I can hear you typing...
January 20, 2008 10:42 PM   Subscribe

Crafty types can eavesdrop on the contents of computer monitors.
posted by cmonkey at 10:46 PM on January 20

van eck was what I came to mention, i also remember reading something about 'acoustic keylogging', but i think that it required a pretty hefty sample of known input to compare against. Kinda like how telegraph operators in WWII could be identified from their 'fist', or keying style.
posted by pupdog at 11:46 PM on January 20

You don't even need to listen:

Timing Analysis of Keystrokes and Timing Attacks on SSH
posted by zabuni at 2:34 AM on January 21

Some researchers have done work on reconstructing the image on a CRT by monitoring the light levels so that, for example, even if you can't see the monitor itself, you can get an idea of its contents by looking at the flickering of the light reflected off walls. Unfortunately, I could only find this fairly technical paper [pdf].

Here are some interesting ideas on using the sound emanating from a motherboard to perform timing attacks.

All of these are types of side-channel attacks.
posted by enn at 6:06 AM on January 21 [1 favorite]

I also have heard of users being able to monitor LED light activity on an Ethernet interface to decode the data being sent...

Anecdotal, but when I was working in the tech security industry in the early 2000s, there was definitely a big to-do about this. Turns out that the light on modems/routers, etc would blink out the data stream (ie, 1 on, 0 off), and it was possible to decode this.

Interestingly enough, radio shack used to put out a cheap rolodex portable that used a similar principle to transfer data: instead of using infrared (the hot shit at the time), you'd hold the device up to your floppy drive light and it would blink out the data.

Here's an apparent cite, although I'll admit I haven't read it: Information Leakage from Optical Emanations (PDF) -- [Google HTML] . I think activity lights are no longer a direct on-off with the data stream because of this, but I haven't been following the trends in security for several years.

I've also been privy to hearsay about TEMPEST/CRT eavesdropping. When I visited Boeing with my company in early Sept 2001, they had a Faraday cage at the entrance to their building which our escort told us was there to cut down on this sort of thing (and probably cell phone/radio transmissions etc etc). Anyhow, it was serious enough that the big dogs were doing something about it.
posted by fishfucker at 8:55 AM on January 21 [1 favorite]

Anecdotal, but when I was working in the tech security industry in the early 2000s, there was definitely a big to-do about this. Turns out that the light on modems/routers, etc would blink out the data stream (ie, 1 on, 0 off), and it was possible to decode this.

oh, and PS, there was also the classic story going around about the bumbling corporate response; something along the lines of how there were million-dollar studies on ways to defeat it, etc, etc, and then when it came down to it, most ops simply put a piece of duct tape over the led light.
posted by fishfucker at 8:58 AM on January 21

able to tap the EMI signal from a VGA cable

Most cables are shielded enough to make this a fruitless exercise, but regardless... why bother? The cathode ray tube the VGA cable is plugged into will emit more than enough radiation to get a picture from a few dozen feet away.
posted by Civil_Disobedient at 4:34 PM on January 21

It wasn't VGA but I used to be able to see a ghost of my computer monitor on my TV (on a different floor of the house) back in the early 90s. Enough that I could see the outlines of windows. Of course, I don't know if it was the graphics hardware emitting the EMI, the CRT, or the cable.
posted by jewzilla at 8:55 AM on February 7

« Older Sibling and sibling's spouse a...   |   Are there any OS X equivalents... Newer »