Security Risk - $15 Worth of Electronic Eavesdropping
Every computer monitor emits invisible radiation. This radiation can be captured remotely. If done the right way, the image shown on the monitor can be reconstructed remotely. This allows the attacker to observe whatever is going on on his victim’s computer!
Information that drives the video display takes the form of high frequency electrical signals. These oscillating electric currents create electromagnetic radiation in the RF range. These radio emissions are correlated to the video image being displayed, so in theory they can be used to recover the displayed image.
This process is called Van Eck phreaking, named after Dutch computer researcher Wim van Eck, who in 1985 authored an academic paper that described this form of electronic eavesdropping, with the term phreaking, the earlier practice of using special equipment to make phone calls without paying. Van Eck phreaking is identified in the U.S. government project known as Tempest and, although some information remains classified, has probably been used to spy on suspected criminals and in espionage. In Wikipedia’s article of the project TEMPEST, which claims
Van Eck successfully eavesdropped on a real system, at a range of hundreds of metres using just $15 worth of equipment plus a television set.
The Tempest project has also led to advice and some standards development for how to shield devices so that eavesdropping is not possible. However, the cost of shielding means that many commercial devices are still vulnerable and, for this and other reasons, some of the details about what equipment is required to do van Eck phreaking remains classified. Susceptibility to eavesdropping can also be minimized by designing equipment that generates little EM energy.
Depending on the type of CRT used, the sensitivity of the detection equipment, and the general level of EM energy in the area, Van Eck phreaking can be done over distances ranging from a few meters up to several hundred meters.
The relevance of this attack is obvious, and the threat is real. Snooping the passphrase from the keyboard, and even whole messages from the screen are viable attacks. This attack, however exotic it may seem, is not beyond the capability of anyone with some technical know-how.
Bookmark This!
I am Filipino Web Developer, focusing on PHP in LAMP framework. As a kid, I spent a lot of my time exploring computers and computer games from Atari to PS, from INTEL 80286 - CoreDuo. I am happily married, with two kids. Currently working in Japan as an IT Engineer.