Prying eyes on your PC secrets !

[Koroth]

emanation proof

Hai I am Unni Koroth, an electronics and communication engineering student in INDIA. I need some help to do my main project. I will start a new thread for that. But before that I need to give you some introduction on my mini project and its importance.

**broken link removed**

Then I started it in some technology forum

And atlast in a Hacking forum Its already a burning topic there. I got some challenging doubts also. I expect the same here also.

Ok...

Prying eyes on your PC secrets !

**broken link removed**

This was the front page of "The New Indian Express", Friday 30 December 2005, a leading newspaper of India. The headline was about the terrorist attack in Bangalore, the intellect city of India. But look at the bottom news. Its a dream come true for me.

Click on the image to get the news zoomed in :

**broken link removed**

And the page 5:

**broken link removed**

When we completed the project we went to different news reporters to publish it. They said NO. They havent understood what it was. Then we stopped going behind them. After that they started coming behind us. What a contradiction ?

Now in the front page of a national daily !!!!!!!!!!!!!!!!!!!

Doing a reality check.....

The story of our project is a long one. I can tell it if you are interested. It starts with the program "Tempest for Eliza". Tempest for Eliza is a Program that uses your computer monitor to send out AM radio signals. You can then hear computer generated music in your radio.

Those who want to know more on the subject Tempest and Van eck phreaking, use the following links
**broken link removed**
Van Eck Phreaking
TEMPEST
Markus Kuhn's research paper. This is a must read and it is the encyclopedia for us.

Now I am ready to discuss about something that I really know. This is a rarely discussed thread. If it is discussed then it consist of so many myths and wrong data as I have found in the internet.

Ask everything you wanted to know.

I seriously want to have a serious discussion. And we have decided to make the hardware opensource. Eventhough we got the output, I have some serious doubts relating to the theory parts.

Forgive my English. My primary language is not English.

And now some FAQ.

Q. Hey, how much does building something like this cost?

In dollars ? It depends according to the selection of antenna.

200$ for the hardware made by us.

With 100$ you can make the equipment. The extra money was spent for importing the antenna from US.

With 10$ itself you can prove that the "Vaneck phreaking is not a myth" but with lot of trial and error.

Q. I have heard of TEMPEST in the past, but a question which is worth asking: LCDs are by default immune to this, correct? Has anyone devised an alternate attack on the LCD display? I would think that would be difficult.

http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-577.pdf

Get it downloaded and read to understand everything related with this stuff.

MYTH #1 Only CRT monitors emit radiations that can be captured and reconstructed.

As given in the unofficial tempest site:

LCD displays on laptops eliminate the risks of TEMPEST attacks. Maybe, maybe not. The technology behind LCD monitors versus typical CRT monitors may somewhat reduce the risk, but I wouldn't bet my life on it. There have been anecdotal accounts of noisy laptop screens being partially displayed on TVs. If laptops were emanation proof, I seriously doubt there would be TEMPEST standard portables on the market.

Sadly the term Van Eck Phreaking is often connected with monitor. From our studies, we understood that the primary source of radiation is Video card and not monitor. When we directed our antenna towards the video card ( the cpu ) instead of monitor, we got double range. The radiation from monitor is significant for certain frequency and the radiation from video card is significant for certain other frequency.

And it is a burning discussion in the elitehackers forum.
http://www.elitehackers.info/forums/showthread.php?t=1151
http://www.elitehackers.info/forums/showthread.php?t=1151&page=2

Use the this link (posted for third time) to understand the theory, how the radiations are getting modulated.

 

[vvvvvv]

pc spying using crt emissions

Well it's no doubts that motherboard and other chips
on PCB generate EMI, and it's can be used to h(at)ck you comp. But it's important , imho, for companies
and military agencies. Why do you spend your life for this. Are you have unlimited time for this
destructive things. Imho better to spend resources
on anything useful, then hacking and antihacking.
It's companies matter, then people alone.

 

[Koroth]

lcd military displays tempest

Well it's no doubts that motherboard and other chips
on PCB generate EMI, and it's can be used to h(at)ck you comp. But it's important , imho, for companies
and military agencies. Why do you spend your life for this. Are you have unlimited time for this
destructive things. Imho better to spend resources
on anything useful, then hacking and antihacking.
It's companies matter, then people alone.

Well... Agreed.

But the project was really fascinating and I hadnt spend my life for it.

 

[artem]

It is known for a years, together with chips (like microprocessors) hardware builtin sleeping remote activated spying or blocking capabilities , as the chip manufactorer side can stop chip from processing or transfer data out of PC . That is similar to windows goverment controlling holes for spying (which is publicly known and issue was hot few months ago ) but implemented within hardware.

There is no warranty from intrusion unless you design your own chip and hardware . Unfortunately...

