Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security

Monitoring Your Monitor 148

Posted by michael from the blackout-curtains dept.
bje2 writes "Rememeber this story from a couple months ago about reconstructing data from the blinking LEDs of modems...well, CNet is running a story about reconstructing the display of a computer by using special hardware and the reflected glow of the monitor." Kuhn's paper (400k PDF) is available.
This discussion has been archived. No new comments can be posted.

Monitoring Your Monitor More

Monitoring Your Monitor

Comments Filter:

  • Usefulness? (Score:1, Insightful)

    by supercytro ( 527265 )
    If you're in a situation in which you can take advantage of this effect, why not just look at the monitor itself?
    • Because the monitor is facing away from the window through which you're snooping.
      • Doesn't change the fact that either a) The snooper has an open view to your room i.e. the window is open or there are no curtains...etc so there are still other privacy issues... or b) The equipment is in the room If so, then why not take better advantage of the situation...
        • If this technology were taken as fully mature, then I would completely agree with your inference that this is technology were of no practical use. Especially in light of the fact (no pun intended) that one could just look at the damn screen if all this expensive, high-falutin gear that we're talking about were in the same bloddy room as the monitor! However, it looks like were talking about some rare air that even the inventor admits is only a curiosity. What's interesting is where this tech could lead, vis a vis satellite technologies, etc. One has to wonder if this method of spying can become fully mature while the bulk of us are still staring at CRTs (vs LCDs). God knows how long it would take for this technology to mature! But I found the article interesting, nevertheless. I, personally, like being surprised by new ideas like this one. -T
    • Of course, we all know that high tech spy computers have monitors that throw a readable image onto the user's face. You see it all the time in the movies. They're reconstructing the image by analyzing the glow bouncing off of your walls and face.
  • CNet is running a story about reconstructing the display of a computer by using special hardware and the reflected glow of the monitor."

    ...like a mirror!

    a grrl & her server [danamania.com]
    • You know I was going to put up a long comment on how this is a very nice academic activity but real dangers come from more low tech dangers like cameras, and how we all are a product of how we like to see the world(ie high tech), but a mirror is even lower tech so i guess i am as guilty as everyone else.

  • While Kuhn calculated that the technique could be used at a range of 50 meters at twilight using a small telescope

    Now I can watch my neighbor surf pr0n from his computer, instead of filling up my hard drive with the filth!

  • Mr. Peabody's Slashback Machine (Score:4, Informative)

    by realgone ( 147744 ) on Tuesday May 14, 2002 @11:32AM (#3517473)
    Same article [slashdot.org] appeared on /. back in March, dinnit?

  • New? (Score:1)

    by sgtron ( 35704 )
    How is this different from a standard tempest attack which has been around forever?
  • my porn distributor is going to sue the FBI for p2p-ing my collection through my monitor via DMCA. haha, got you!
    • my porn distributor is going to sue the FBI for p2p-ing my collection through my monitor via DMCA. haha, got you!
      Or they're sue you for "public display" of their copyrighted material. =)

  • Old news (Score:2, Informative)

    by ozbird ( 127571 )
    CRT Eavesdropping: Optical Tempest [slashdot.org] by michael with 219 comments on 10:57 10 March 2002
  • First, once again the poster must not actually read most of the stories. The original slashdot article about reconstructing info based on LED's does NOT mean you can spy on someone, instead, it means if you are a spy, you can secretly send information by the blinky LED's on your modem/hub/router whatever....

    And if I were a little more ambitious I would post a link to this story that was already on slashdot a month or two ago...

    • The original slashdot article about reconstructing info based on LED's does NOT mean you can spy on someone...

      Um, wrong. The original article involved researchers demonstrating that certain modem/network devices allow you to read the actual data stream based on the blinkenlights. Spying is theoretically possible (though unlikely) with this.

  • Quake (Score:4, Funny)

    by Bouncings ( 55215 ) <.moc.redniknek. .ta. .nek.> on Tuesday May 14, 2002 @11:34AM (#3517493) Homepage
    The real danger here, I think, isn't some kind of "national security" or "bank fraud" or anything like that -- security schmecurity. The real danger, is Quake cheating!

