[ISN] Latest privacy threat: Monitor glow

From: InfoSec News (isnat_private)
Date: Wed May 15 2002 - 00:58:28 PDT

  • Next message: InfoSec News: "[ISN] Hoax virus alert could cripple Windows Java"

    By Robert Lemos 
    Staff Writer, CNET News.com
    May 14, 2002, 6:05 AM PT
    BERKELEY, Calif.--Law enforcement and intelligence agents may have a
    new tool to read the data displayed on a suspect's computer monitor,
    even when they can't see the screen.
    Marcus Kuhn, an associate professor at Cambridge University in
    England, presented research Monday showing how anybody with a brawny
    PC, a special light detector and some lab hardware could reconstruct
    what a person sees on the screen by catching the reflected glow from
    the monitor.
    The results surprised many security researchers gathered here at the
    Institute of Electrical and Electronics Engineers' (IEEE) Symposium on
    Security and Privacy because they had assumed that discerning such
    detail was impossible.
    "No one even thought about the optical issues" of computer information
    "leakage," said Fred Cohen, security practitioner in residence for the
    University of New Haven. "This guy didn't just publish, he blew (the
    assumptions) apart."
    Many intelligence agencies have worried about data leaking from
    classified computers through telltale radio waves produced by internal
    devices. And a recent research paper outlined the threat of an
    adversary reading data from the blinking LED lights on a modem. Kuhn's
    research adds the glow of a monitor to the list of dangers.
    Eavesdropping on a monitor's glow takes advantage of the way that
    cathode-ray tubes, the technology behind the screen, work. In most
    computer monitors, a beam of electrons is shot at the inside of the
    screen, which is covered in various phosphors, causing each pixel to
    glow red, green or blue, thereby producing an image.
    The beam scans from side to side, hitting every pixel--more than
    786,000 of them at 1024-by-768 resolution--in sequence; the screen is
    completely scanned anywhere from 60 to 100 times every second. The
    light emitted from each pixel of phosphor will peak as the pixel is
    hit with electrons, creating a pulsating signal that bathes a room. By
    averaging the signal that reflects from a particular wall over nearly
    a second and doing some fancy mathematical footwork, Kuhn is able to
    reconstruct the screen image.
    Not so fast
    Yet Kuhn, who is still completing his doctoral thesis, is quick to
    underscore the problems with the system.
    "At this point, this is a curiosity," he said. "It's not a
    First off, Kuhn performed the experiments in a lab at a short
    distance--the screen faced a white wall 1 meter away, and the detector
    was a half meter behind the monitor. There have been no real-world
    tests where, for example, other light sources are present and the
    detector is 30 feet across a street.
    Other light sources, including the sun, make things much more
    difficult if not impossible. Normal incandescent lighting, for
    example, has a lot of red and yellow components and tends to wipe out
    any reflections of red from the image on a screen.
    And several countermeasures are effective, including having a room
    with black walls and using a flat-panel liquid-crystal display. LCD
    monitors activate a whole horizontal line of pixels at once, making it
    immune to this type of attack.
    Still, other researchers believe that Kuhn may be on to something.
    "Anyone who has gone for a walk around their neighborhood knows that a
    lot of people have a flickering blue glow emanating from (their)  
    living rooms and dens," said Joe Loughry, senior software engineer for
    Lockheed Martin.
    While Kuhn calculated that the technique could be used at a range of
    50 meters at twilight using a small telescope, a satellite with the
    appropriate sensors could, theoretically, detect the patterns from
    orbit, said several security experts.
    That could open a whole new can of worms for privacy. If Kuhn's
    technique proves to be practical, the result of the research could be
    a new round of battles between law enforcement agencies and privacy
    advocates in the courts over whether capturing the faint blue glow
    from a home office is a breach of privacy.
    Until that's resolved, the safest solution is to compute with the
    lights on.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed May 15 2002 - 06:14:46 PDT