TEMPEST was code name given for to a NSA project regarding technologies used to intercept and decipher the electromagnetic signals that all computers emit. Later, TEMPEST became a backronym: Telecommunications Electronics Material Protected from Emanating Spurious Transmissions.
Today, in military circles, the term has been officially supplanted by Emsec (for Emissions Security); however, the term Tempest is still widely used in the civilian arena.
About two years ago, I've stumbled across this little program in FreeBSD's ports collection:
Tempest For Eliza is a program that allows you to control the electromagnetic signals your monitor emits (by controlling the image displayed on screen) in such a way that you can send AM radio signals with audio (music).
Some demonstrations of Tempest in action:
http://www.youtube.com/watch?v=dWmGNL-ttDY
http://www.youtube.com/watch?v=F-O1QWWmVmg
Although this use seems harmless enough, one can capture the electromagnetic signals emitted by your monitor and reproduce the image on a another machine. This process is know as van Eck phreaking.
A working implementation of that concept is proven in:
http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf
Or, using like 100$ worth of RadioShack components, one can build a fully working receiver and capture data that's good enough to read (may not be effective for modern monitors, but I've seen a few whitepapers on the subject detailing such functional units).
Here is an open source implementation of that concept:
http://eckbox.sourceforge.net/
Guess it's time to bring out the old Faraday cage, hey guys? :-).
And just in case you didn't realize, this is also possible with flat screen monitors, not just CRTs.
So, is this actually used in real life? You bet! Here's an example of a TEMPEST attack on a voting machine (computer). It basically allows people to see who you've voted for. So unless your gear is certified NATO SDIP-27 Level A, you are pretty much vulnerable to such attacks.
Similar attacks can also be made on copper cabling (such as your Ethernet network). When in doubt, use Fibre!
Tuesday, October 23, 2007
Tempest - interpreting electromagnetic signals emitted by your monitor
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment