the process to the characteristics of the target display. It must be assumed that the big boys (i.e. world governments, maybe some corporations) have access to all three of the above.
    • by Anonymous Coward
      Dude, didn't you know? Now they can hear your data from 15 miles away by reading those clicking noises your drive makes...

      It's madness! Soon it really will be like Blade Runner - my digital camera will be able to go round corners just like the Vespa thingy does, "Left a bit, right a bit, go behind the pillar..."

      And that thing about how a butterfly flapping its wing in China affects stuff in the US? You'll be able to photo that from Chicago...

    • TFT! (Score:1, Redundant)

      Yeah, I better get my Tin Foil Top out too..
  • how practical/feasable/reliable is it? Wont data be missing if a shadow or a person walks in front of it and make it hard to put together?
    • With wireless networks now gaining ground that doesn't require direct line of sight, I would think this is rather an academic evesdrop rather than a real world applicable one.
    • Wont data be missing if a shadow or a person walks in front of it and make it hard to put together?

      I don't see how the problem would be any worse for this technique than for simply looking at a CRT through binoculars. If someone blocks the light, you won't be able to read the screen for a few seconds. Oh well. Besides, since this technique can be used on diffusely reflected light from a wall, it would be MORE resistant to obstructions than direct observation, because the person's shadow would have to obstruct almost all of the light coming from the CRT to keep it from reflecting off of other objects, instead of the person just blocking direct line of sight from the CRT to you. In fact, the whole point of the technique is that it doesn't require a direct line of sight to the screen to read it.

  • "Hopefully people will also stop submitting the LED story now."

    This article was posted Wednesday. Maybe people will get the clue and read slashdot before they send in submissions and just maybe the editors will do the same as well.

    http://slashdot.org/article.pl?sid=02/03/06/1221 22 4
  • by phr2 ( 545169 ) on Saturday March 09, 2002 @07:03PM (#3136154)
    than CRT's. Kuhn's attack works by rapidly sampling the light intensity as the electron gun whizzes around the CRT screen. With LCD's, the light comes from a constantly-on fluorescent tube and there's not the same type of scanning; the LCD itself reacts much more slowly than a CRT does. The optical emanations just don't have as much bandwidth and can't carry all that info. Of course you still might leak screen contents thru RF emissions from the video card, but that's the usual TEMPEST that we already know about. (Note: this info is from Kuhn's paper).

  • This technique relies on the raster nature of CRTs ... therefore, for our own safety, I think the government ought to buy us all nice large LCD monitors.
    • This technique relies on the raster nature of CRTs ... therefore, for our own safety, I think the government ought to buy us all nice large LCD monitors.

      Nope, the govt will take away your nice LCD. It's so much easier to ensure your safety when you use an easy to monitor LCD.

  • I've already painted my walls and made a tinfoil hat for my computer - now I'll have to cover my windows with black plastic. Maybe Transmeta knew about this back in the day? Well, I guess it didn't help them, their competitors must have stole their, uh, secrets.
  • Knowing your enemy (Score:3, Insightful)

    by sting3r ( 519844 ) on Saturday March 09, 2002 @07:06PM (#3136170) Homepage
    I am no advocate of government eavesdropping. I am a card-carrying ACLU member and have sent funds to the EFF prior to the passage of just about every draconian piece of legislation since the DMCA.

    I see a lot of potential in this sort of technology, though. When the government wants to crack down on terrorism / kiddie porn / the "threat" of the day, they will usually issue tens to hundreds of search warrants and confiscate tons of computer equipment in the name of "finding the bad guys." They will no longer have an excuse to do that, since they will now be able to eliminate potential suspects just by looking at light that was leaked from their residences. This will be a true victory for those of us (remember SJ Games?) who are scrutinized by our government without reason: they will have no reason to break into our private homes, steal our legitimately purchased equipment, and go on a "fishing expedition" in search of wrongdoing. No judge could ever let them harass a criminal suspect unless they have exhausted all other avenues and proven to the judge that that suspect is actually engaged in wrongdoing.