    Think about it. If I can reconstruct what is on your monitor, I can tell where you are. Are you down the tunnel? In the water? Are you on top of that goddamnfucking sniper tower? I could reconstruct your screen and determine exactly where you are in the Quake map.

    Quick, someone, solve this problem before it tears society apart!!

    • Re:Quake (Score:2, Funny)

      by supercytro ( 527265 )
      I can just see the lusers typing
      "You cheater. You're reconstructing the display of a computer by using special hardware and the reflected glow of .... dammit you shot me again":)

      • Re:Quake (Score:3, Funny)

        by Nos. ( 179609 )
        We used to do quite a bit of gaming at a buddy of mine's apartment back in the day. He'd always turn his desk so it faced away from the rest of us (no looking at his monitor). However, it wasn't until after a couple of weeks of always knowing his starting point in Starcraft that he realized I could see a very nice image of his screen in the patio doors behind him. Back in the day we didn't need no high-tech gadgets, just a window in a lit room at night and I could see all I needed to :)
  • But this is straight out of Neal Stephenson's Cryptonomicon. Coupla hackers built one on a bet in a hotel room... Just one of thousands of kickin things from that book.
    • Van Eck phreaking can even be used to steal cable, if you don't mind a cruddy picture and watching what your neighbor watches.

      Cryptonomicon also used the "blinky LED" trick in reverse, sending information in Morse Code via the Num Lock LED, to avoid the Van Eck spying.
    • They were doing Van Eck Phreaking which was looking for the electrical eminations of a monitor through a solid wall in an effort to reconstruct the display.

      Little Different than staring at the monitor from a distance.
      • From what I understand, it does not work as nicely with SVGA monitors (especially 800x600+) because of the resolution. Perhaps back in the day with 80 x 24 straight text, it could be considered within close physical range of the monitor; but not today.
  • Hmmm yet another use for LCD monitors, increased security for the paranoid... but whats the use really? if you have line of sight to the *screen* ??? You could use the old fashioned way of "just looking over someone's shoulder..."

  • Great! (Score:5, Funny)

    by BurritoWarrior ( 90481 ) on Tuesday May 14, 2002 @11:38AM (#3517525)
    Now I can begin selling my high-tech, computer privacy protection devices.

    I will call them curtains.
    • curtains won't bring you in enough cash. Sell LCD's instead.

      You could call them Secure Monitors and tell people they prevents spies from eavesdropping on their screen.

      or curtains would work too...

      • Re:Great! (Score:5, Funny)

        by BurritoWarrior ( 90481 ) on Tuesday May 14, 2002 @11:54AM (#3517637)
        But with the LCD, we won't have the dastardly spy saying:

        "Curtains, foiled again!"

        OK, that was bad. Forgive me. :-)
        • I'm surprised you didn't say 'It's coitains for you, Mugsy, coitains!'
          • Seems the only place to run a computer without fear of eavesdropping soon will be a bank vault! Think about it - no radio waves would get out (due to its underground nature and Faraday cage) - no windows for people to watch your LEDs - in fact can anyone think of a way to bug a bank vault short of something that needs access to it - like a tape recorder?
    • Read the article curtains will not work. But turning on the lights will. :)
  • anybody with a brawny PC, a special light detector and some lab hardware

    Now all I need to do is hide it all in a closet.
    Seriously, how does this create a security risk, someone not only has to be in the room with you, but half a meter behind the monitor, which is a meter from the wall. Oh, and did I forget to mention, that all the lights had to be off. Like they said, it's a curiosity, and nothing else.

    • He said that you could (theoretically) be outside the room quite some distance away as long as you had a half-way reasonable telescope. Of course you get a trade-off with distance, ambient lighting level (S/N ratio is the big problem) etc.

      But he reckoned that if I sat at this computer right here with all the lights off and the curtains open the reflection of the monitor on the wall behind me should be readable from the bottom of the garden. (The monitor isn't facing the window so you can't read it directly with a telescope.)

