au sommaire
Computer scientists at Cambridge University say plain text on a computer screen can now be read at a distance simply by capturing the diffuse glow from the screen.
COMPANIES that have spent a small fortune trying to thwart hackers now face a completely new security threat. It`s called optical hacking. Computer scientists at Cambridge University say plain text on a computer screen can now be read at a distance simply by capturing the diffuse glow from the screen. And it works even ifif the light has bounced off walls and passed through curtains.
Markus Kuhn of the university`s computer lab will explain how optical hacking works at an IEEE security conference in Oakland, California, in May. And he`ll tell delegates why it could be every bit as effective as snooping on stray radio signals from monitors.
Although you can securely encrypt the data stored on a PC, it has to be decrypted at some point so that you can work with it on screen. Computer scientists have known since the mid-1980s that you can pick up stray electromagnetic signals from a computer screen with a sensitive radio receiver, and display the screen`s contents on a modified TV set. So some firms now install protective metal meshes, casings and cables to stop data leakage, and treat windows with transparenttransparent shielding materials.
But that won`t stop someone reading what`s on the screen. A basic astronomical telescope makes even small fonts legible up to 60 metres away, so some people keep screens displaying sensitive data well away from windows. But now even that measure has been defeated.
Kuhn has found that it is possible to reconstruct the image of someone`s computer screen by grabbing its reflected glow. You don`t need to see the screen directly. Its diffuse flickering will do.
Most monitors work like a TV set, using "raster" scanning. An electron beam sweeps across the phosphor dots on the screen line-by-line, and its varying intensity determines how brightly each of the dots glows. The intensity of the beam is governed by the varying voltage of the video signal sent from computer to monitor.
Screen phosphors have an afterglow of milliseconds, which helps ensure that the eye sees a complete picture rather than a moving spot of light. But there is a sharp, detectable fall-off in intensity as soon as the beam leaves the phosphor spot. As the beam scans the dots, its fluctuating brightness can be picked up by off-the-shelf light sensors called photodiodes.
The researchers wondered if they could detect this sequence and use it to reconstruct the original video signals. So Kuhn`s lab ran tests on a Dell monitor with a 640-by-480 pixel standard raster, with images refreshed 85 times per second and the brightness and contrast left at the manufacturer`s settings. The screen was positioned so light from it bounced off a nearby wall. This reflected light was then picked up by a photodiode detector.
Kuhn`s team used an electronic filter to reduce the "noise" produced by ambient light, and they easily "tuned out" light from electric lamps because it flickers at a different frequency to the monitor. When the remaining signal was processed and fed to another monitor, the text from the original screen was clearly legible, Kuhn says. A snooper could even record these screen images on a video, and then read them at their leisure.
So how close does a spy have to be for it to work? Not very. Kuhn says you could pick up the signal from 100 metres away or more by using a telescope to home in on a patch of reflected screen light on, say, a ceiling tile in an office block.
Kuhn says exposing this new risk will help people take countermeasures. Simple solutions include swamping the screen glow by choosing fluorescent office lights with similar phosphors to the monitor. Avoiding darkened rooms, and using flat LCD screens, which are dimmer and have slower refresh ratesrates, should make signals harder to track.
Does this herald a new bonanza for electronic spies? Possibly not, says Graham Cluley, a technology consultant with Oxfordshire-based computer security house Sophos. "James Bond technology like this sounds cool, but it`s usually a lot easier to rely on humans, like office cleaners," he says. "Even if someone can`t take home a floppy disc, no one can wipe their memory of what they read on screen."