Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Laptops And Flat Panels Now Vulnerable to Van Eck Methods

Zonk posted more than 7 years ago | from the i-seee-you dept.

Hardware Hacking 144

An anonymous reader writes "Using radio to eavesdrop on CRTs has been around since the 80s, but Cambridge University researchers have now shown that laptops and flat-panel displays are vulnerable too. Using basic radio equipment and an FPGA board totaling less than $2,000 it was possible for researchers to read text from a laptop three offices away. 'Kuhn also mentioned that one laptop was vulnerable because it had metal hinges that carried the signal of the display cable. I asked if you could alter a device to make it easier to spy on. "There are a lot of innocuous modifications you can make to maximize the chance of getting a good signal," he told me. For example, adding small pieces of wire or cable to a display could make a big difference.'"

cancel ×

144 comments

Sorry! There are no comments related to the filter you selected.

Telling question (4, Insightful)

Tumbleweed (3706) | more than 7 years ago | (#18817459)

"I asked if you could alter a device to make it easier to spy on."

Okay, see, that's the type of questions the NSA likes to see its potential employees ask. Any other type of person would ask if you could alter a device to make it *harder* to spy on.

Re:Telling question (4, Insightful)

Anonymous Coward | more than 7 years ago | (#18817593)

Unless, of course, you're looking to protect yourself from such modifications.

Re:Telling question (1)

Tony-A (29931) | more than 7 years ago | (#18819927)

First thing to protect yourself is to NOT do something stupid to expose yourself.

Booby traps are designed to catch boobys.
They work very well.

Re:Telling question (0)

Anonymous Coward | more than 7 years ago | (#18820293)

But can they catch boobies?
Specifically, from 3 offices away?

less social intelligence than a 13 year old (5, Funny)

circletimessquare (444983) | more than 7 years ago | (#18817597)

"i have a friend, ehem, who is worried about this kind of hack, ehem, and i was, i mean he was, wondering what he could do to..."

"guard against it?"

"no, no, what he could do to... um, make sure the 'bad guys' haven't modified his system, ehem, like, what would a bad guy do to make this work better so he could do it, i mean, so he could have an idea of the kind of modifications to look out for?"

Re:less social intelligence than a 13 year old (2, Informative)

mikael (484) | more than 7 years ago | (#18818815)

"i have a friend, ehem, who is worried about this kind of hack, ehem, and i was, i mean he was, wondering what he could do to guard against it?"

Sit inside a Faraday cage ...

but make sure you always carry a spare key for the door with you

Re:Telling question (0)

Anonymous Coward | more than 7 years ago | (#18817729)

Aha! So any other type of person has something to hide!

BEHOLD ! I am TEMPEST, they LORD and MASTER (5, Funny)

Anonymous Coward | more than 7 years ago | (#18817841)



BEHOLD ! I am TEMPEST, thy LORD and MASTER ! Bow before ME ! Fear ME ! I see ALL*!

*its a bit fuzzy, like snowy tv - BUT I SEE ALL !! FEAR ME !!!

Re:BEHOLD ! I am TEMPEST, they LORD and MASTER (2, Funny)

Tackhead (54550) | more than 7 years ago | (#18817897)

> BEHOLD ! I am TEMPEST, thy LORD and MASTER ! Bow before ME ! Fear ME ! I see ALL*!
>
> *its a bit fuzzy, like snowy tv - BUT I SEE ALL !! FEAR ME !!!

Hey, you, get back in that teapot!

I met a man upon a stair,
A little man who wasn't there,
He's reading all our screens today,
I think he works for NSA!

Diaper-wielding man sneaks into NASA/Houston (0)

Anonymous Coward | more than 7 years ago | (#18817969)

Diaper-wielding man sneaks into NASA/Houston, wants release of girlfriend astronut of same persuation or he says he will remove the dirtied diaper.

Re:Telling question (3, Insightful)

goombah99 (560566) | more than 7 years ago | (#18817971)

Well the voting machine companies would like to know how to do that too.

Re:Telling question (3, Insightful)

Detritus (11846) | more than 7 years ago | (#18818167)

The NSA cares about both questions. They have a large group of people dedicated to keeping government communications secure, and another large group of people dedicated to hacking everyone else's communications systems.

Re:Telling question (4, Funny)

Tumbleweed (3706) | more than 7 years ago | (#18818385)

Good point, Agent 11846.

Re:Telling question (1)

AusIV (950840) | more than 7 years ago | (#18818621)

I've got some friends who are prospective NSA employees, and while I'm sure this is something the NSA would like to hear them ask, the NSA also likes their prospectives to keep a low profile. Reporting for a technical website and asking questions like that hardly keeps a low profile.