      Probably safe, though, because I only have all the lights off if I'm playing games - if I'm doing real work there's usually a light on.
  • It's clearly the same as the problem with the blinking modem LED's -- just cover the front of your monitor with duct tape.
    • just cover the front of your monitor with duct tape.

      While that works, it's not very ergonomic. A better solution is to use duct tape and cardboard to make a cone-shaped visor like the one used by Mr. Spock.

      You'll have the satisfaction of knowing that your visor has a real function, whereas Mr. Spock's visor was a just cheap prop made necessary by the constraints of a low production budget.

      This solution provides security, and makes you look way 1337 to boot!

      • You'll have the satisfaction of knowing that your visor has a real function, whereas Mr. Spock's visor was a just cheap prop made necessary by the constraints of a low production budget. This solution provides security, and makes you look way 1337 to boot!
        Make sure the snoop isn't pointing his equipment at your tin foil hat, though.
  • Kuhn's done a lot of other interesting stuff [cam.ac.uk], too...

    For example:
    StegFS [cam.ac.uk]: the Steganographic Linux Filesystem from 1999 Information Hiding proceedings
    A TEMPEST variation for hiding data, "Soft tempest" [cam.ac.uk], from IH'98
    A One-time password package [cam.ac.uk] intended for login or ftpd
    and some other stuff.... cool guy!

  • Rememeber this story from a couple months ago about reconstructing data from the blinking LEDs of modems... and remember that CNet story about reconstructing the display of a computer by using special hardware and the reflected glow of the monitor.? Well, now it seems that someone has figured out how to recreate Slashdot articles [slashdot.org] just by not checking to see if they have already been posted!!!

  • Practical in the "REAL" world? (Score:4, Insightful)

    by RobertAG ( 176761 ) on Tuesday May 14, 2002 @11:40AM (#3517538)
    "Until that's resolved, the safest solution is to compute with the lights on. "

    Or just close the window shades.

    It seems like you can read the contents of a monitor under optimal conditions, but how often do you get optimal conditions? More often that not, a person sits in front of a monitor as he or she works. At best, then, you'd only be able to get bits and pieces of what's on the screen. You also have to contend with different grades of wall paint and/or wallpaper (not to mention furniture behind you) which might make this endeavor fruitless in most cases.

    It's a nice trick in a lab, and probably worth publishing. But I think there are too many uncontrollable variables to make this practical.
    • Admit it. You didn't read the article did you? Neither did the moderators I'd imagine.
    • Um, yeah and yesterday it seemed like this kind of attack was absolutely impossible. That's cause no one had tried it properly yet. Today, no one has tried it properly under real-world conditions.

      In fact we can pretty much assume that if it is possible then the NSA or CIA has been doing it for years and at the same time conspiring to hold up the prices of flat-panel displays that are immune to the attack.
    • This technology is kinda like most of the magic tricks that I try to ignore in ST: Voyager: Long range scans. :)

      It seems so far from being taken seriously, though.
  • Just get a pair of those glasses that have mirrors on the outer sides of the lenses. Mind you, everything will be backwards, but you can see what's going on while pretending to look in the other direction.

    As for monitor LED monitoring, big deal. They can find out if my monitor's on, in powersave mode, or off. Yeah, big security risk there. :)
  • We will be doing a special on Printing Your Printer. More details at 11.

  • but this article goes much more in depth, the other could be considered a prelude. why is everyone on slashdot so critical when the don't bother to read the fucking articles?
  • First he'd need to figure out a way to reconstruct the 'glow' that is NOT there, due to the silhouette caused by head being in front of my monitor.
  • When decrypting a file, check "Secure View." It makes it slightly hard to read on screen but it renders this method useless. It also removes the ability to copy/paste text and save as a file.