    And that is good for us all.

    -s3r

    • Or it could allow them to find MORE people to terrorize.

      Secret Police to Judge: "We looked at his monitor emissions and he was reading about terrorism. No, we can't tell you what it was. Why not? National security."
    • by PhotoGuy ( 189467 )
      they will now be able to eliminate potential suspects just by looking at light that was leaked from their residences
      But isn't this exactly the same as the case where they used thermal imaging to determine a pot growing operation? I think that case was thrown out, as an invasion of privacy.

      I don't see how decoding blue light leaking from a residence would differ from decoding infrared radiation leaking from a residence.

      I'm all for catching bad guys every way possible, (and even for reducing the rights of the masses to do this) but given the current state of affairs, I don't think this would work without the same warrants required for other monitoring.

      Neat technology, though. One night, after seeing the neighbors TV glow flickering on their wall, I had thought about how it should be possible to monitor people's TV viewing habits, but spotting the patterns of illumination, comparing it to known broadcasts. Should be trivial to find the best match. Just one more thing for the paranoid conspiracy theorists to worry about. :-)

      -me
      • Re: (Score:2, Interesting)

        Comment removed based on user account deletion
      • >One night, after seeing the neighbors TV glow
        >flickering on their wall, I had thought about
        >how it should be possible to monitor people's TV
        >viewing habits,

        Seems it would be easier to just get an inside at the local cable company to track what channels they watch on a regular basis.

        The cable box I use is clearly two-way, for pay-per-view and on-demand viewing, so I'm pretty sure Time Warner has the CAPABILITY to log what channels you watch and for how long, and knowing TW I'm willing to bet they do some sort of demographic tracking BS.

        I have to wonder how many nights they've been able to figure out "Ok, he's home drunk and alone and flipping through the Skinemax late-night features..."

        Er, about my neighbors, I mean.

        -l

        • > I'm pretty sure Time Warner has the CAPABILITY to log what channels you watch and for how long, and knowing TW I'm willing to bet they do some sort of demographic tracking BS.
          >
          > I have to wonder how many nights they've been able to figure out "Ok, he's home drunk and alone and flipping through the Skinemax late-night features..."
          >
          >Er, about my neighbors, I mean.

          Well, sure, but you didn't need anything as high-tech as two-way cable or the tech described in this article to tell what was on if the light on your walls was mostly pink instead of blue, and its intensity varied in a sine wave with a frequency of about 1-2 Hz... ;-)

  • Van Eck phreaking (Score:2, Interesting)

    by ushac ( 457868 )
    Wow, that's really neat. I wonder how good the results of this is compared to say van Eck phreaking (eavsdropping on the EMI emitted by the CRT-gun)?

    Regards / ushac
  • Of Couse, this is along the lines of looking in through windows from the buildings from across the street.

    If your server is in a oversized closet opening into an inside room, then the odds of someone actually doing something with it from the outside is pretty slim.

    Of course, If you have to worry about a hacker from inside the company, then you have other problems as it is.

    • If your server is in a oversized closet opening into an inside room, then the odds of someone actually doing something with it from the outside is pretty slim.

      Why would anyone want to know what's on the screen of a server in a closet? Getting a screen image is probably only useful if a human is sitting at and using a computer. Humans often try to get offices with windows.

  • Sunlight==good (Score:5, Insightful)

    by los furtive ( 232491 ) <ChrisLamothe&gmail,com> on Saturday March 09, 2002 @07:11PM (#3136188) Homepage
    now you might have to do without sunlight to be secure!

    According to the text it's just the opposite:

    In a sufficiently
    dark environment and with a large enough sensor aperture, practically significant reception distances are possible.

    That's just another reason why I'd rather not subscribe to /. Not only do the editors fail to avoid dupicate stories, those submitting them don't even read them properly.