Re:Telling question (1, Informative)

Anonymous Coward | more than 7 years ago | (#18820093)

This was part of Markus's Ph.D. thesis filed in 2003. Why is this coming out now?

ch0wned! (4, Insightful)

Anonymous Coward | more than 7 years ago | (#18817471)


I think this means they've always been vulnerable, but no one knew. It's not like someone turned on the Vulnerable switch.

Re:ch0wned! (5, Interesting)

LiquidCoooled (634315) | more than 7 years ago | (#18817607)

I wonder if this could be used (at close range to reduce errors) for the only remaining analog hole

The MPAA will be furious!

Re:ch0wned! (1)

grub (11606) | more than 7 years ago | (#18818097)

Ohhh... good thinking!
The MPAA will be at your door in minutes, nice knowing you.

Re:ch0wned! (1)

DragonWriter (970822) | more than 7 years ago | (#18817881)

I think this means they've always been vulnerable, but no one knew.


Or, rather, no one publicly announced it.

I doubt if the NSA, for instance, had discovered this vulnerability years ago, they would have trumpeted it publicly.

Re:ch0wned! (2, Insightful)

Lehk228 (705449) | more than 7 years ago | (#18819277)

actually the NSA is pretty good about disclosing vulnerabilities such as that. the threat of foreign corporate and military espionage is much greater than the usefullness of such technology for domestic abuses.

Oh bull (5, Interesting)

Anonymous Coward | more than 7 years ago | (#18818609)

No one knew? That's utter nonsense. I noticed that my laptop lcd monitor would cause interferce at times on my FM radio seven years ago, depending on what it was doing, and what station I was listening to.

That's a pretty big red flag that these suckers were subject to Van Eck.

And if the NSA could hear Scott McNealy's friggin keyboard outside in the parking lot (as they later told him during a meeting in the late 1990's), you'd better believe that the NSA has had LCD monitor reading capability for at least that long.

Just because it's not in the popular press, or published papers, hardly means that no one knew. The only thing surprising here is that it took so long for someone to get a paper out it.

I don't mean to disparage the researchers, who deserve a lot of credit to finally bringing this to public knowledge, but this is really low-hanging fruit.

Re:Oh bull (0)

Anonymous Coward | more than 7 years ago | (#18818923)

You fucking idiot, that was the whole laptop doing that not just the screen.

Yes, we've known for a decade (5, Interesting)

billstewart (78916) | more than 7 years ago | (#18818829)

... i.e. just about as long as laptops have been usable. Wireless eavesdropping and TEMPEST issues were a common discussion topic back in the Cypherpunks era, among the technical experts as well as among the tinfoil hat crowd, and a number of us had worked with TEMPEST professionally.

My ~1995 laptop (486? Pentium 60? MHz) would display on my parents' TV screen when I visited them. (No, I didn't live in their basement, I'd just avoided having a TV in my house back then:-) It wasn't in sync, so there were three partial screen images scrolling slowly, and there weren't enough pixels, but it was readable enough to be obvious that a real receiver would be able to display the output cleanly. My guess was that the culprit wasn't really the LCD drivers, but the auxiliary VGA port on the back of the laptop; I no longer remember if I tried turning that on and off, or exactly which laptop model it was, but Google probably knows.


The real difficulties are getting enough focus to only grab signals from the laptop you're looking for, and not all the other CRTs and TVs and LCDs around, which is why you're reading an interview with an expert like Markus Kuhn and not just some 1337 k1dd13z, and doing so without parking a big antennaful van on the street in front of your target.


If you look at the real security threats here, there are two sides -

  • Crackers trolling for whatever they can find, like passwords and credit card numbers they can abuse, who are willing to eavesdrop on anybody nearby, such as people in an airport
  • Cops and spooks and secret police who are targeting *you*, in which case you've got much more serious security problems than whether your laptop screen can be eavesdropped.

Re:ch0wned! (1)

shadwstalkr (111149) | more than 7 years ago | (#18819515)

It's not like someone turned on the Vulnerable switch.

Yeah, sorry. That was me. I just bumped into the damn thing, honest.

Tinfoil Hats! (0)

Anonymous Coward | more than 7 years ago | (#18817489)

*grabs tinfoil hat and hides under desk*

Re:Tinfoil Hats! (3, Funny)

n1hilist (997601) | more than 7 years ago | (#18817629)

That's just going to make your signal even stronger!

all your video are belong to us (0)

Anonymous Coward | more than 7 years ago | (#18817875)

'nuff said.