    Pi

  • This is great news (Score:5, Funny)

    by drew_kime ( 303965 ) on Tuesday May 14, 2002 @11:45AM (#3517572) Journal
    Now I can justify the 21 LCD at work on the grounds that the CRT poses a risk of industrial espionage.
  • This technology has been around for years. The difference with this article on CNET is that it appears it has fallen into the hands of local law enforcement, rather than outfits like the CIA or FBI. It's called
    • That's what happens when you get trigger happy on the submit button, the comment was to read as: This technology has been around for years. The difference with this article on CNET is that it appears it has fallen into the hands of local law enforcement, rather than outfits like the CIA or FBI. It's called TEMPEST. [fas.org] And it appears I'm smoking something mentioning local law enforcement, I don't know where I got that from, skimmed the article too fast or mixed it up with something else I was reading..Heh, I shouldn't be posting this morning.
  • is monitor LED monitoring so we can find out if the monitor's actually ON or not! Yeah!

    Wasn't this posted, like, months ago?

  • LCD is the answer (Score:2, Informative)

    by Lxy ( 80823 )
    Looks like it doesn't apply to flat panels. It relies on the CRT electrons coming out of the monitor and striking a photosensitive component. Not to mention, what if you have a large person using a small monitor? It would seem to me that you'd have to have an unobstructed view for this to work.

    This could be detrimental to geeks though. Quoting the article: the safest solution is to compute with the lights on. Dangit.

    • Re:LCD is the answer (Score:4, Informative)

      by nochops ( 522181 ) on Tuesday May 14, 2002 @12:03PM (#3517687)
      First of all, they're not electrons, they're photons, the quantegy of light. Your CRT has an electron gun that directs a narrow beam of electrons onto a phosphorus coated glass (the 'screen'). The phosphorus then glows, and radiates photons.

      While LCD panels don't have an electron beam to radiate phosphorus, they still radiate photons. Otherwise you wouldn't be able to see them.

      Basically, if your monitor is radiating photons (read: turned on) someone can intercept those photons and reconstruct an image, given the right equipment and circumstances.

      I suppose given the right equipment and circumstances, they can read your mind as well, so we're screwed anyway.
      • >> While LCD panels don't have an electron beam to radiate phosphorus, they still radiate >> photons. Otherwise you wouldn't be able to see them.

        With a CRT, each pixel in each row is scanned individually; with an LCD, all the pixels in a row are simultaneously scanned. This makes LCDs more secure than CRT because one can only determine the brightness of each row in the display while with a CRT one cand determine the brightness of each point in a row as well thus allowing one to reconstruct the image.

      • Re:LCD is the answer (Score:3, Informative)

        by markmoss ( 301064 )
        Basically, if your monitor is radiating photons (read: turned on) someone can intercept those photons and reconstruct an image, given the right equipment and circumstances.
        If by "right equipment and circumstances" you mean direct vision or a mirror-like reflection, then that's true. However, this article is about a technique for reconstructing CRT images when the monitor is facing away from the window and the only reflections are off of rough surfaces, which thoroughly scramble the pixels. You cannot directly determine what part of the screen a photon came from, but you can determine when it was emitted. Since the CRT scans one dot at a time, that creates the possibility of turning a recording of brightness & color vs time back into a picture.

        However, most flat-panel displays will set a number of pixels at the same time (for example, writing to an entire row at a time). This makes it impossible to separate out one pixel or even one small area of the screen by the time when the light arrives. Also, LCD's don't create light, it is created by the backlights, generally flourescent lights running on high voltage, high frequency AC -- so the only thing time analysis gets you is the high frequency flicker of the backlights. The liquid crystals retain most of their "set" between scans through the display, so the light passed through a pixel doesn't vary much depending on how long it's been since the pixel was scanned.

        OTOH, unless your video cable and electronics is all shielded very well, you are probably transmitting radio waves that could be turned back into the picture. This might be even more difficult than reconstructing a CRT image from the visible light, but certain three-letter government agencies can do it when they really want to. One limitation to the radio ("Tempest) method is that you've got to be able to isolate the target computer's signal from all the others; with optical methods this probably requires just pointing the scope in the right direction (if you are lucky enough to get a strong enough reflection in any direction), but radio waves bend around corners, reflect, and merge more so it's pretty unlikely that Tempest could find the one computer bringing up atomic bomb diagrams in a college dorm (say) among the hundreds downloading MP3's, playing Quake, or whatever.
    • You may not need an unobstructed view. While the electron beam goes in a fairly linear fashion, once the phoshpor is lit, the light is emitted as if it's a point-source, in all directions.

