Tuesday, August 3, 2010

Electro-magnetic Emanations

During my last years at IBM, Wjm Van Eck published his paper about reading screens using TV receiving equipment. The press loved it. There were TV shows on the BBC demonstrating reading screens at a show and reading a document from outside Scotland Yard.

Van Eck's experiment was based in part on the following:

· The screens of the day were character only
· They were CRT
· The CRTs were noisy and
· the noise mimicked standard broadcast TV signals

Van Eck simply cobbled together antennas, amplifiers, and receivers and displayed the signals on a standard TV screen.

I decided to see if I could replicate Van Eck’s results. I purchased from him a replica of his experimental rig and gave it to two engineers, one senior and one junior, in the Raleigh lab next to the plant that manufactured 3270 terminals. They assured me that it would be a piece of cake to reproduce the experiment.

It proved to be much more difficult than they anticipated. On one trip, they did manage to show me a screen that lit up like the one that they were trying to read at a distance of two meters. It was clear that the image on the destination screen was related to the one on the origin screen but the content was less than readable. As often happens with engineers, these two lost interest in the effort after they were satisfied that, given enough time and resources, they could replicate the results but long before they had actually dome so.

In the more general case, in estimating the cost of attack, engineers often discount the value of their own special knowledge and skills. They think, “Everyone knows (or can do) that.” The also tend to think that if an attack is feasible, it will be used.

These are the esoteric attacks from which Mission Impossible is crafted. In fact, one can expect an attack to be used only if it is efficient. The set of cases in the world in which such an attack is both suitable for the intended application and environment and cheaper than all alternatives is vanishingly small.

The leakage of information via electromagnetic signals is a vulnerability without a threat, a non-problem. Not all vulnerabilities are problems, not all problems are the same size.

Of course, today the cost of attack is even higher. Screens are bit-mapped graphics, not character. They are LCD, not CRT. Their emanations do not mimic broadcast TV signals. While they still leak, they are much quieter than those of a generation ago. Unless your applications are very sensitive, your adversary a nation state, and the rest of your security so good that this is your weak link, Spend your security resources elsewhere. Remember that Mission Impossible style attacks are undertaken only against those targets that are very sensitive and that have very good security.

No comments:

Post a Comment