Have you ever wondered how VGAs and computers communicate? Do you always trust your monitor when you all alone in that tower high iron-walled built office of yours? Perhaps, you believe that an intrusion or compromise is possible.
If you do, you might reconsider after reading through this post. You’ll find out that it only takes one expert to intrude and get access to that highly classified document or that important email on your screen.
How is this possible even though you are all alone with no wires connected? Your windows are tint, you’re on the 3rd floor… Unfortunately, these factors do not guarantee security.
Anyone familiar with computer security surely will be familiar with TEMPEST attack. Tempest attacks are silent and can hardly be detected since the attacker sits far away with his/her gadget, making utmost effort to retrieve sensitive data displayed on the screen.
All it takes is for the attacker to capture signals which could be in form of magnetic and or electric field radiation by an Antenna, the signal then passes a Low Bandpass Filter (to eliminate extra received frequencies, not in the desired bandwidth), which then is amplified by an amplifier.
After this, it is passed to a receiving system which typically was a DSI TEMPEST receiver with a bandwidth of about 10 MHz and reconstructed by a system onto an output. From this stage onwards, your PC displays are no longer secret!
In the days of Cathode Ray Tubes, Techies utilize low-end receiver to capture compromising emanations from distance up to fifty (50) meters of targets computer, dumping to his screen the exact reproduce information across the distance. Regenerating these signals were fairly not difficult as the strength of emission were quite high.
Research on Eavesdropping on a Computer Display
Going down history lane, there has been some research on systems that aid eavesdropping, however, there was one notable paper published amongst many others.
Four engineering student of Cambridge University namely Unnikrishnan Koroth, Abdulla Hisham, Viswajith A. and Aravind G.S. got motivated to pry on computer systems. They successfully pried computers and television monitors that emitted electronic or electromagnetic radiation and they jointly set an all-time record, scoring 98% for the project in Cambridge University.
Thanks to Dr. Markus Kuhn who helped to finish off the project the system collected data from radiations emitted by personal computers (within 10 meters).
Eavesdropping Systems Now
Today, those easily-compromised monitors have been replaced with Flat-panel technologies, such as Liquid-Crystal displays LCD, Plasma, etc. However, spying tools have also enjoyed technological advancement.
It was proven during the 2016 DEF CON hackers’ convention in Las Vegas, Nevada as Ang Cui and Kataria Jatin of Red Balloon Security hacked a monitor first by gaining physical access which aided in altering the display firmware via I/O ports with a malicious one. Furthermore, they successfully manipulated the information displayed on the screen.
In recent years, Dr. Kuhn of Cambridge showed an amplitude demodulated and restored signal with the eavesdropping device a few meters (between 3m and 10m) away from the target device. He scanned through some frequencies to get a clear rendition of what was displayed on the laptop screen. Though not as clear as original, the output was readable and to increase the visibility, an enhanced high-end antenna can be used.
The Outlook of Eavesdropping Systems
In general, all electronic device including Computer systems emit low-level electromagnetic signals and the computers come with liquid crystal display LCD monitors which still have unintended emissions. All these influences the signals radiated and they facilitate eavesdropping.
Although this also makes it possible for false images to appear on the screen. It might even cause false pixels or a replication of another image across a distant screen.
Recently published eavesdropping systems are exorbitantly priced and most of them are not so portable. Research is ongoing to bring down the cost. Also, all the published eavesdropping attacks worked if the attacker was a distance up to 10 meters away from the victim. Perhaps, you can try to use this knowledge to your advantage.
This poses a big threat as information in wise might not be private and confidential as one might think. In fact, the device you are using to read this very information probably is beaming some radiations away. So would you trust what’s on display right now?