      While I'm guessing, he's watching the light from the monitor, and contstucting a stream of pixel intensity/colors from the light that is emitted by each pixel as it's illuminated. Since the light goes in all directions, this doesn't rely on having a complete image "projected" on a wall - it simply needs to see the light patterns, from which it can decode a series of pixels. These are then arranged in a grid until a recognizeable image is seen.
  • well I suppose they will soon be able to reconstruct what I looked on a monitor by looking at my CRT-sunburn.

    Obviously I'm just kidding, I have an LCD monitor.

    :)
  • I think there was a story on /. before about catching the radiation from the monitor to reconstruct the images.

    I wonder which technology can produce the more accurate picture?
  • Right now, i'm sitting in the bathroom with no windows, the only thing that connects me to the outside world is my network cable and power cable. HA spy on me now!

    //drunk, fix later//
  • People face there monitors so they are visable to windows. i cant belive the number of first floor offices i see where the monitor's display can clearly be seen with the the naked eve through the window. so dont point your monitor outside.

    Tempest is a real risk, but you have to evaluate how sensitive your information is and is a tempest attack likely.

    the easiest way i think to reduce these attacks to to put up a big fence around your facility, atleast 50m from any window.

  • Reconstructing Slashdot (Score:5, Funny)

    by micromoog ( 206608 ) on Tuesday May 14, 2002 @11:54AM (#3517636)
    Now you can reconstruct Slashdot from the reflected glow of old stories [slashdot.org]!
    • Yes, Slashdot's redundancy clearly is increasing, soon you will be able to generate a day's Slashdot in advance by interpolative prediction. Already possible for all Katz submissions!
      • Not to be pedantic, but what exactly is 'interpolative prediction'?

        Interpolation [wolfram.com] involvels finding values b/w two known values.
        I think extrapolative prediction would be a better way to phrase it :)

        Hmm I wonder what the lyapunov exponent [wolfram.com] of slashdot would be ... definately positive ;) I think everyone would agree its a bit 'chaotic' around here.

  • I saw this coming years ago (Score:1, Funny)

    by Anonymous Coward
    That's why I invested in thick shields for my windows.

    Well, that's what I call them.

    She calls them curtains.

    Oh well.

  • Newflash! (Score:1, Offtopic)

    by ChenLing ( 20932 )
    Newsflash!

    Covin Technologies Announces Technology Breakthrough!
    May 14th, 2002 at 11:55AM EST

    Covin Technologies has innovated a new innovative technology!
    Our new innovation: the Diaphoresis Device can scientifically measure *exactly*
    what your programmers were doing all day just from their caffeine intake!

    This will be a boon to middle managers everywhere!
    Just think -- you won't have to look over their shoulders or visit their dank caves^H^H^H^H^Hcubicles anymore!

    All you have to do, is go through their trash at the end of the day, put all the empty Coke bottles and coffee cups into your brand new Diaphoresis Device, and it will tell you:
    1) How many hours they spent programming
    2) How many times they left for the bathroom
    3) How many emails they sent making fun of *you*!
    4) How many times they reloaded Slashdot

    You can have it all!
  • Rememeber this story from a couple months ago about reconstructing data from the blinking LEDs of modems

    Remember the comment in that story [slashdot.org] about Kuhn's paper on this technique?

  • Page 10 shows actual experimental results. You couldn't read code or e-mail very easily (although this is just a simple test system), but he demonstrates that it is really possible to read PowerPoint-size text just from the splashed light.


    There's some really nice signal processing going on in the paper; it isn't like he just feeds the raw signal into pixels or anything.


    -m

  • A . [keysan.com]
    Nah.

  • TV Ratings (Score:4, Interesting)

    by TomRC ( 231027 ) on Tuesday May 14, 2002 @12:26PM (#3517854)

    Imagine a van driving slowly down the streets of a neighborhood every 10 minutes, monitoring the blue TV glow coming out of windows.

    Not reconstructing the actual image - just watching the gross flicker patterns, and matching them against all TV stations in real time.