An ounce of prevention (5, Funny)

L. VeGas (580015) | more than 7 years ago | (#18817497)

adding small pieces of wire or cable to a display could make a big difference
That's why I always carefully remove all the wires from all my electronics.

Re:An ounce of prevention (4, Funny)

Hoi Polloi (522990) | more than 7 years ago | (#18817577)

I keep my laptop under my tinfoil hat. Problem solved.

Re:An ounce of prevention (0)

Anonymous Coward | more than 7 years ago | (#18818169)

On the subject of tinfoil hats. Here is a funny video about this:
http://eclectech.co.uk/mindcontrol.php [eclectech.co.uk]

Re:An ounce of prevention (1)

rubberchickenboy (1044950) | more than 7 years ago | (#18819517)

Oooh...a tinfoil MacBook Pro. Time to buy a container-load of Reynold's Wrap and rebox it as Anti-Spying Wrap.

Re:An ounce of prevention (1, Funny)

Anonymous Coward | more than 7 years ago | (#18817703)

That's why I only buy laptops made out of wood and leather. No one's ever Van Eck'd a wooden laptop with leather trim.

Re:An ounce of prevention (1)

danamln (871842) | more than 7 years ago | (#18819021)

Ah a new use for the plasma sheild discussed here earlier this week.

Wow (4, Funny)

Shadowlore (10860) | more than 7 years ago | (#18817503)

For example, adding small pieces of wire or cable to a display could make a big difference.'"

So adding an antenna makes it broadcast better meaning you can pick it up easier. Shocking. Very useful for remote spying. Step one, add an antenna to the target's display.

Re:Wow (1)

pclminion (145572) | more than 7 years ago | (#18817861)

If you're non-technical, and you see a little piece of wire hanging from your display, I don't think your first thought will be "Gosh, that looks like an antenna!"

The Offical Howto (5, Funny)

pak9rabid (1011935) | more than 7 years ago | (#18817943)

Step one, cut a hole in a box Step two, put your antenna in that box Step three, make her open the box Whoops, scratch that last step

Trinitron? (1, Interesting)

Anonymous Coward | more than 7 years ago | (#18818805)

For example, adding small pieces of wire or cable to a display could make a big difference.


Like the Sony Trinitron CRTs? [monitorworld.com]

I never bought their explanation for the "aperture grill" and "damper wires". Considering this kind of EM surveillance, they make perfect sense however.

Re:Wow (0, Troll)

Jimmy King (828214) | more than 7 years ago | (#18819019)

I'm already prepared for the day I find a wire dangling off of my display. I've got a bookmark group that opens meatspin, goatse, and tubgirl in one shot.

Re:Wow (1)

r_jensen11 (598210) | more than 7 years ago | (#18819363)

Step one, add an antenna to the target's display.

Step Two: ???

HDMI? (5, Insightful)

jandrese (485) | more than 7 years ago | (#18817515)

I wonder if they're just reading the signals that are being sent over the wire? With analog signals this is pretty easy to to, but with DVI it's a lot harder, and way harder still if the signal is encrypted. With the future of display technologies appearing to be heading as close as possible to encryption to the eyeballs, it makes me wonder how long this will remain viable.

Re:HDMI? (4, Interesting)

drinkypoo (153816) | more than 7 years ago | (#18817643)

wonder if they're just reading the signals that are being sent over the wire? With analog signals this is pretty easy to to, but with DVI it's a lot harder, and way harder still if the signal is encrypted.

With DVI it's probably a lot harder, but the signal might actually be clearer if you knew how to pick it up, kind of like how you can pick up UWB radio at high ranges. The on-off style of the signal creates a sharper signal. It might require more hardware but I wouldn't be surprised if you could do it at longer range.

An encrypted signal, of course, will be much harder to deal with whether there's an easy-to-receive digital signal or not.

I'm skeptical of the idea that the main video link will be encrypted any time soon though, because of the immense bandwidth involved.

Also, I have to wonder if you could simply pick up the signal between the controller, which decodes the signal (digital or no) and the panel itself...

Re:HDMI? (2, Informative)

chgros (690878) | more than 7 years ago | (#18817891)

I'm skeptical of the idea that the main video link will be encrypted any time soon though, because of the immense bandwidth involved.
I thought that was already done.

http://en.wikipedia.org/wiki/HDCP [wikipedia.org]

Re:HDMI? (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18818023)

The display itself isn't encrypted until the DRM Helmet becomes mandatory. Tempest equipment doesn't care what the signal to the screen is, it reads the signal FROM the screen.

