We Live Online

I just read a very interesting paper on eavesdropping attacks on computer displays by Markus G. Kuhn. It describes how easy and cheap eavesdropping attacks on present displays are feasible using two possible attacks: radio-frequency emissions and optical emissions.

Optical Emissions

Optical emissions is really what displays are expected to do, so nothing wrong about that. But is it possible to see these transmissions when the display is not pointing in your direction? Sure!


Given a telescope which can convert the high-frequency light flicker into a current, the signal can be processed back into a picture. The next two images show how the reflection from a wall is perceived by the eavesdropper before and after applying some filters to remove background noise.

As Kuhn points out, it is even possible to base your analysis on the reflection from the face of a person in front of the monitor.

Radio-frequency Emissions

The radio frequency analysis can be used to eavesdrop the electronic signals send to and processed in a computer display. Whenever a pixel on your display needs to change, a bit is switched from 1 to 0 or vice versa. This leads to an electro-magnetic impulse which then can be eavesdropped. Now which devices do you know that receive electro-magnetic impulses? Radios! Of course you cannot use your standard kitchen radio, but some box that is able to receive signals at a frequency of at least 20-50MHz. Add an amplitude modulation demodulator, filter the background noise and here you go:

This picture shows the original text as displayed on a CRT monitor and the signal an eavesdropper will be able to see.

But they can do better. Nowadays, as flat panels are replacing more and more CRT displays. With them they bring fully digitalized data transmission, e.g. in laptops. I will just quote the scenario of the next example.

The following picture shows a compromising video signal from a notebook (Toshiba 440CDX) received at a distance of 10 m through two intermediate offices (three intermediate plasterboard walls), even without the use of a directional antenna, in an office building with well over hundred other computers.

Scary, isn’t it?

Tools

It is not necessary to be part of some government agency to get your hands on tools that provide you with described features. On the contrary, you can build these things yourself for a price of a “good notebook computer”. Kuhn also gives a pretty outlook:

Ultimately, such a signal-processing board can be turned, with suitable software, into an eavesdropping device that is nearly as easy to use as a wireless network: the user just switches it on and gets, within seconds, a ranking list of all available video signals in the vicinity, with thumbnail screen-shots and the ability to click on any for real-time monitoring and recording.

Defenses

The defenses are pretty limited since jamming signals can easily be filtered if not synchronized with the signal. Shielding systems are still mostly secret and therefore unknown to the public so all that is left is zoning. Based on the devices and locations zones are defined in which no unauthorized persons are permitted (e.g. Zone 0: eavesdropper could be within 1–20 m). Therefore, only the good old physical security as able to grant guaranties.

All in all a very interesting paper. You can read it here: Eavesdropping attacks on computer displays – by Markus G. Kuhn