    • Re:Sunlight==good (Score:3, Insightful)

      by _underSCORE ( 128392 )
      actually, I think they were talking about working in a totally windowless office.

      Well, at least I'm secure... pasty white, but secure.
    • Re:Sunlight==good (Score:3, Insightful)

      by jamus ( 1439 )
      I think he was talking about a building not having any windows to be secure, rather than the amount or kind of light in the room.

      People can't see the LED's if they can't see in your windowsless building. You also won't be able to see the sun :P
      • I think he was talking about a building not having any windows to be secure

        That definately important! If you have Windows in the building, they can use magic lantern or other M$ software holes.
    • Re:Sunlight==good (Score:3, Insightful)

      by alexburke ( 119254 )
      I think the editor was making a stab about your adversary pointing this geegaw at your window and reading your screen from the high-frequency fluctuations in the light cast into the room by your monitor.

      Hence, you might have to do without sunlight to be secure -- by not having windows in the room.
      • I'm reminded of a tale told by a friend who works as a janitor (don't laugh -- she makes $26/hour plus OT and benefits!) at a secure Rockwell facility. Seems they have this lead-lined anti-eavesdropping room with all the trimmings.. wherein they were reminded of a wee little security hole when vines began growing roots up thru the seam between the lead walls and the concrete floor.

        Now, if we could only teach those vines to carry microphones and nanocameras with them... :)

      • Hence, you might have to do without sunlight to be secure -- by not having windows in the room.

        This is just more anti-Microsoft FUD. Windows is harmless unless you install it.

        -
  • From the end of page 14:
    "Rooms where a significant amount of the ambient light comes from displayed sensitive information should be shielded appropriately, for example by avoiding Windows."

    Ha! Take that, Microsoft!
    --Cam
  • This whole thing was pretty obvious. If you've ever driven by houses with televisions near windows when the tv is on, you usually see a blue room. Get some really sensitive piece of equipment, and you could measure the blue content and get an image of their screen. Specially tinted windows could reduce or eliminate this threat, but you could tell from the outside that the windows were tinted such.
    • If it is so obvious, why didn't you write the paper?

      And just because there is a blue glow doesn't mean there is information - if the decay of the phosphor was too slow the information would just be blurred (in the time domain)
      • If you have good eyes, you can usually tell what someone is watching by the way the blue color flickers and is shaded if you're not moving too fast. So finding out exactly what they're watching shouldn't be a problem for a machine.
        • We are talking about reconstructing data by catching the indivdual pixels as they get painted. You are talking about something a lot more trivial.
    • If you've ever driven by houses with televisions near windows when the tv is on, you usually see a blue room.

      It's trivially simple to figure out what someone is watching by looking at the glow coming out their window. The best place to see this is near a high rise retirement complex full of old people. I don't know what happens to you as you get older, but it seems that the older you get, the more likely you are to watch TV with no other lights on in the room. After watching for about thirty seconds, you can tell which rooms have TV sets tuned to the same channels. It's fascinating and depressing at the same time.
      The best observation times are Sunday evenings. When 60 Minutes and Touched by an Angel are on, almost all the windows in any retirement complex become synchronized and light up or go dark all at once.
  • now you might have to do without sunlight to be secure!

    No problem for most slashdot readers, since they are most likely asking: "What is this sunlight you speak of?"

  • I can see it now. Random scan order on your monitor. CRTs will (probably), eventually be a thing of the past and replaced with somthing that doesn't have a scan timing to be deciphered.
  • Sunlight? (Score:2, Redundant)

    by Knunov ( 158076 )
    "Forget taping up LEDs or living in a metal box - now you might have to do without sunlight to be secure!"

    What's this 'sunlight' I keep hearing about?

    Knunov
  • From reading the pdf linked - it sounds like with a sufficiently high sammpling rate ( their words more or less ) it's possible to re-render the text. This should hold true to the way scan-guns work on most monitors.