It wouldn't help pirates much though -- tempest output is seriously low-fi fuzzy.

Re:HDMI? (2, Informative)

pushing-robot (1037830) | more than 7 years ago | (#18817779)

If they were able to read a signal from a laptop, they were reading a digital signal. Laptops have always used a digital display interface.

But yeah, encrypted HDMI would make it more difficult.

Re:HDMI? (1)

LordSnooty (853791) | more than 7 years ago | (#18818027)

So now there's a good reason to stop encryption to the eyeballs, it'll help the terrierists...

Re:HDMI? (0)

Anonymous Coward | more than 7 years ago | (#18818941)

Finally a legitimate use for HDCP!

Happy Birthday (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18817517)

Happy Birthday Adolf Hitler. May He Smile Down On Us From The Kingdom Of Heaven.

Bad story submission title (4, Informative)

drinkypoo (153816) | more than 7 years ago | (#18817529)

The title given to this story on slashdot is awful, especially for a geek news site. Haven't we already established that obscurity is not security? And about a million times over?

An unpublished vulnerability is no less real than one that has been announced, and is in fact more dangerous because the lack of an announcement leads to a false feeling of security. The real story is that your laptop has in fact been vulnerable to van eck phreaking for years and year, not just "now".

It's a good thing I haven't had faith in slashdot for a long time now, or I'd be really disappointed. As it is, I'm just pointing this out for those who didn't already notice.

Re:Bad story submission title (1)

sczimme (603413) | more than 7 years ago | (#18819245)


The title given to this story on slashdot is awful, especially for a geek news site. Haven't we already established that obscurity is not security?

If you think this is "security through obscurity", you have some remedial reading to do. Hint: this is not STO.

laptop has in fact been vulnerable to van eck phreaking for years and year

Add "the definition of phreaking" to your reading list. Yes, I know that phrase was used in the article; the fact that the NewScientist writer was wrong does not excuse you from reproducing the error.

The "news" portion of this story is - at least in part - the efficacy of the relatively inexpensive gear. Besides, the article would be informative to someone who doesn't understand that wires carrying electrical signals tend to act like antennae.

Easier solution (0)

Anonymous Coward | more than 7 years ago | (#18817533)

Would be to shoot towards anyone carrying a $2000 FPGA board around for no good reason!

Metal hinges? (1, Funny)

Anonymous Coward | more than 7 years ago | (#18817549)

Uh oh, metal hinges pratically imply "ThinkPad"...

But then, it is pretty obvious that using the notebook ungrounded IS asking for trouble anyway as far as signal interference goes, and those hinges are earth-grounded if you have the notebook plugged to wall power using a three-prong power supply.

I think I will keep my ThinkPad instead of using cheezy plastic crap, and use low-contrast, antialiased round fonts if I feel secretive. Must also remember to tape over all network leds, and turn on the loud white-noise generator, as both the sounds of a keyboard and the flickering of the leds can give away way too much information ;-)

grounded != shielded (1)

Ungrounded Lightning (62228) | more than 7 years ago | (#18819793)

But then, it is pretty obvious that using the notebook ungrounded IS asking for trouble anyway as far as signal interference goes, and those hinges are earth-grounded if you have the notebook plugged to wall power using a three-prong power supply.

Grounding and shielding are two different issues.

At the frequencies involved, grounding the device is no help at all. (In fact the ground wiring may act as a helper antenna.)

Bypassing DRM (5, Funny)

harry666t (1062422) | more than 7 years ago | (#18817583)

Maybe this technique could be used to bypass that DRM stuff and capture movies etc right from the screen, how do you think about it?

Security hole in the making (4, Insightful)

Nonillion (266505) | more than 7 years ago | (#18817625)

I remember seeing a demo of this back in the 80's. I always had a suspicion this was possible, however some people still balk at this as 'science fiction'. I can assure you it's not. It's this kind of thing that should be waking up manufactures to the perils of shitty RFI design. Spewing broad band spectrum pollution not only causes radio interference, but also opens you to security problems.

Not to go slightly off topic here, but BPL (broadband over power wires) providers ought to see this as a wakeup call. Coupling broad band ODMF signals on widely spaced wires hanging 40+ feet in the air, radiating like antennas is a HUGE security issue. Not only can BPL be jammed with something as simple as a CB or Amateur radio transceiver, but a creative individual could use similar methods to monitor BPL signals.

Re:Security hole in the making (1)

drinkypoo (153816) | more than 7 years ago | (#18817669)

Not only can BPL be jammed with something as simple as a CB or Amateur radio transceiver

Really? I could have sworn you'd need a transmitter.

but a creative individual could use similar methods to monitor BPL signals.