    If it finds someone that's not on a known TV station, it pauses for a minute and logs a longer sequence of flickers to match against the flicker patterns of a large library of videos.

    Talk about precise marketing info!

    Talk about potential blackmail material - ("Did you enjoy your viewing of 'Under-age Girls' last night Mr. Politician? Doing a bit of research, were you?" What about the previous 15 nights?")

    Maybe we need to extend "peeping tom" laws to cover any deliberate use of EM radiation coming out of our homes...
    • It's easier than that. The tuner in your television (and many other types of tuners around your house) produces a weak signal at a fixed frequency offset from whatever channel you're tuning. It would be pretty easy for someone to drive through your neighborhood, point an aerial at your house, and figure out not only what channel you're watching, but what frequencies you're listening to on your Radio Shack scanner. Of course, this wouldn't work for videos...
    • So maybe this isn't directly aplicable to blackmail activities, but the courts have held that any information percieved emanating from a house is inadmissiable if it requires the aid of a machine to detect. IE, if a human or dog police officer smells drugs wafting out of your house, thats admissable in court.

      If an officer points and infrared camera at your house and detects large quantities of heat coming from your attic, in such a manner that suggests you've growing weed there, and starts an investigation- well, that crosses the line into unreasonable search. [go.com]
    • This is nothing new, and people actually do that, though they don't have to see your tv. It's called Tempest. [erikyyy.de] And building a receiver that interprets and redisplays monitor/TV signals is not that hard.

  • Guess what.... (Score:2, Insightful)

    by geewiz45 ( 310903 )
    My boss is an old spook who spent time at NASA and some other defense contractors. While there (about 10 years ago) he worked on this project. From what he tells me, they were able to monitor displays from a good distance without any troubles. Not only did they do this ten years ago, they also developed a coating for the monitors that would reduce the radio emissions. That way no one could monitor them...

    I don't know what this guy patented but it's already been deemed useless by 10 year old US Government research.
    • Doesn't your first statement "From what he tells me, they were able to monitor displays from a good distance without any troubles" contradict "I don't know what this guy patented but it's already been deemed useless by 10 year old US Government research"?

      Here is a good source of information about TEMPEST attacks [eskimo.com], including the "Urban Folklore" LCD displays on laptops eliminate the risks of TEMPEST attacks (answers a few posts in this thread). It may be more than 10 years old as these guys [tempest-inc.com] claim to have been around 17 years.

      Phillip.
      • The eskimo.com site really has some excellent stuff, and it also has lots of pointers to Cryptome, John Young's archive [cryptome.org]. TEMPEST protection was *much* easier a decade or two ago, when computers were typically 1-50 MHz, as opposed to now when anything new is 1GHz or more. The higher frequencies are much more penetrating, so blocking them (and their harmonics) is much harder. On the other hand, they're often lower power than in the past (my VAX used 3-phase power :-) and the higher frequencies probably don't travel as far.


        By the way, I'm the source of at least some of the anecdotes Joel mentions about laptop screens being received on televisions - I no longer have that laptop, but my mom still has the TV :-) It wasn't very good sync, and I was running 640x480, so it wasn't a direct full-screen image and rolled around slowly, but it had clearly recognizable text, and a device built for the purposes of eavesdropping would be able to get the sync right. I suspect that most of the emissions were from the VGA port on the back of the laptop rather than from the LCD circuitry itself, but that's pure guesswork, and the depth of scientific inquiry consisted of looking at the noise on the screen, saying "yes, that looks it's like the text on my computer", and turning the PC off so we could go back to watching TV :-)

  • This is not news. (Score:2, Insightful)

    by Ketnar ( 415489 )
    Jeeze, this is going around your E to your A, people.

    Anybody remember the tempest device? Able to lock on to a RF signal produced by hardware and reconstruct it, get displays, and rummored to be able to even spy on a CPU's activity if finely tuned enough. I read a rather lenghty article on how to build one years ago, but I'll be damned if I remember where I found it. I suggest a goodle hunt. The frightening thing is, the people who built it, were able to pick out a single display in a large office building -- eight blocks away.

