TEMPEST attacks

“data from electromagnetic waves”

SuraSoft Featured 

Try eSearch
Suggested links

Spam Shredder

Introduction to TEMPEST Attacks

If you are familiar with computer security, intelligence or electronic surveillance then there's no doubt you've heard about TEMPEST.

TEMPEST Attacks work on the principle that electronic devices such as monitors and fax machines emit electromagnetic radiation during normal use. With correct equipment such as antennas, receivers and display units an attacker could in theory intercept those emissions from a remote location (from across the street perhaps) and then replay the information that was captured. Imagine if this were possible how it could be misused to violate your privacy. Closing doors and blinds wouldn't do anything to stop a TEMPEST attack. If your monitor was displaying sensitive material then it would be exposed. However don't become paranoid for it's extremely difficult to execute an attack to "capture" what's being displayed, but in theory it's certainly possible.

TEMPEST Attacks are passive

Such an attack is passive in that it cannot be detected. A device emits compromising radiation which could be reconstructed from a remote location. This means that you cannot detect it as the device is not in any way connected/installed on your system. To simply put it your computer can't detect a guy down the street with equipment trying picking up radio emissions from your monitor.

How it works

All electronic devices big or small may emit low-level electromagnetic radiation. In fact your CPU chip is probably doing it right now. This happens whenever an electric current changes in voltage and thus generates electromagnetic pulses that radiate as invisible radio waves. These electromagnetic radio waves can carry a great distance in ideal situations.

Monitors that contain a CRT system contain an electron gun in the back of the picture tube which transmits a beam of electrons. When the electrons strike the screen they cause the pixels to light up (fluoresce). This beam scans across the screen from top to bottom very rapidly in a repetitive manner, line by line, flashing on and off, making the screen light and dark thus creating the viewed image. These changes in the high voltage system of the monitor generate the signal that TEMPEST monitoring equipment receive, process (reconstruct) and finally view.

Unshielded cables such as those from your computer to your monitor can act like an antenna which instantly increases the signal thus increasing the distance which a TEMPEST device may be located. A telephone line connection to your computer may also act as an antenna and that could also increase the distance to some lengths.

A simple example to highlight all this is done by using a simple vacuum cleaner and your TV. The motor in the vacuum generates an electromagnetic frequency which can sometimes be picked up by your TV (no doubt with the aid of an indoor antenna) and is displayed as fuzzy lines or snow which we end up calling interference. Of course emitted electromagnetic radiation doesn't contain any information and the interference we see is more annoying than useful.

Take the above example and replace the vacuum with a Video Display Unit (a privative version before VGA) and the TV with some surveillance antenna and a similar display unit. The electron gun in the display unit fires electrons to general the view on screen. Whilst this is happening there is radiation that leaks from the cable and the Video unit itself. It's certainly possible to attempt to pick up this electromagnetic "interference" and attempt to display on another screen hence a 3rd party could potentially see what's on your screen.

Success rate?

If TEMPEST attackers had a high success rate you wouldn't have to worry about a "middle of the night" break-in by some gang holding you at gun point. They never have to enter your home or office. Why? It's simply not necessary. All they have to do is point an antenna safely from a distance, then sit back and collect your personal data.

However it's painfully hard and extremely expensive to successfully complete such an attack. No longer do we use VDT's as VGA and its extended formats have completely taken over the world. VGA is extremely difficult to reconstruct from emitted "waste". We are really focusing on monitors here and and it must be remembered they were never designed to expose a perfect interference pattern and it's near impossible to reconstruct them.

Interestingly some electronic junkies have attempted to create a new breed of "software radio" which is designed to let computers tune into radio signals. Generally this can be done in any waveband and it promises to make this type of eavesdropping somewhat easier. A PC circuit board with a plug-in aerial does all the tuning under software control and the hardware has a digital signal chip which is important to cut down electronic noise. The most important thing to remember is that your monitor isn't releasing exact radiation to reproduce what's on your screen, so it would be extremely difficult for anyone to extract any worthwhile information.

You be perhaps be more fearful of devices that operate on the transmission of waves. CB radio are obvious and it's trivial to pick up a conversation from a cordless phone. Mobile phones are much more difficult but it's certainly possible to listen in to someone's call. Recreating anything from "waste" radiation is possible, but difficult and none the less very interesting.

PGP (encryption software) includes a secure text file viewer to view text files and email messages using a font that is said to be TEMPEST resistant (it's every so slightly blurred) meaning reading a sensitive email via a TEMPEST attack would be much harder than it already is!

You may be interested to know that when a file is deleted (and the recycle/trash bin is emptied) the actual data is still sitting on your disk. This applies to magnetic storage such as Floppy disks, and the common hard disk and even flash storage devices such as Memory Sticks, Compact Flash, Micro Drives and similar technologies.

When a file is "deleted" what actually happens? Your operating system removes the reference to that file on the file system. This reference had details such as where on the disk the file was. Whilst marked and available as free space the old data didn't move, it's just not seen on the file system but physically exists on the disk. The entire file remains on the disk until another data is created over the physical area, and even then it may be possible to recover data by studying the magnetic fields on the platter surface.

Three Myths...

  1. LCD displays on laptops or desktops eliminate the risks of TEMPEST attacks.
    The technology in LCD monitors may reduce the risk WHEN compared with your average CRT display. An LCD unit will not fully protect you. There have been rare accounts of "noisy" laptop screens being partially displayed on TVs.
  2. You can make a TEMPEST monitoring device for under $100 with parts from electronic stores. Perhaps it's true for Video Display Units (VDT), but NOT for VGA or SVGA monitors.
  3. It's it illegal to shield your PC from emanation monitoring?
    There could be export laws in different countries that prevent the export of such shields. But I seriously doubt that it's illegal to "make your own" shield to protect your computer.