Not only do you already have to worry about any signal broadcast over the internet, but the fact that it's sent over a big long wire (as you describe) means it's even more important to use encryption. And what do you know? Any sensitive communications I perform over the internet are already encrypted, making that basically irrelevant.

Alert: my eyes are malfunctioning (1)

drinkypoo (153816) | more than 7 years ago | (#18817705)

Parent line, then my reply, appears below:

Not only can BPL be jammed with something as simple as a CB or Amateur radio transceiver
Really? I could have sworn you'd need a transmitter.

I read that no less than three times and still believed that it said "receiver".

I apologize for this part of my comment.

Looks like my eyes are failing me, guess I'll go home (for those wondering, yes, I do come in pretty early.)

Time to flash the Scroll-Lock LEDs :-) (0)

Anonymous Coward | more than 7 years ago | (#18817823)

It's late Friday afternoon, Martin.... time to do what your Slashdot nick suggests... and go have a drink!!! (I'm about to have a nice tall glass of Don Julio Reposado myself)

BTW, the perfect way to avoid Van Eck phreaking of your laptop/lcd monitors was detailed in Stephenson's Cryptonomicon many years ago.... just write a driver that flashes morse code on the keyboard Scroll Lock LED instead, and sends useless gibberish as text to the screen. That'll really mess with the spooks' heads.

Re:Security hole in the making (1)

Nonillion (266505) | more than 7 years ago | (#18817759)

'Not only can BPL be jammed with something as simple as a CB or Amateur radio transceiver
Really? I could have sworn you'd need a transmitter.'

A 'transceiver' is a combination transmitter receiver. During some BPL tests BPL signals were completely interrupted by a 5 watt signal on the 40 meter (14MHz) band.

'but a creative individual could use similar methods to monitor BPL signals.
Not only do you already have to worry about any signal broadcast over the internet, but the fact that it's sent over a big long wire (as you describe) means it's even more important to use encryption. And what do you know? Any sensitive communications I perform over the internet are already encrypted, making that basically irrelevant.'

Encryption or not, interruption of your Internet service by wayward radio transmissions or power line interference caused by arcing hardware would certainly NOT be acceptable.

Wha?? Did you say something? (0)

Anonymous Coward | more than 7 years ago | (#18817967)

All I see is indecipherable garbage. :)

Re:Security hole in the making (1)

chochos (700687) | more than 7 years ago | (#18817761)

you've gone way off topic IMHO... people spying on your screen is pretty bad. But this does not make BPL a bad thing... protocols like SSL allow you to transfer information over TCP securely, regardless of the physical medium. If it works on wireless, it works on BPL, right?

Re:Security hole in the making (1)

DragonWriter (970822) | more than 7 years ago | (#18817919)

Not to go slightly off topic here, but BPL (broadband over power wires) providers ought to see this as a wakeup call.


Broadband providers aren't, I would imagine, particularly concerned about their user's privacy. If they see it as a wakeup call, it'll be a wakeup call to lobby the government to institute regulations favoring BPL because it is easier to monitor for law enforcement and security purposes, and to impose new barriers on broadband systems less easy to monitor.

van Eck only made it public (4, Informative)

michaelmalak (91262) | more than 7 years ago | (#18817681)

Russia and the U.S. had been snooping VDT images since the early 1970's or earlier. van Eck just made it public by publishing a paper on how to do it with $100 of Radio Shack parts. cryptome.org [cryptome.org] forum postings include a reference to a 1973 book.

Time to put on my tinfoil hat... (1)

Starteck81 (917280) | more than 7 years ago | (#18817717)

cause I was just wondering about this very topic yesterday. :-S

Cryptonomicon? (4, Informative)

chochos (700687) | more than 7 years ago | (#18817733)

So the hack that is mentioned in Cryptonomicon is pure sci-fi? It says that van-eck was possible on a laptop because of some backwards compatibility issue, in which laptops still refreshed the display 60 times per second or so, even if they didn't need to, so you could pick up on that radiation or something for the phreaking. It wasn't really possible until now? Or is this a different method where you can spy on LCD's using some method specific to LCD's?

Re:Cryptonomicon? (2, Funny)

v3lut (123906) | more than 7 years ago | (#18817845)

I don't mean to alarm you... But Cryptonomicon was, in fact, entirely sci-fi.

Either that, or the vulnerability was because the guy was running Finux. As long as you don't install that you should be fine.