    What's new here? This is almost equivlant to putting a Video Camera infront of a monitor and then hooking the output up to your TV.
    • the difference is, as you would no doubt know if you actually HAD read the article, that this attack allows the reconstruction of the CRT image from reflected, diffuse light; the only information an attacker needs is the glow of the monitor on the walls of the room.

      ever looked in a window down the street late at night and seen the whole room lit up by a television?
  • by pryan ( 169593 ) on Saturday March 09, 2002 @07:30PM (#3136267) Homepage
    I don't know why everyone is so shocked that people can eavesdrop, there is almost zero emmission security in almost anything deployed almost anywhere. Then again, currently, there's no practical need for such secured equipment in a normal civilian environment.

    On of the guys I used to work with would talk about the truck that would park outside their NOC to listen to their ethernet via radio receivers on the truck. One can guess where the truck came from, but the scary part is that this was more than a decade ago. They were doing things that might possibly be of interest to spooks, or perhaps a well-funded competitor.

    It's fun to engage in a fantasy world where government spooks are around every corner, but in reality there's no justification for spending large amounts of money or time to protect yourself from imagined threats like that. I am more worried about somebody breaking into my house to steal my stuff or script kiddies from Germany installing an IRC server on my boxes than the government spying on me.

    Most of us do not have anything that would justify non-criminals to bother with us. Those of us that do usually have the budgets to do something about it. And the criminals are not terribly sophisticated, so common sense and a decent system administrator are usually enough to meet the standard threats. Most criminals are opportunists, if you present a challenge, they'll move on to the guy who has his root password set to "password".

    The people who have highly sensitive stuff know that there's no real security in most hardware and software and work to build environments to protect their stuff. They probably do not buy their hardware from Dell.

    Those of us who really only need to protect our banking and personal information as well as our bandwidth don't need to worry about monitor emission security just yet. For banking information, it's much easier to get that information in much more mundane ways than eavesdropping on your monitor. You should worry about what your local convienence store does with their copy of your credit card receipt.
    • by JMZero ( 449047 )
      If someone wanted to steal information from our files, they could do so through the internet.

      Or they could tell the receptionist they're here to see Bob, and then go look at the paper files. I think it would be easier to do the latter.

      But very few would attempt the second kind of attack, because it's hard to say "Oh yeah, I was just checking out security. Just playing." when someone discovers you digging through files on someone else's property.

      In the same way, stealing information via CRT flicker requires too much of a physical commitment for it to gain much popularity I think. At least in most cases - it might be different if your office is accross from a competitor's. Even then, seems like it would be easier just to zoom in and watch them type their password.

      Interesting article anywho.

      .
  • Studying in cam.ac.uk, I went to see a talk by Duncan Campbell on modern espionage in October 2000. In the end he asked Markus Kuhn from the audience to explain his latest work, CRT eavesdropping. So I guess 'news' is a relative concept :-)
  • LCD's do not use a scanning electron beam, so the screen display is not made up by the high bandwidth light output. LCD's on the desk top and on laptops are a step in the right direction. The other solution is never use a computer in a dark room. Kick on a few compact flourescent lights. Their high frequency operation and high output goes a long way to adding lots of noise (opticaly) to the environment. Tempest then becomes difficult the same way it is to eavesdrop on the couple whispering to each other a few rows up at a concert.
  • um don't most of us shun sunlight now anyway? heck my drapes never open. I think the dust has glued them shut.
  • It never ceases to amaze me how we paranoids are constantly proven right yet so many refuse to believe that they are out to get us.
  • I already covered my windows with lead a while back to keep the Illuminati mind rays out!
  • Don't think my cable co is gonna be happy when they find out that somebody else is watching all those adverts that I've only paid enough for myself to watch...
  • This attack looks pretty innocuous when you look at how it's possible to reconstruct the video signal via the EM signal your CRT generates.

    http://whatis.techtarget.com/definition/0,,sid9_ gc i550525,00.html

    Forget closing the windows. Better build a grounded copper mesh encases your house.

