Wednesday, August 17, 2011

Mission Impossible

During my last years at IBM, Wjm Van Eck, A Dutch engineering student, published his paper about reading computer screens using TV receiving equipment. The press loved it. There were TV shows on the BBC demonstrating reading screens at a show and reading a document on a word processor screen from the Scotland Yard parking lot.

Van Eck's experiment was based in part on the following:

  • All electronic equipment leaks
  • CRTs are very noisy and leak a lot
  • The screens of the day were character only
  • The signal that they leaked mimicked that of broadcast TV

On his student budget, Van Eck simply cobbled together antennas, amplifiers, and receivers and displayed the signals on a standard TV screen.

I decided to see if I could replicate Van Eck’s results. I purchased from him a replica of his experimental rig. I gave it to two engineers, one senior and one junior, in the Raleigh lab, next to the plant that manufactured 3270 terminals. They assured me that it would be a piece of cake to reproduce the experiment.

It proved to be somewhat more difficult than they anticipated. On one trip to the lab, they did manage to show me a screen that lit up like their target. At a distance of two meters, it was clear that the image on the destination screen was related to the one on the target, but the content was less than readable. As often happens with engineers, these two lost interest in the effort after they were satisfied that, given enough time and resources, they could replicate the results but long before they had actually done so.

In the more general case, in estimating the cost of attack, engineers often discount the value of their own special knowledge and skills. They think, “Everyone knows (or can do) that.” They also tend to think that if an attack is feasible, it will be used. They tend to discount the difference between feasible and practical, effective and efficient.

These are the kind of esoteric attacks from which the drama in Mission Impossible is crafted. In fact, rather than fiction, one can expect an attack to be used only if it is efficient. The set of cases in the world in which such an attack is both suitable for the intended application and environment and cheaper than all alternatives is vanishingly small.

The leakage of information via electromagnetic signals is a vulnerability without a threat, a non-problem. Not all vulnerabilities are problems, not all problems are the same size.
In the generation since van Eck published his paper and the press raised the alarm, such attacks have not ranked with our other security problems, not on our radar. The vulnerability is lower now than then and the cost of attack higher.

Today, while the attack equipment may be more efficient, the cost of such an attack is still higher. Screens are now bit-mapped graphics, not character. They are low-power, quiet, LCD displays, not noisy CRTs. Their emanations do not mimic broadcast TV signals. While they still leak, all electronic equipment does, they are much quieter than those of a generation ago.

One lesson that you should take away is that unless your applications are very sensitive, your adversary a nation state, and the rest of your security so good that this is your weak link, spend your scarce security resources elsewhere. Remember that "Mission Impossible" style attacks are undertaken only against those targets that are very sensitive and that have very good security.

Another lesson is that one should not take security advice from vulnerability pimps or the popular press. Rather, one should rely upon one's colleagues, professionals who are paid the big bucks.

1 comment:

  1. I actually enjoyed reading through this posting.Many thanks.