Re:Cryptonomicon? (1)

chochos (700687) | more than 7 years ago | (#18818953)

Wow. Thanks for the info. I just killed the torrent I had downloading Finux-2.0.3.4. What I meant was that the van eck phreaking was more fi than sci... AFAIK van eck phreaking is real but only works on CRT (until now), but the hack in the book was done to a laptop, and the description was very convincing, hence my question. Much of the WWII and crypto stuff is pretty accurate also, IMHO.

Re:Cryptonomicon? (1, Interesting)

Anonymous Coward | more than 7 years ago | (#18819413)

I don't mean to alarm you... But Cryptonomicon was, in fact, entirely sci-fi.

Damn. All this time, I thought that Alan Turing was a real person. I'm so embarrassed!

But seriously. Cryptonomicon wove real events, real people and real technology with fiction in a pretty seamless way. It's not so bad to ask where the fact ends and the fiction begins, and it's wrong to call it "entirely sci-fi".

Re:Cryptonomicon? (1)

justinlee37 (993373) | more than 7 years ago | (#18819959)

in which laptops still refreshed the display 60 times per second or so, even if they didn't need to, so you could pick up on that radiation or something for the phreaking

You could rig a device that would just take a snapshot of the screen whenever it received input, so while you might not see their screen while they aren't manipulating it, you still get to see what they've done so it doesn't really matter, eh?

TEMPEST in a teacup (3, Informative)

Anonymous Coward | more than 7 years ago | (#18817795)

Long before Van Eck publicly demonstrated it, the NSA was well aware of the problem. It extends beyond the CRT. NSA created the TEMPEST program to reduce radiation of information.

Simply put, change the voltage level or current level of a device and you generate a signal that is conducted along wires and other conductive paths and radiated from those conductive paths. Interception of the conducted or radiated changes can be used to re-create
the original information. Wether the information is in serial, paralell or raster format it is a relatively trivial problem given some time and computing resources.

Is it a problem for most of us? Given that someone will try the easiest ways to get the information, using Van Eck or other types of TEMPEST
attacks is much less likely than social engineering or other means to get your information.

Wobbly windows to the rescue! (4, Funny)

HerrEkberg (971000) | more than 7 years ago | (#18817807)

So this is what all those fancy 3D desktops are good for. Just set wobbliness and fuzzy effects to max and no one will be able to make sense of what is going on on your screen (including you - trust no one).

At last! (5, Funny)

ThanatosMinor (1046978) | more than 7 years ago | (#18817909)

I can spend $2000 to be able to read my laptop that's across the room while I'm still in bed. Now all I need is some sort of glove I can hook up to a robotic arm so it can type for me. Or better yet, I can invent a fing-longer!

Sigh If only they would make a portable version of my laptop...

Re:At last! (1)

zippthorne (748122) | more than 7 years ago | (#18818751)

Take your laptop and get a USB 2.0 hub, you'll need the extra slots. Hook the laptop up to a full-sized monitor (LCD or CRT, it doesn't really matter, but the bigger the better.) Ok, now plug in a printer, external HDD (to store your movies, of course), an external HD-DVD and/or blueray drive, and dual-layer DVD-RW if one is not part of your laptop. Plug it in to your cable modem via cat-5e to the ethernet port (to avoid people snooping, of course. Can't trust those wireless networks.)

Now all you need is a wireless keyboard&mouse. Microsoft's offering is not bad, but it has terrible range and is made by Microsoft. If your laptop is made by Apple, that just increases the irony.

Then get some kinda telephoto glasses so your screen looks bigger and you can use your laptop and all its peripherals from all the way across the room (line-of-sight only, of course.)

Re:At last! (0)

Anonymous Coward | more than 7 years ago | (#18818999)

LMAO fing-longer... hahaha... go futurama!

Missing option - One Single LED (0)

Anonymous Coward | more than 7 years ago | (#18817913)

Make that the scroll-lock LED on my keyboard. It flashes in Morse Code to me!

TEMPEST (4, Informative)

Detritus (11846) | more than 7 years ago | (#18817933)

The NSA, and other intelligence agencies, have been exploiting stuff like this for more than fifty years. Technology changes, but the fundamental principle, interception of EM radiation stays the same. You can even spy on certain models of electric typewriters. If you ever get the chance to look at TEMPEST certified hardware, you will see the lengths that the engineers have to go to, to shield and filter an electronics device. Besides the box itself, all cables have to be well shielded and filtered, or they just function as antennas for your sensitive data.

