Average Joe May 4, 2007 8:31 AM

Nice work. I see he hangs with Ross Anderson — makes me want to move to Cambridge!

acmd May 4, 2007 8:59 AM

Isn’t that a DMCA violation? For me, this looks like another circumventing technique, which could be used to record HD movies…

Kisil May 4, 2007 9:33 AM

Maybe everyone else already knows about it, but the part at the end about flashing LEDs unintentionally carrying data really intrigued me.

FP May 4, 2007 9:50 AM

@acmd: no.

The article states that, “the aim is to tune into the radio emissions produced by the cables sending a signal to the monitor.”

Because HD over HDMI requires over-the-cable encryption (using secret keys in the graphics and monitor hardware), HDMI is not vulnerable to this attack.

greg May 4, 2007 10:26 AM

(on the topic of DMCA)
Yes thats true. But if you can get and use the kind of gear that can pull the signal from the cable without encryption. You can find the raw feed points for the LCD. Just use a screwdriver.

Its simply too expensive for the manufactures to make the hardware even slighly tamper proof. Also many of the manufacturaes couldn’t give a dam about weak security in the contex of DRM.

There was a sugestion of banning the sale of ADC chips without a licence… But that didn’t last long.

Corey May 4, 2007 11:36 AM

I like the countermeasure idea of “make the display a little fuzzy”.
Too much of that, though, and you might secure the information from yourself, or cause a denial-of-eye-service attack on yourself.

Tarek May 4, 2007 1:26 PM

So, it doesn’t mention this in the article, but is this attack on a VGA (analog) or DVI (digital) cable?

HDCP would apply in the second case, but not the former. I’m guessing that this is a VGA attack. (it just seems a little easier)

Hangar May 4, 2007 2:03 PM

That article wasn’t very consistent in that the Van Eck radiation referenced in Cryptonomicon was from laptops, not CRTs as the article sort of implied.

Not withstanding various extra-territorial applications of US law, I doubt that the DMCA directly applies to Markus given that he’s in Cambridge, England, not, for example, Cambridge, Mass. I’ve no idea what the the equivalent European legislation has to say about this.

Thomas May 4, 2007 4:53 PM

“””Indeed, site appears to be down :(“””

That’s OK, it’s still on Bruce’s LCD and I can read it from here….

Greg May 7, 2007 6:57 AM


For the most part, your allowed to publish security findings. Even if they can be used to “crack” DRM or whatever.

But its hard to tell. Its realy different in each country. Here in Austria multizone DVD players are fine, but DVD software underlinux is “technicaly” not (nobody cares). Fair use means you can give up to 7 copies of your orginal media to freinds and family…..

Other countries don’t have fair use clauses at all etc..

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.