    RF signals are easyer to get to than the reflection of a monitors glow, I would think.

    • Well I remember Van Eck's from Cryptonomicon which IIRC was an actual technique.

      As to the idea of going around my E to get to A, I figure that even as paranoid as I am, that if someone were to go to this trouble to get information from me, more power to em.
    • Anybody ever read Terminal Compromise? Novel by Winn Schwartau (1993) about computer security. Many of the 'hacks' mentioned in it were more pheaking then hacking, but it is interesting and available for free from Project Guetenberg [promo.net].

      Download it here [promo.net] (1296 KB text, 583KB zip)
  • Strikes me that Van Eck phreaking works better, since you don't have to rely on visibility...

    Sure, you have to get closer, but since this seems to be aimed at TLAs for surveilance anyhow, that shouldn't be too hard.
  • if you read my monitor from the glow, I'll sue you for decrypting my wall's reflection algorithm!
  • Unofficial Tempest Info site [eskimo.com]
    Just for those who may not know the jist of it, ALSO DIY shielding techniques! :)
  • This is no cause for alarm, just put some sort of lightproof cover over your monitor =P
  • New way to reconstruct information

    Carbon Paper
    Thats right, cut out a piece and place the carbon paper under the mouse. At the end of the day pull the paper and see the pattern left by the user.

    Place the carbon paper under the keyboard to record varies keystokes.

    Hide some under a chair. If serveral undulating motions are recorded you may have a porn problem.

    The really scaring part of this is the fact the half of /. viewer never even heard of carbon paper.
  • This is news? It is a well know effect ... The real trick is picking background noise out of your signal (hint : it is very trivial).

    Here is a trick for you kiddies ...

    The US power grid is 60 cycles,
    That means Fluorescence lights turn on and off 120 times a second ...
    That means filament lights have a detectable 120 hz intensity ripple ...
    60 cycles gives you a wavelength about the size of north America ...
    So the whole US turns on and off 120 times a second

    In Europe it is 50 cycles ...

    What does this mean from space?

    The whole power grid turns on and off between 120 and 100 times a second (depending which frequency it uses)

    Watching the phase of a single light compared to the rest of the grid tells you if that part of the grid has a large inductive load (big motors), resistive load (big computers), or capacitive load (big particle accelerator) on it.

    Watching a light that doesn't flicker in sync with the local grid tells you it is on internal generator power (big target).

    And you ask how do we know the facility is a viable target?

    Lesson : if you want to avoid being noticed stay on the grid and stay in phase. Otherwise big brother will find you and send your coordinates to a circling B-52 :-)
  • Burn my karma!
  • 1. Get a bunch of monitors
    2. Get a bunch of composite to VGA Converters
    3. Attach All.
    4. Play Brittney Spears videos 24/7

    This will produce enough noise to negate any spy system other than direct view. Brittney might damage the watchers as well.

    Who watches the watchers while watching the watched?

    SD

  • In related news, it has been discovered that the source code for Windows can be reconstructed by analyzing the arrangment of empty Mountain Dew cans in developer's cubicles.

  • A guess as to how it works... (Score:3, Insightful)

    by markmoss ( 301064 ) on Tuesday May 14, 2002 @03:26PM (#3519240)
    I'm not any sort of expert in this, however from what I know of video the process has to be something like this:

    The phosphors in the CRT do not emit only when hit by the electron beam. They have a certain persistence, so a dot keeps on glowing while the beam moves on through other dots. If you get a perfect recording of the signal, then reconstructing the picture requires merely syncing onto the video scan by means of the long and short black intervals (vertical and horizontal retrace), calculating each pixel's actual output by subtracting the fading output of previous pixels, and feeding the resulting video and sync into your own monitor.

    However in using this in a normal "spying" situation, you get room lights and other "noise" in the signal. You've got to guess at the average ambient level and compensate (subtract it out) so the picture isn't washed out. Then, you are probably working with such a low level of signal per pixel that quantum fluctuations add significant noise. Subtracting signals accentuates the noise, so you'll wind up with a pretty grainy picture -- after lots of trial and error adjustments to find the best background level compensation, pixel fade rate, etc. But most data on computers is presented in quite high contrast, and stays on the screen for quite a while, so you can improve the picture by averaging frames. So it does sound possible to get a good enough picture for most espionage purposes (extracting text and diagrams, or sometimes just finding out what the guy is reading).

