Laptops And Flat Panels Now Vulnerable to Van Eck Methods

An anonymous reader writes "Using radio to eavesdrop on CRTs has been around since the 80s, but Cambridge University researchers have now shown that laptops and flat-panel displays are vulnerable too. Using basic radio equipment and an FPGA board totaling less than $2,000 it was possible for researchers to read text from a laptop three offices away. 'Kuhn also mentioned that one laptop was vulnerable because it had metal hinges that carried the signal of the display cable. I asked if you could alter a device to make it easier to spy on. "There are a lot of innocuous modifications you can make to maximize the chance of getting a good signal," he told me. For example, adding small pieces of wire or cable to a display could make a big difference.'"

Telling question

"I asked if you could alter a device to make it easier to spy on."

Okay, see, that's the type of questions the NSA likes to see its potential employees ask. Any other type of person would ask if you could alter a device to make it *harder* to spy on.

Re:Telling question

Unless, of course, you're looking to protect yourself from such modifications.

less social intelligence than a 13 year old

"i have a friend, ehem, who is worried about this kind of hack, ehem, and i was, i mean he was, wondering what he could do to..."

"guard against it?"

"no, no, what he could do to... um, make sure the 'bad guys' haven't modified his system, ehem, like, what would a bad guy do to make this work better so he could do it, i mean, so he could have an idea of the kind of modifications to look out for?"

BEHOLD ! I am TEMPEST, they LORD and MASTER

BEHOLD ! I am TEMPEST, thy LORD and MASTER ! Bow before ME ! Fear ME ! I see ALL*!

*its a bit fuzzy, like snowy tv - BUT I SEE ALL !! FEAR ME !!!

Re:Telling question

Well the voting machine companies would like to know how to do that too.

Re:Telling question

Good point, Agent 11846.

ch0wned!

I think this means they've always been vulnerable, but no one knew. It's not like someone turned on the Vulnerable switch.

Re:ch0wned!

I wonder if this could be used (at close range to reduce errors) for the only remaining analog hole

The MPAA will be furious!

Oh bull

No one knew? That's utter nonsense. I noticed that my laptop lcd monitor would cause interferce at times on my FM radio seven years ago, depending on what it was doing, and what station I was listening to.

That's a pretty big red flag that these suckers were subject to Van Eck.

And if the NSA could hear Scott McNealy's friggin keyboard outside in the parking lot (as they later told him during a meeting in the late 1990's), you'd better believe that the NSA has had LCD monitor reading capability for at least that long.

Just because it's not in the popular press, or published papers, hardly means that no one knew. The only thing surprising here is that it took so long for someone to get a paper out it.

I don't mean to disparage the researchers, who deserve a lot of credit to finally bringing this to public knowledge, but this is really low-hanging fruit.

Yes, we've known for a decade

... i.e. just about as long as laptops have been usable. Wireless eavesdropping and TEMPEST issues were a common discussion topic back in the Cypherpunks era, among the technical experts as well as among the tinfoil hat crowd, and a number of us had worked with TEMPEST professionally.

My ~1995 laptop (486? Pentium 60? MHz) would display on my parents' TV screen when I visited them. (No, I didn't live in their basement, I'd just avoided having a TV in my house back then:-) It wasn't in sync, so there were three partial screen images scrolling slowly, and there weren't enough pixels, but it was readable enough to be obvious that a real receiver would be able to display the output cleanly. My guess was that the culprit wasn't really the LCD drivers, but the auxiliary VGA port on the back of the laptop; I no longer remember if I tried turning that on and off, or exactly which laptop model it was, but Google probably knows.

The real difficulties are getting enough focus to only grab signals from the laptop you're looking for, and not all the other CRTs and TVs and LCDs around, which is why you're reading an interview with an expert like Markus Kuhn and not just some 1337 k1dd13z, and doing so without parking a big antennaful van on the street in front of your target.

If you look at the real security threats here, there are two sides -

• Crackers trolling for whatever they can find, like passwords and credit card numbers they can abuse, who are willing to eavesdrop on anybody nearby, such as people in an airport
• Cops and spooks and secret police who are targeting *you*, in which case you've got much more serious security problems than whether your laptop screen can be eavesdropped.

An ounce of prevention

adding small pieces of wire or cable to a display could make a big difference

That's why I always carefully remove all the wires from all my electronics.

Re:An ounce of prevention

I keep my laptop under my tinfoil hat. Problem solved.

Wow

For example, adding small pieces of wire or cable to a display could make a big difference.'"

So adding an antenna makes it broadcast better meaning you can pick it up easier. Shocking. Very useful for remote spying. Step one, add an antenna to the target's display.

