Reading LCD Displays at a Distance
We all know that CRT displays radiate like mad, and someone with the right equipment can read tham at a distance. Marcus Kuhn demonstrates how to do the same thing with LCD displays.
We all know that CRT displays radiate like mad, and someone with the right equipment can read tham at a distance. Marcus Kuhn demonstrates how to do the same thing with LCD displays.
tomdevries • May 4, 2007 8:41 AM
Indeed, site appears to be down 🙁
tomdevries • May 4, 2007 8:43 AM
…and back up again 🙂
Stefan • May 4, 2007 8:52 AM
But this is old stuff! – Marcus published on reading TFT from a distance way back then in 2004.. see http://www.cl.cam.ac.uk/~mgk25/pet2004-fpd.pdf
acmd • May 4, 2007 8:59 AM
Isn’t that a DMCA violation? For me, this looks like another circumventing technique, which could be used to record HD movies…
Kisil • May 4, 2007 9:33 AM
Maybe everyone else already knows about it, but the part at the end about flashing LEDs unintentionally carrying data really intrigued me.
FP • May 4, 2007 9:50 AM
@acmd: no.
The article states that, “the aim is to tune into the radio emissions produced by the cables sending a signal to the monitor.”
Because HD over HDMI requires over-the-cable encryption (using secret keys in the graphics and monitor hardware), HDMI is not vulnerable to this attack.
greg • May 4, 2007 10:26 AM
@FP
(on the topic of DMCA)
Yes thats true. But if you can get and use the kind of gear that can pull the signal from the cable without encryption. You can find the raw feed points for the LCD. Just use a screwdriver.
Its simply too expensive for the manufactures to make the hardware even slighly tamper proof. Also many of the manufacturaes couldn’t give a dam about weak security in the contex of DRM.
There was a sugestion of banning the sale of ADC chips without a licence… But that didn’t last long.
Andre LePlume • May 4, 2007 10:43 AM
@Kisil:
This is reaching way back…but I seem to recall somebody reconstructing data from the Blinkenlights on networking gear. It was most cool.
…
Google Scholar tells me it was Joe Loughry. http://unix.be.eu.org/docs-free/tempest/optical_tempest.pdf
I like the countermeasure idea of “make the display a little fuzzy”.
Too much of that, though, and you might secure the information from yourself, or cause a denial-of-eye-service attack on yourself.
Taco Del Gato • May 4, 2007 12:22 PM
Huh, this is the first good reason I’ve seen for HDCP. Go figure.
Tarek • May 4, 2007 1:26 PM
So, it doesn’t mention this in the article, but is this attack on a VGA (analog) or DVI (digital) cable?
HDCP would apply in the second case, but not the former. I’m guessing that this is a VGA attack. (it just seems a little easier)
Hangar • May 4, 2007 2:03 PM
That article wasn’t very consistent in that the Van Eck radiation referenced in Cryptonomicon was from laptops, not CRTs as the article sort of implied.
Not withstanding various extra-territorial applications of US law, I doubt that the DMCA directly applies to Markus given that he’s in Cambridge, England, not, for example, Cambridge, Mass. I’ve no idea what the the equivalent European legislation has to say about this.
Thomas • May 4, 2007 4:53 PM
@tomdevries
“””Indeed, site appears to be down :(“””
That’s OK, it’s still on Bruce’s LCD and I can read it from here….
Greg • May 7, 2007 6:57 AM
@Hangar
For the most part, your allowed to publish security findings. Even if they can be used to “crack” DRM or whatever.
But its hard to tell. Its realy different in each country. Here in Austria multizone DVD players are fine, but DVD software underlinux is “technicaly” not (nobody cares). Fair use means you can give up to 7 copies of your orginal media to freinds and family…..
Other countries don’t have fair use clauses at all etc..
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Average Joe • May 4, 2007 8:31 AM
Nice work. I see he hangs with Ross Anderson — makes me want to move to Cambridge!