Posted by: Brein Matturro
Network and application security, Tech Blogs
Think a client’s private data is safe from prying eyes just because there are no holes in their security systems or walls? Don’t be too sure. In the technology blog of New Scientist online, Markus Kuhn describes a way to read data from a flat panel monitor straight through “two intermediate offices and three plasterboard walls.”
Kuhn used a radio antenna and radio receiver to eavesdrop on flat panel displays by tuning into the radio emissions produced by the cables sending a signal to the monitor.
Spying on a user with a CRT monitor has been done before – it’s a technique called Van Eck Phreaking, and Kuhn has been successful at it in the past. Flat panel monitors were thought to be unlikely targets, however, since they emit little or no telltale radiation.
But Kuhn has found a way to read any monitor by reading directly from the cable. “The on-screen image is fed through the cable one pixel at a time,” New Scientist reports. “Because they come through in order you just have to stack them up. And Kuhn has worked out how to decode the colour of each pixel from its particular wave form.”
Kuhn suggests that preventing these kind of attacks may come down to “using well-shielded cables, certain combinations of colours and making everything a little fuzzy.” He also says that laptops can be modified slightly to facilitate the process by adding small pieces of wire or cable to a display.
This sounds like another reason to consider urging your customers combine physical security and IT security. Physical security folks might recognize a threat if antennas and receivers start showing up in cubicles near the CEO’s office. On the other hand, if they think antennas are just the usual newfangled geekery, they might not. IT folks can make sure there are no small pieces of wire or cable showing up on important laptops in the office.
Or…you can go help them put together a demo showing how easy it is to eavesdrop on the CEO’s secret PowerPoints from a few rooms away, and see what kind of support you get for that new security solution you’ve been pitching.
Who says Superman is the only one who can see through walls?