For your case, spying can be prevented either by placing PC into shielded room with tested protection and/or placing an EM noise generator(radiating on freq where possible spy can occure) near it.

There must be few companies producing this shit spying equipments , but dont ask me - i dont know them and even i dont want to know.

I can give you another idea - try to analyse commercially known vhdl compilers for malicious code insertion into synthesis result.

 

[flatulent]

Notice that this was done on a CRT type monitor. LCD types do not have this problem as they address several pixels at a time and it is the phase of the signal that sets the brightness. The CRT type have a big current loop from the electron beam to the screen and back again through the return path.

The other thing is the distance to the monitoring station in real life situations. They have to be far away to not be seen with their equipment.

Was the BBC program demonstrating the pickup from a few cm away from the screen or from the next building?

 

[Koroth]

Notice that this was done on a CRT type monitor. LCD types do not have this problem as they address several pixels at a time and it is the phase of the signal that sets the brightness. The CRT type have a big current loop from the electron beam to the screen and back again through the return path.

The other thing is the distance to the monitoring station in real life situations. They have to be far away to not be seen with their equipment.

Was the BBC program demonstrating the pickup from a few cm away from the screen or from the next building?

LCDs also radiate and can be capturd and reconstructed. Read the start post.

I havent seen the BBC program. But we got a range of 10m and we were able to reconstruct the data in the other room with the computer placed in another room.

And using "Tempest for Eliza", we found out that the radiations extend up to a 50m range.

 

[Buriedcode]

Hi, just thought I'd butt in

It's a very interesting subject, and I completely understand your interest in this subject Koroth. Also, the rest of you, its refreshing to see people discussing things, and contributing in a constructive manner.

About EM emissions. Although the EMI from CRT monitors is terribly 'muddled' I have seen methods for 'capturing/decoding' them. The advent of the computer age, with its ability to execute horrendously complicated algorithms, can do so much. Its not just CRT monitors that can be 'decoded'. Virtually any data transfer using significant current can be intercepted. As I'm sure you all know.

But, as someone said, LCD monitors emit far less EMI than a standard CRT monitor (the nature of CRT, with its HV, high power magnetism(cannot be shieled) and its 'old' approach to display, is just begging to be picked up). Also, as you all know, EMI falls off to the square, and probably to the cube considering these devices are placed in buildings with fading channels, walls, people, etc.. to reflect/absorb radiation. There must come a point where the EMI amplitude is so low that it cannot be picked up effectively, and because we live in a 'sea' of EM radiation (radio, TV, GSM, ELF etc..) the noise floor is terribly high, drowning out these emissions.

My point, is that although I'm sure with clever electronics, the EMI from many different devices could be picked up, and it is a security risk. However, its less than it was a few years ago, because of the above reasons. If people are paranoid about people viewing text on your screen, why not learn another language? I bet the little hackers won't expect that

I vaguely remember the BBC prog (in the UK here) and they were very scared, even though the range was in the order of a few cm. If you can pickup things 50m away, from your equipment - get different equipment. For EMI to extend that range, and sitll be above the noise floor, the equipment is obviously using waaay too much power, not well sheiled and probably not doing yourself much good either. After all, its well documented that low to medium EMI has a greater negative effect on biological systems than high-power EMI.

Finally, we are starting to see some 'negative' effects from our own 'wonderful technology'. Of course people will use it for crime, as far as I'm concerned, if something is designed so badly that it kicks out EMI, or if someone buys equipment that does so, then they shouldn't complain about having data stolen. (not that anyone here was doing so..)

My pointless opinions...

BuriedCode.

1 in 6 billion...meaningless, yet completely unique.

 

[Koroth]

Also, the rest of you, its refreshing to see people discussing things, and contributing in a constructive manner.

Thats what I meant also. A creative discussion. I need some help with my main project. It is of a similar kind. So I wanted to know the community here and introduce myself within a single post.

See, these ideas may be knowing to you people from childhood. But in a country like mine, its different. When I proposed this idea for our project, even our teachers said its impossible. ( Even we thought its impossible) And many webpages are forbidden to geographical area like India. So we really tried our best and got a working hardware. I think you people can understand the feeling when someone makes an Impossible possible.

 

[flatulent]

Notice the journalistic sleight of hand in the story. They demonstrate on the CRT and then say that the LCD also has emissions.

There is a big difference between decoding a clear channel ASK signal and 16+ PSK signals on the same frequency.

These algorithms use integration very much like that used in RADAR to average many target returns. The time duration of the integration is limited in the computer case by how long the screen display stays the same.

 

[bursac]

hi Koroth!

I am very interested in your work. Have you patented yet? maybe you sholud
I have tried a tempest for eliza in linux but with small range. about 1 meter.

kind regards,
bursach

 

[nguyennam]

As per what you are talking about, so the best solution is not using PC?

nguyennam