The Offical Howto

Step one, cut a hole in a box Step two, put your antenna in that box Step three, make her open the box Whoops, scratch that last step

HDMI?

I wonder if they're just reading the signals that are being sent over the wire? With analog signals this is pretty easy to to, but with DVI it's a lot harder, and way harder still if the signal is encrypted. With the future of display technologies appearing to be heading as close as possible to encryption to the eyeballs, it makes me wonder how long this will remain viable.

Re:HDMI?

wonder if they're just reading the signals that are being sent over the wire? With analog signals this is pretty easy to to, but with DVI it's a lot harder, and way harder still if the signal is encrypted.

With DVI it's probably a lot harder, but the signal might actually be clearer if you knew how to pick it up, kind of like how you can pick up UWB radio at high ranges. The on-off style of the signal creates a sharper signal. It might require more hardware but I wouldn't be surprised if you could do it at longer range.

An encrypted signal, of course, will be much harder to deal with whether there's an easy-to-receive digital signal or not.

I'm skeptical of the idea that the main video link will be encrypted any time soon though, because of the immense bandwidth involved.

Also, I have to wonder if you could simply pick up the signal between the controller, which decodes the signal (digital or no) and the panel itself...

Bad story submission title

The title given to this story on slashdot is awful, especially for a geek news site. Haven't we already established that obscurity is not security? And about a million times over?

An unpublished vulnerability is no less real than one that has been announced, and is in fact more dangerous because the lack of an announcement leads to a false feeling of security. The real story is that your laptop has in fact been vulnerable to van eck phreaking for years and year, not just "now".

It's a good thing I haven't had faith in slashdot for a long time now, or I'd be really disappointed. As it is, I'm just pointing this out for those who didn't already notice.

Bypassing DRM

Maybe this technique could be used to bypass that DRM stuff and capture movies etc right from the screen, how do you think about it?

Security hole in the making

I remember seeing a demo of this back in the 80's. I always had a suspicion this was possible, however some people still balk at this as 'science fiction'. I can assure you it's not. It's this kind of thing that should be waking up manufactures to the perils of shitty RFI design. Spewing broad band spectrum pollution not only causes radio interference, but also opens you to security problems.

Not to go slightly off topic here, but BPL (broadband over power wires) providers ought to see this as a wakeup call. Coupling broad band ODMF signals on widely spaced wires hanging 40+ feet in the air, radiating like antennas is a HUGE security issue. Not only can BPL be jammed with something as simple as a CB or Amateur radio transceiver, but a creative individual could use similar methods to monitor BPL signals.

van Eck only made it public

Russia and the U.S. had been snooping VDT images since the early 1970's or earlier. van Eck just made it public by publishing a paper on how to do it with $100 of Radio Shack parts. cryptome.org [cryptome.org] forum postings include a reference to a 1973 book.

Cryptonomicon?

So the hack that is mentioned in Cryptonomicon is pure sci-fi? It says that van-eck was possible on a laptop because of some backwards compatibility issue, in which laptops still refreshed the display 60 times per second or so, even if they didn't need to, so you could pick up on that radiation or something for the phreaking. It wasn't really possible until now? Or is this a different method where you can spy on LCD's using some method specific to LCD's?

Wobbly windows to the rescue!

So this is what all those fancy 3D desktops are good for. Just set wobbliness and fuzzy effects to max and no one will be able to make sense of what is going on on your screen (including you - trust no one).

At last!

I can spend $2000 to be able to read my laptop that's across the room while I'm still in bed. Now all I need is some sort of glove I can hook up to a robotic arm so it can type for me. Or better yet, I can invent a fing-longer!

Sigh If only they would make a portable version of my laptop...

TEMPEST

The NSA, and other intelligence agencies, have been exploiting stuff like this for more than fifty years. Technology changes, but the fundamental principle, interception of EM radiation stays the same. You can even spy on certain models of electric typewriters. If you ever get the chance to look at TEMPEST certified hardware, you will see the lengths that the engineers have to go to, to shield and filter an electronics device. Besides the box itself, all cables have to be well shielded and filtered, or they just function as antennas for your sensitive data.

Article Polls!

Holy shit, I just now noticed that this article has its own poll, how awesome is that!

My first reaction was "WTF did the relatively recent end-of-civ poll go" and then when I voted it showed this article's comment under the poll results, which was another WTF moment. When was this feature added/first used? I can already see great use for the article polls, for example the editors could try to guess the popular tags and use them for poll items.

• Yes
  
• No
  
• Hellno
  
• Its
  
• Chairthrowing
  
• CowboyNeal