Sealing wax & eKeyboard

Sunder sunder at sunder.net
Thu Jul 17 06:56:27 PDT 2003 

On Thu, 17 Jul 2003, Trei, Peter wrote:

> Lets not forget optical TEMPEST - remember a few months ago,
> when it was demonstrated that the image on a CRT could
> be reconstructed just from the light it reflected on walls? The
> point where the electron beam is hitting the phosphors is 
> much brighter than the rest of the screen, and by syncing a
> fast photodetector to monitor scan rates, you can reconstruct
> the image on a screen in a distant room just by viewing the
> backwash light through a telescope.

Absolutely.  Which is why people worried about security in this manner,
should move to LCD's. Not just for weakening TEMPEST signals, but also for
defeating optical TEMPEST... (and saving power.)  However I have to say
that from a purely user point of view, I like the way CRT's look much
better than LCD's.  CRT's tend to be richer and brighter than LCD's, and
their refresh rates are much better...

LCD's are still suceptible to TEMPEST monitoring, though there are far
less emissions since there isn't this great big nuclear particle
accelerator sitting infront of you :) (what? electrons are nuclear
particles. :)  But the signals from poorly shielded VGA cables can still
be picked up (as can those of keyboards, and other hardware.)

Other tricks include using more than one monitor (make sure they're all
the same brand/model, attached to video cards that are identical and
operating at the same resolution, depth, and refresh rate, and displaying
random junk, etc. + using tempest fonts on the non-decoy system.)

Better yet, use a notebook computer on battery power (so that power saving
mode comes intoplay) with several decoys as they'd (generally) dump much
less RF.  You could also add some shielding, but it's unlikely to help
very much...


I actually played with a fox & hound kit one day.  For those who never had
to run ethernet (CAT 3,5,5e,etc.) or phone cable, this consists of a pair
of tools: a tone injector that makes lots of noise, and a detector.  The
detector can pick up not just the signal from the tone injector, but also
lovely things such as 60Hz hum, phone conversations (in analog phones
anyhow), etc...  You can also learn to "hear" the different sounds various
things like 100BTx make and distinguish from - say, 10BT, or cable TV,
etc... with a cheap proble that doesn't filter...


I did find that when used on a keyboard, with some cheaper keyboards
anyway, you can "hear" the keystrokes and the key scanning pattern, and
that the individual keys are certainly distinctive enough - you could
probably hook this thing up to a sound card and figure out which keys send
what RF pattern...

So with the right recorder/relay/decoder hidden under someone's desk, you
could capture their keystrokes without disturbing epoxy or taking the
keyboard apart.  (As with all bugs, you'd need a power suply, some way to
intercept the data, and either some way to record the data, or relay it.  
Relaying it, and hooking into existing power is better than just recording
it or using a battery as a source, because you don't need a 2nd blag bag
job to remove your bug and dump the data.)  Of course if the bug
transmits, it can be picked up in a sweep, but if the PC is on, the guy
doing the sweep might not realize that there's a bug since the PC is a
noise source... YMMV, etc.


So all this talk of expoying keyboards down is somewhat naive in light of
this.  Not to say that if you, hypothetically speaking, were in a position
to have a well funded, and determined set of enemies who were out to get
your data, that using expoxy to glue down your keyboard wouldn't frustrate
them, but rather to point out that there are other means and methods that
would more than ruin your day.  :)

The path of least resistance, again, is not to attract the attention of
such enemies in the first place.

But hey, if your threat model is your kid sister or RIAA, then much less
thought is perfectly fine.


[As with all my posts, "you" is always a fictional character, and in this
one, "you" switches from the guy trying to steal data to the guy trying to
protect data, YMMV, #include <std_disclaimer.h> ]

More information about the cypherpunks-legacy mailing list