1

I'm currently reading the Cambridge Technical Report Number 577, Compromising emanations: eavesdropping risks of computer displays, by Markus G. Kuhn and published in Dec 2003. In the paper, Kuhn uses the R-1250 wide range receiver to conduct his emissions experiments on CRT monitors. My intuition is that receivers suitable for this purpose have continued to evolve in the past decade and a half since the original report was published.

So which receivers are appropriate for use in emissions security in 2019?

BLUC
  • 113
  • 3
  • 1
    CRTs modulate a 25,000 volt electron beam. LCDs modulate 10 volt pixel voltages, with 1,000 pixels updated in parallel. – analogsystemsrf Aug 09 '19 at 01:49
  • 1
    the problem with CRT displays is that the screen pixels are updated sequentially ... the light from the screen illuminates the immediate area around the CRT ... an appropriately sensitive device could detect the variations in brightness due to the electron beam ... the resulting signal would be close to the video signal at the CRT input – jsotola Aug 09 '19 at 03:07
  • 1
    @analogsystemsrf I had a feeling that LCD might be much less vulnerable to the eavesdropping attack, but to what extent I don't know. After I finish the technical report I'm planning on scanning the literature for compromising emanation of LCD displays. I chose the technical report since it is the most comprehensive and well written result I could find. – BLUC Aug 09 '19 at 03:21
  • 1
    Back in the day, they didn't have networks, now you just tap into the network and get all the information you want – Voltage Spike Aug 09 '19 at 04:09
  • 1
    [Related](https://electronics.stackexchange.com/questions/388048/espionage-by-crt-mirroring) – JRE Aug 09 '19 at 06:12
  • 1
    [Related](https://electronics.stackexchange.com/questions/30791/are-lcd-plasma-smartphone-monitors-susceptible-to-emr-eavesdropping) – JRE Aug 09 '19 at 06:13
  • 1
    @VoltageSpike: Back in the day, [the problems started with the Bell 131B2 teleprinter.](https://en.wikipedia.org/wiki/Tempest_(codename)) It was used to print/decode encrypted messages sent over telephone style wires. This was "networked" and it was during WWII. They could pick up the signals emitted from the relay coils, and recover the clear text of the encrypted messages the machine received. – JRE Aug 09 '19 at 11:12

1 Answers1

2

You use a receiver intended for use as a "software defined radio" and back it up with some software.

The software you need is called TempestSDR.

That combination of software and the recommended hardware can pick up emissions from an LCD monitor and show on your screen what the remote monitor is displaying.

This image from the rtl-sdr article shows the software in operation:

enter image description here

The "entry bar" is pretty low: a bit of hardware for maybe a thousand bucks, and some free software, and you're in business.

From what I gather, many SDR receivers are usable. For any kind of range, you'll need a high gain, directional antenna. The example images were made with the receivers' built in antennas with each receiver nearly touching the "remote" monitor.

JRE
  • 67,678
  • 8
  • 104
  • 179