    • It gets even better...
      Run this Linux program and beam music all over the house, by turning your monitor into a radio station (modulating it's signal). It's a pretty convincing proof for those who doubt the "story" about reading your CRT from a properly equipped van down the street.

      http://www.erikyyy.de/tempest/
  • The monitor gets its sync information over the vga cable but the persons that tries to read the screen using this technology must guess the sync information.
    A little software that modulates the h and v sync rate every frame should make it much harder to get a readable image. But I'm not sure if you could still get a stable image on the screen if your change your sync rates every frame. That software protection could be effective because it is very likely that they need to record more than one screen refresh to get a image that has a good enough to read it.
    Also high resolutions and high vsync rates in general should make it harder to use that technology. Using non-standard resolutions and sync rates also make the sync information guessing harder.
    • it doesn't have to do any "guessing", all it has to do is look for the horizontal vertical blanking periods, which are pretty easy. You can have the horizontal timing after two scan lines, and the vertical timings after two refreshes.

      As far as dynamically changing scan rates in software... that won't work, and would probably damage the monitor, if someone managed to do it.

      This isn't meant to capture one "screen" of information, it's meant to give you a duplicate, real-time image of what's on the target monitor.

  • I doubt anyone here actually knows about this, but we can all speculate together...

    How safe is a LCD monitor with a digital (DVI) connection? The video card is probably not putting out RF emissions (because it's sending a digital signal), and there's no scanning CRT to track. What would be the easiest route to eavesdropping on that?
    • Don't many video cards with digital connections also have standard analog connections? I seem to remember that quite a few of the ones that I've seen have.

      If so, do both connectors output the signal even if only one is in use?

      -kwishot
    • pet peeve:

      The video card is probably not putting out RF emissions

      Yes it is. All signals of any kind that are not D.C. and have sufficiently fast frequency emit RF, and any kind of switch to on or off (digital) WILL emit RF.

      That includes flicking the power switch on ANY device, and the digital signals going across your cable.

      At any rate, this isn't the problem with the method described, the problem is the LIGHT from the CRT, since it can be sampled and dupicated.

      LCDs do not do this, because they don't scan, so your LCD is safe from this kind of eavesdropping.
  • by appleprophet ( 233330 ) on Saturday March 09, 2002 @08:12PM (#3136369) Homepage
    1) Remove Windows from computer
    2) Remove windows from computer room
  • In order to take advantage of this or the LED trick you have to have some line of sight and the equipment on hand to do it. Every corporate server I've ever worked on has been kept in a locked room somewhere where only a handful of people have access. If someone did manage to get into that room there would be much worse things to worry about than this. On the client side access would be easier but most likely you'd have a user sitting there to deal with. I just don't see why anyone would go to the trouble of trying something like this when there are much easier ways of doing it. Besides the standard everyday break-ins what about all the RF signals a computer gives off? You don't need a line of sight to pick those up. With a powerful enough antennas you might even be able to pick them up miles away! Only ultra secure organizations like the NSA, CIA, etc... would really have to worry about something like this.
  • by Parsec ( 1702 )

    In theory, wouldn't it be possible to also defeat this by turning a few old televisions in the room to an unused channel displaying static?

    But your screen can probably be read off that tin-foil hat while a Carnivore analyzes the time difference between encrypted packets based on one-handed typing.

  • Add some light sources that interfere with the signal to be decoded. Get some strobe lights, some Intellibeams. Get a lava lamp or two. Get a mirrorball. Live, work, and code in a dance club.

    Or just turn on a particular kind of CRT called a television with the sound off, not in your field of vision but lighting up the room, especially if it's aimed towards the windows. Leave it on any active channel.
  • "Rooms where a significant amount of the ambient light comes from displayed sensitive information should be shielded appropriately, for example by avoiding Windows."

