A curious fact about hardware technologies that most people overlook is the emission of electromagnetic waves. When reminded of this, we generally don’t think of anything unusual, since everything powered by electricity generates this kind of unstable electromagnetic field. However, based on this principle, there is a fascinating type of attack: one that is undetectable and nearly impossible to defend against without proper equipment.
The term Tempest refers to an espionage technique aimed at eavesdropping on electronic equipment via electromagnetic emanations; this concept also applies to sounds and vibrations. One of the most interesting aspects of this technique is the ability to snoop on video monitors by receiving the electromagnetic signals emitted by VGA/HDMI cables and other connectors.
Now, imagine someone monitoring a company’s screens, deploying a Tempest setup that reads these waves. Through this technique, the attacker simply waits in the shadows for an IT employee or someone from another department to open a sensitive document containing passwords or confidential information. If this happens, it paves the way for a more direct attack on the infrastructure. It can also open loopholes for social engineering — enabling the attacker to exploit an employee to extract more detailed information or trick them into opening a specific file on their computer so it can be captured.
The purpose of this article is to clarify this type of espionage for non-technical individuals, providing a brief and comprehensible overview of how this technique can be utilized.
When an electrical current flows through any electronic device, it generates an unstable and unintentional magnetic field. This magnetic field is essentially a radio frequency (RF) signal that fluctuates according to the intensity of the electrical current passing through the equipment. Depending on the situation, it is possible to exploit this magnetic field, capture the frequency data, and translate it into a human-readable format using software and a receiving antenna.
Take, for example, the RTL-SDR USB 2832-U antenna, which offers a great cost-benefit ratio. With this equipment, you can listen to airport traffic, aircraft pilot communications, amateur radio, public services, and even monitor TV station audio. However, our focus will be on using this antenna to receive radio frequencies emanating from a screen, which are then converted back into an image via software.
Image Credits: Twitter @daniel_bilar
Below is an example of how this wave is captured, processed, and rendered in a way that is comprehensible to the human eye:
Image Credits: Craig Ramsay — hardwear.io 2017
Suppose you have a target device — in this case, an LCD screen. The antenna picks up the signals emanating from the screen’s VGA cable, tunes into the correct radio frequencies for translation, and uses software to process and display the target LCD screen’s image on your own monitor. As seen in the following example:
Image Credits: Open Source Software — GR Tempest
In the image of the attacker’s screen, we can see that the target was an LCD monitor for a security camera pointed at a building’s parking lot entrance. Do not judge the reception quality; even though it is unstable, it is still possible to read the license plate of a car entering the building. This creates openings for potential social engineering, allowing the attacker to gather more informational resources about the target environment.
Vulnerabilities exist everywhere. Today, there are hardware devices designed to encrypt or shield these frequency emanations, yet it is still sometimes possible to decrypt the signal for capture. It is worth reinforcing that this is strictly an espionage method. No system is directly attacked — unless the attacker observes sensitive information that paves the way for a direct breach.
REFERENCES:
Note: The information from the following sites has been summarized. The focus of this post is not on the deep technical workings of the method.
- https://github.com/git-artes/gr-tempest
- https://en.wikipedia.org/wiki/Van_Eck_phreaking
- https://deel.ufsc.br/files/2012/09/EEL7126_EEL7824-1.pdf
- https://www.youtube.com/watch?v=TfKSnb8C6Qg
- https://iie.fing.edu.uy/investigacion/grupos/artes/es/proyectos/espionaje-por-emisiones-electromagneticas/
- https://www.youtube.com/watch?v=oTCu8HTaN3Y
- https://github.com/martinmarinov/TempestSDR
- https://www.youtube.com/watch?v=dA7v3f2DYJk
- https://www.youtube.com/playlist?list=PLgyC55ufTHCJ9NARNCnoL9QT7isSI9SeV
Top comments (0)