Reading LCD Displays at a Distance

We all know that CRT displays radiate like mad, and someone with the right equipment can read tham at a distance. Marcus Kuhn demonstrates how to do the same thing with LCD displays.

Posted on May 4, 2007 at 7:37 AM • 17 Comments


Average JoeMay 4, 2007 8:31 AM

Nice work. I see he hangs with Ross Anderson -- makes me want to move to Cambridge!

acmdMay 4, 2007 8:59 AM

Isn't that a DMCA violation? For me, this looks like another circumventing technique, which could be used to record HD movies...

KisilMay 4, 2007 9:33 AM

Maybe everyone else already knows about it, but the part at the end about flashing LEDs unintentionally carrying data really intrigued me.

FPMay 4, 2007 9:50 AM

@acmd: no.

The article states that, "the aim is to tune into the radio emissions produced by the cables sending a signal to the monitor."

Because HD over HDMI requires over-the-cable encryption (using secret keys in the graphics and monitor hardware), HDMI is not vulnerable to this attack.

gregMay 4, 2007 10:26 AM

(on the topic of DMCA)
Yes thats true. But if you can get and use the kind of gear that can pull the signal from the cable without encryption. You can find the raw feed points for the LCD. Just use a screwdriver.

Its simply too expensive for the manufactures to make the hardware even slighly tamper proof. Also many of the manufacturaes couldn't give a dam about weak security in the contex of DRM.

There was a sugestion of banning the sale of ADC chips without a licence... But that didn't last long.

CoreyMay 4, 2007 11:36 AM

I like the countermeasure idea of "make the display a little fuzzy".
Too much of that, though, and you might secure the information from yourself, or cause a denial-of-eye-service attack on yourself.

Taco Del GatoMay 4, 2007 12:22 PM

Huh, this is the first good reason I've seen for HDCP. Go figure.

TarekMay 4, 2007 1:26 PM

So, it doesn't mention this in the article, but is this attack on a VGA (analog) or DVI (digital) cable?

HDCP would apply in the second case, but not the former. I'm guessing that this is a VGA attack. (it just seems a little easier)

HangarMay 4, 2007 2:03 PM

That article wasn't very consistent in that the Van Eck radiation referenced in Cryptonomicon was from laptops, not CRTs as the article sort of implied.

Not withstanding various extra-territorial applications of US law, I doubt that the DMCA directly applies to Markus given that he's in Cambridge, England, not, for example, Cambridge, Mass. I've no idea what the the equivalent European legislation has to say about this.

ThomasMay 4, 2007 4:53 PM

"""Indeed, site appears to be down :("""

That's OK, it's still on Bruce's LCD and I can read it from here....

GregMay 7, 2007 6:57 AM


For the most part, your allowed to publish security findings. Even if they can be used to "crack" DRM or whatever.

But its hard to tell. Its realy different in each country. Here in Austria multizone DVD players are fine, but DVD software underlinux is "technicaly" not (nobody cares). Fair use means you can give up to 7 copies of your *orginal* media to freinds and family.....

Other countries don't have fair use clauses at all etc..

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.