    Well Gee, didn't we already know that?
  • Is it available in code ?
  • ...I borrowed it from the library, and 'tempest' is at the end saying that it was the next level of 'cracking'. Or eavesdropping, I should say that instead. I can't say what edition the book was so the year is also impossible to know. Supposedly this "Hack" has been on Geraldo.

    Just goes to show that computers draw together the people who are nervous and those who actually want to watch those scared people who are putting duct tape over their windows.

    • Tempest refers to stray electromagnetic radiation that is "read" by appropriate radio equipment nearby, this article is about stray light emissions that are picked up by a photosensor.
      • Well, look at the title "CRT Eavesdropping: Optical Tempest".

        Exactly nigga.

        see where that word is appropriate and fits anywhere? remove the stigma!!!!

  • It's already known that your monitor gives out EM waves in a way that with a radio it might be possible to tell what's on the monitor...

    It was on slashdot a while ago... [slashdot.org]
  • by gTsiros ( 205624 ) on Saturday March 09, 2002 @09:22PM (#3136527)
    ...that the computer just crashed nastily (AND that it was running windows) if anything.
  • by WasterDave ( 20047 ) <davep@noSPAm.zedkep.com> on Sunday March 10, 2002 @12:05AM (#3136869)
    God, maybe someone standing behind me can see what's on my CRT too?

    Dave
  • by Sabalon ( 1684 ) on Sunday March 10, 2002 @12:35AM (#3136922)
    I have a ton of LED's in my computer room. It used to have an odd glow, but some electrical tape over them fixed that. Now, with the exception of my speakers, you can't see any of the LED's - it's now secure from LED sniffing.

    So, I just applied the same fix for this, since my monitor faces a window. There is now a few strips (about 30) of electrical tape covering my monitor and the flicker is gone.

    I appologize for any typing errors though. Every fix has a downside :)
  • I knew there was a good reason to run my screen a 1600x1200x75Hz. Someone would have to be receiving a 144MHz optical signal to get a decent reading of my screen, and from far away it's not easy...

    -Adam
  • A good excuse (Score:2, Insightful)

    by LatJoor ( 464031 )
    See, my girlfriend is always complaining because I keep the blinds pulled all the time. My computer is right next to the window, and the glare gets to me. Plus, I sleep on the side of the bed that's toward the window. (Small apartment, same room.) So, now I have a good excuse: it's to protect me from government scrutiny. It's better than the old excuse, which is that I'm a vampire.

    --
    I gave up my +1 bonus, don't mod me down!
  • Big deal (Score:2, Informative)

    by t_allardyce ( 48447 )
    you can evesdrop on conversations by hiding in a bush and using a gadget to read the vibrations of a window from the reflected light on it.

    You can pickup cordless, and maybe even cellphones (digital/encryption though).

    You can open up the phone junction box outside the building and tap the wires.

    You can pick-up the emf from a monitor or tv and reconstruct the image (pretty hard i think).

    You can use the earth wire in a house to transmit data from bugs hidden in plugs.

    You can use tools like netbus etc.. to view peoples computer over a network.

    You can trick security guards with dumb-busty-blondes(tm)*

    *I in no way endorse the use of busty-blondes(tm) or in anyway imply that they are all dumb, or that security guards are shallow/thick and are easily seduced.

    You can look into windows with telescopes

    You can recover badly deleted data from disks

    You can packet sniff

    You can abuse the fact that your an admin for that network and get anything you want

    You can even use money to get information

    And now you can use LEDs and monitor flicker too... And the FBI wants _more_ rights to tap you?!?!? how does that work?
  • so just add a few strobelights, a mirror ball, some other types of disco lighting to the computer room and Voila.. no more security risk and the work environment has been improved...

    Now to get this project's captial budget approved in the name of company security...

  • Cover the CRT/LCD of your screen with duct tape. One downside: Duct tape isn't really that transparent, but I guess that was my point... :)

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...