Re:TEMPEST (1)

Sanat (702) | more than 7 years ago | (#18819803)

I used to work a lot with Tempest hardware. Things with motors (such as a typewriter) would have a huge flywheel added to it so there was no slowdown during the typing of different letters and numbers. I saw a demonstration of how the Selectric typewriter could easily be read just by monitoring the power line. Adding a flywheel would defeat this ability to accurately monitor what was being typed.

You are right about the grounding too. All grounding straps on panels had to be connected tightly and any other shielding had to be in place. There were simply no shortcuts taken in securing the equipment once a model was Tempest certified. All screws in place... all of them tight.

 

DMCA (1)

ChrisMaple (607946) | more than 7 years ago | (#18817981)

LCDs and plasma have been favored by DMCA people as a way to beat the analog hole. Here's another nail in that coffin.

I'm surprised. (1)

synth7 (311220) | more than 7 years ago | (#18818049)

I was fully expecting Neal Stephenson [nealstephenson.com] to drop into this thread and yell, "First!" [nealstephenson.com]

You know... I might have to re-read this book soon.

Not too surprising (3, Interesting)

mobby_6kl (668092) | more than 7 years ago | (#18818093)

This shouldn't be too surprising to anyone who's tried listening to audio output from a typical laptop. You can hear everything, including processor load, disk access, mouse or window movements (the sound noticeably changes depending on the cursor, hovering over a text area sounds differently than over the desktop or window resize areas) and typing. I'm sure some of that audio noise also escapes as electromagnetic emission which, can be picked up with appropriate equipment.

I'm not an expert on Van Eck phreaking, so it's possible that the previously used methods were incapable of detecting this for whatever reason, but the presence of these emissions and the possibility of spying shouldn't be surprising.

This reminds me of the scheduled tinfoil supplies delivery I need to take care of...

Re:Not too surprising (2, Informative)

Ungrounded Lightning (62228) | more than 7 years ago | (#18819847)

I'm not an expert on Van Eck phreaking, so it's possible that the previously used methods were incapable of detecting this for whatever reason...

Previous methods could intercept the signal. Processing it back into an image was the problem.

CRTs essentially modulate the beam current with the basic video signal. Leakage of that puts into the air precicely what you need to produce a copy of the image part (though the current is cut off for retrace). Also pick up and sort out the spikes from the H and V deflection, or interpolate the image sync from the dark areas in the video, and you can reconstruct the sync signals and have a fully-functional video signal, ready to put into another CRT. (Use a directional antenna so you don't jam your own receiver by looking at the result.)

The signal to the laptop's LCD display also leaks. But the leaked signal isn't such a straightforward copy of an analog video signal, ready to be fed to a monitor. Much more processing.

Which they've now managed to do.

Re:Not too surprising (1)

blootooth (653423) | more than 7 years ago | (#18820307)

What crappy hardware are you using? My MacBook Pro doesn't leak any perceptible RF into the audio output.

This was in "Cryptonomicon" (1)

myth_of_sisyphus (818378) | more than 7 years ago | (#18818219)

The protagonist (not Hiro Protagonist, the other protagonist) has to write code on a display that he knows is Van Eck phreaked. He has to write code so that the people looking have no idea what he's writing so he has to obfuscate in many clever ways--I forget how.

Re:This was in "Cryptonomicon" (0)

Anonymous Coward | more than 7 years ago | (#18818495)

Hiro Protagonist wasn't from Cryptonomicon, but rather Snow Crash. The protagonist your thinking of was Randy Waterhouse.

Re:This was in "Cryptonomicon" (1)

Watson Ladd (955755) | more than 7 years ago | (#18820289)

He makes the output be in morse code on the NUM LOCK light on his keyboard.

Old Fashioned Countermeasures Still Work! (2, Interesting)

voodoo cheesecake (1071228) | more than 7 years ago | (#18818221)

The Commodore 64 Blue Book had a section on this. It talked about how to shield your environment by enclosing a room with screen and grounding it. It also mentioned to coat your power cords with a certain paint high in sulfur content. I also suggest taking measures to prevent access and emissions from your grounding rod, if you're connected to a public utility. That also prevents your light bulb from being used as a microphone.

Article Polls! (5, Interesting)

mobby_6kl (668092) | more than 7 years ago | (#18818239)

Holy shit, I just now noticed that this article has its own poll, how awesome is that!

My first reaction was "WTF did the relatively recent end-of-civ poll go" and then when I voted it showed this article's comment under the poll results, which was another WTF moment. When was this feature added/first used? I can already see great use for the article polls, for example the editors could try to guess the popular tags and use them for poll items.
  • Yes
  • No
  • Hellno
  • Its
  • Chairthrowing
  • CowboyNeal

Re:Article Polls! (1)

antdude (79039) | more than 7 years ago | (#18819835)

There was a previous story with a poll. I forgot which story it was. Does anyone remember it?

