EMI, Van Eck, etc.
In almost every writing I've come across regarding Van Eck, I notice the phrase "...simply a modified television" or something along those lines. Does anyone have a document for actually modifying a television set to do this sort of thing? It doesn't have to be extremely long ranged, and could in fact be very short range.. I am interested in performing my own experiments into defeating this sort of eavesdropping. Also, would it be possible to scramble the signal into an unusable level by simply putting another device emanating RF at the snooping frequencies nearby the machine that you want to protect? Something generating white noise at that frequency, but with a purposely built antenna, say a high gain type turned outward from the monitor, with a significantly higher power output than the monitor? Thanks.. -The Spectre [SP4 w/ Clam Cluster] -http://www.anthrax.net/cos "No man is clever enough to know all the evil he does." - La Rochefoucauld
The Spectre wrote on 1998-03-18 05:11 UTC:
In almost every writing I've come across regarding Van Eck, I notice the phrase "...simply a modified television" or something along those lines.
Does anyone have a document for actually modifying a television set to do this sort of thing? It doesn't have to be extremely long ranged, and could in fact be very short range.. I am interested in performing my own experiments into defeating this sort of eavesdropping.
Ingredients for a minimum cost quick&dirty TEMPEST experiment: 1 RF tuner of a VCR 1 antenna amplifier 1 antenna 1 multisync PC monitor 1 PC with a video card (or a pair of tuneable sync oscillators) Connect the PC with the video card to the SYNC inputs of the multisync monitor. Program the video card to a video mode with the same deflection frequencies as that used by the target system. Connect the baseband output of your tuner to the VIDEO-IN pins of your monitor. Connect the antenna and amplifier to the RF input of your tuner. Switch on. Fill the screen of the target device with a big symbol consisting of dithered and non-dithered areas for best results in the first trials. Now tune through the VHF bands starting with the dot clock frequency of the target. That's it basically. Such a primitive TEMPEST monitor is of course unsuitable for evaluating the threat from much more sophisticated wide-band DSP eavesdropping receivers that directly attempt OCR-style algorithms on the signal with matched filters. But it is fun to play around with, it is useful for getting a feeling for the effect, and it is suitable for demonstrating most of the Soft Tempest tricks that I described in <http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf>.
Also, would it be possible to scramble the signal into an unusable level by simply putting another device emanating RF at the snooping frequencies nearby the machine that you want to protect? Something generating white noise at that frequency, but with a purposely built antenna, say a high gain type turned outward from the monitor, with a significantly higher power output than the monitor?
The FCC and your radiologist advise against this. Shielding is much more elegant than jamming. Remember that CRT content is a periodic signal, thus you can suppress uncorrelated noise by periodic averaging rather easily. Good jamming must produce a correlated output signal. See United States Patents 5165098 and 5297201 for descriptions of correlated jammers. I don't think, these are widely used though, as the TEMPEST standards seem to mandate shielding and not jamming, which I think is very sensible. Markus -- Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK email: mkuhn at acm.org, home page: <http://www.cl.cam.ac.uk/~mgk25/>
On Tue, 17 Mar 1998, The Spectre wrote:
Does anyone have a document for actually modifying a television set to do this sort of thing? It doesn't have to be extremely long ranged, and could in fact be very short range.. I am interested in performing my own experiments into defeating this sort of eavesdropping.
Well, for one.. I don't think (speculation, I haven't done any real investigation into it yet..) that this oft repeated maxim applies to modern hi-res monitors with super refresh rates. I don't think that a TV could be used to display emanations from a new monitor. OTOH, I haven't looked into modern TV technology at all.. I don't know what the new sets are really capable of. Suffice it to say, you probably won't be able to modify an older set to snoop on a new monitor set up at 1280x1024, but if for experiment purposes to just did a text display you should be able to snoop that with an older set.
Also, would it be possible to scramble the signal into an unusable level by simply putting another device emanating RF at the snooping frequencies nearby the machine that you want to protect? Something generating white noise at that frequency, but with a purposely built antenna, say a high gain type turned outward from the monitor, with a significantly higher power output than the monitor?
I would think that any device of this sort would make the monitor's display rather distorted.. unless you put shielding around it to protect it, but that same shielding would prevent usable EMR. Find the Unofficial Tempest Homepage (sorry, dont have the URL handy.. but I found it a few times by searching out the title from altavista) it has links to Van Eck's original paper, and if memory serves papers that "fill in" the gaps of Van Eck's work to help in modifying equipment. Michael J. Graffam (mgraffam@mhv.net) http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc "Act only according to that maxim by which you can at the same time will that it should become a universal law.." - Immanuel Kant "Metaphysics of Morals" ** This message not PGP signed because I am logged in through an insecure ** channel. Caution may be warranted.
participants (3)
-
Markus Kuhn -
Michael Graffam -
The Spectre