    What it probably won't do unless you get really close:
    -Spy on your Quake rivals; (I assume, not being a
    Quake player myself) the picture changes too fast for frame-averaging to help much, and in general it's a detailed, lower contrast picture so graininess would have a greater impact.
    -Pirate the Playboy channel from your rich neighbor, unless you are so hard up that just staring at a screen of approximately fleshtoned grains and imagining there's a nekkid woman somewhere in there is enough...
    -Steal passwords protected by the "*" character, unless the login was incompetently programmed and it shows the actual character for a frame before covering it up. And probably not even then, because frame-averaging will often be needed for legibility...

    Just handwaving here, but I expect that if someone can get a camera where this process works for any of the above, they probably could have focused it right on the screen and also physically wire-tapped the machine.
    • Who cares if the picture is washed out? Heck, even if you only get one color out of it (say, the person has blue wallpaper, so only blue reflects well) you will STILL be able to see most of the screen. Anyone who has had broken a pin or two on their monitor can still USE their computer, though it is ugly.

      Environmental conditions will add noise to the screen, but noise will not prevent it from working. I believe this system would work rather well even under less optimal conditions.

      The worst problem? Flourescant lighting. It flickers 60 times a second, which will add significant noise to the image, made worse if the user is using a refresh rate that is not 60Hz.

      But wallpaper? Lighting? That simply makes the signal weaker in one or more colors. It does not make it less accurate, just screws up the color balance. And for this application, color balance really does not matter much.
  • Anyone who's ever been in a secure facility run by a halfway competent government or any large corporation knows that there are several countermeasures already in place. Many of them were designed for other reasons but serve the same purpose. For example, at one secure computing facility I've visited, the ENTIRE shell of the building's secure area is entirely surrounded by a Faraday cage of solid metal 1/8" thick. Even the floor and ceiling are covered. Seams are bolted shut. Wires and pipes run thru special conduits that trap EM energy. Doorways have metal-finger contacts and vault-style closing mechanisms. I doubt you'd get much diffused light through those measures. Also, several slightly less secure conference rooms I've seen included double blinds on the windows, including metal venitian blinds and thick pull drapes. Again, pretty light resistant. Now, those measures are designed for things like Tempest resistance (the metal Faraday cage) and preventing optical snooping (deadening the sound hitting the glass, thus preventing using an IR laser to bounce a reflection off the window, in an attempt to reconstruct the sound inside the room). But any company that is serious about security already takes great care to protect that information and wouldn't be susceptible to this problem.

    The one thing it does reemphasize is that simply sitting with your back to the wall isn't enough. Well, thanks to Tempest and LED blinking and insecure wireless and hosts of other issues, we already knew that.

    Frankly, the one surprising thing about this article is that it made it into the mainstream media. I'm quite surprised that the British government, or whatever home country, didn't consider this research highly classified and quickly squelch its publication.

  • I don't buy it. (Score:2, Insightful)

    by REALMAN ( 218538 )
    It all sound pretty bogus to me. The claim that blinking LED's can be used to reconstruct what you do on the computer is laughable. To reconstruct from a LED what is being written you would have to be able to correlate each blink as one bit. a 0 or a 1. 8 bits per byte, 1024 bytes per kilobyte etc.. ad nauseum.

    Let's use the first half of a ripped mpg version of Star Wars Attack of the Clones.

    The first half is 701 MegaBytes or 5,883,382,624 bits (that's close to 6 billion bits)
    I can write that on my hard drive in 2 minutes which gives us apporximately 49,028,188 bits per second.

    Now can anyone tell me that an LED is capable of blinking at a rate of 49 million times per second? And if it can are we able to discern 49 million blinks with the technology we have? From a distance?

    Please...

Slashdot Top Deals

To the systems programmer, users and applications serve only to provide a test load.

Close