Re:Article Polls! (1)

SpaceCracker (939922) | more than 7 years ago | (#18820283)

Dude, why stop at the article level? They should enable comment polls. If I may, I'd like to take the first vote on yours. I choose Chairthrowing.

Work done three years ago (2, Informative)

Tom Womack (8005) | more than 7 years ago | (#18818581)

This really isn't new news; the work was done in 2004 and presented as

http://www.cl.cam.ac.uk/~mgk25/pet2004-fpd.pdf [cam.ac.uk]

as well as countermeasures; randomising the low-order bit of all your pixels anew in every frame would be ideal, but using colours which have the same number of bit transitions in 'black' and 'white' works almost as well. Looks a bit ugly to have your screen entirely in off-greens and off-pinks, but that's the price of security.

HDCP actually helps against this kind of thing, because there are no long lengths of wire carrying unencoded video signal.

Re:Work done three years ago (1)

TodMinuit (1026042) | more than 7 years ago | (#18818627)

Wouldn't it be easier to apply countermeasures to prevent eavesdropping to an entire room instead of individual pieces of hardware?

Re:Work done three years ago (1)

Lehk228 (705449) | more than 7 years ago | (#18819387)

it's easier to not do anything at all, it's safest to do both

Odd thing... (1)

Ant P. (974313) | more than 7 years ago | (#18818601)

I was messing around with an AM radio near my PC just 2 hours ago trying to get a useful signal. I noticed something funny going on - every time I moved the mouse making its LED light up, the radio got a strong buzzing noise until the LED powered down again. It's not even a wireless mouse.

How soon until keyboard LEDs? (1)

behindthewall (231520) | more than 7 years ago | (#18818849)

But how soon until they can read the keyboard LEDs? Then I'll really be screwed.

(I don't care if it was fiction -- it was a good introduction for a lot of people to basic information security concepts, including those who might otherwise not get or suffer through one.)

Holoprojector (typo) (1)

ThatsNotPudding (1045640) | more than 7 years ago | (#18819027)

Of course you meant Holodeck, right? /disable the safety protocols, Professor Moriarty!

More information (4, Informative)

Masato (567927) | more than 7 years ago | (#18819105)

I recently finished a research project on this subject and have actually had a chance to read a few of Kuhn's paper. From what I've seen and what other researchers have done, not a lot of thought has gone into making most equipment EMSEC compatible, so I'm not at all surprised by this finding. Most of the time, having "secure" equipment isn't required as very few individuals beyond large government entities have the money, resources and knowledge to be able to conduct such an attack. Extensive design and testing is required to ensure that equipment conforms to EMSEC standards and most companies are simply not willing to spend the extra money to certify their equipment for something very few people know anything about. According to Kuhn (see Security Limits for Compromising Emanations [cam.ac.uk] - warning PDF) emissions levels need to be as much as six orders of magnitude lower to prevent unauthorized snooping on most modern equipment.

Another paper that is very relevant to this article is from a Japanese group who did research on the same topic (LCDs, laptops, etc) A Trial of the Interception of Display Image using Emanation of Electromagnetic Wave [www.nict.jp] - again, a PDF. What's interesting to note from this paper is the fact that the researchers found that minor inconsistencies in the production of the equipment caused slightly different synchronous frequencies to be detected. This means in an office it could be possible for an attacker to "choose" which monitor they wish to look at by its frequency signature.

MPAA will be pissed (0)

Anonymous Coward | more than 7 years ago | (#18819353)

Another way around their DRM...

This obsoletes a few technologies. (1)

dysprosia (661648) | more than 7 years ago | (#18819731)

Who needs VNC or networked X any more??

Radio (1)

MadnessASAP (1052274) | more than 7 years ago | (#18819823)

For a while I had an old ham radio sitting on my desk(receive only) and when fiddling around with it at certain frequencies I would hear patterns of beeps and for a long time I wondered what these were and then I finally noticed that the beeps synced up perfectly with the activity LED on my router. Granted it would take a lot more then what I had to actually decipher any useful information from it.

Anyone whos run tempest..... (1)

niXcamiC (835033) | more than 7 years ago | (#18820423)

I've run tempest on my dvi flat panel, my crt, and with no monitor plugged in. It aint the monitor generating the rf, its the video card.... I knew this when I was 17, and they get press for writing a paper on it?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?