Computer Screens Emit Sounds that Reveal Data

Computer scientists from Tel Aviv University, the University of Pennsylvania and the University of Michigan have discovered a computer version of synesthesia that allows them to determine what’s being displayed on a monitor by listening to sounds emitted by the monitor.

As you might suspect, those sounds are very faint and not easily detected by human hearing. But they are there as tiny high-pitched tones produced by a monitor’s power supply in response to the varying demands of the screen display. But special equipment isn’t required to exploit the vulnerability that’s produced by this characteristic of most monitors.

In their paper, which was released on Aug. 21, the scientists showed that those sounds could be recorded using the microphone in a standard consumer webcam, by a smartphone or by a digital assistant such as an Amazon Echo or Google Home device.

Furthermore, this exploit does not require the presence on site of the attacker. They can record the sounds over a remote call, such as one from Google Hangouts. The amount of information that the researchers were able to discern using their method was remarkable... more

The Doctor is In - Twelve Ways Dr. Guri can get into your air-gapped computer.

Faraday rooms or “cages” designed to prevent electromagnetic signals from escaping can nevertheless be compromised and leak highly sensitive data, according to new studies...

In two newly released reports (the other ten are there as well), the team demonstrated how attackers can bypass Faraday enclosures and air gaps to leak data from the most highly secured computers. The Odini method, named after the escape artist Harry Houdini, exploits the magnetic field generated by a computer’s central processing unit (CPU) to circumvent even the most securely equipped room. Click here to watch the demonstration.

“While Faraday rooms may successfully block electromagnetic signals that emanate from computers, low frequency magnetic radiation disseminates through the air, penetrating metal shields within the rooms,” explains Dr. Guri. “That’s why a compass still works inside of a Faraday room. Attackers can use this covert magnetic channel to intercept sensitive data from virtually any desktop PCs, servers, laptops, embedded systems, and other devices.”

In another documented cyberattack dubbed Magneto, researchers utilized malware keystrokes and passwords on an air-gapped computer to transfer data to a nearby smartphone via its magnetic sensor. Attackers can intercept this leaked data even when a smartphone is sealed in a Faraday bag or set on “airplane mode” to prevent incoming and outgoing communications. more

SCIFs Go Corporate

With cybersecurity threats on the rise, the private sector is taking a cue from national security protocol to protect corporate secrets, investing in highly protected SCIFs, or Sensitive Compartmented Information Facilities.

What happens in a SCIF stays in a SCIF—and has ever since the concept of the “war room” originated during World War II. ...

Private companies are increasingly seeing the benefits too—especially those working in fields whose success is dependent on continually out-innovating their competitors. “The rooms can be used in many ways once built, from proposal writing and strategy sessions, to hands-on R&D and product testing,” says Gordon. “They can even be portable. But they all give companies piece of mind that work and discussions taking place inside the room are completely confidential.” more

Can't afford a SCIF (they're expensive), use a TSCM team to conduct pre-meeting inspections. If you can afford a SCIF (sweet), use a TSCM team to re-certify it's integrity against eavesdropping. SCIF effectiveness tends to decay with age and use. ~Kevin

Is Your Wireless Keyboard & Mouse Vulnerable to Eavesdropping? Better check...

Some of the computer dongles that come with wireless keyboards and mouses may offer hackers a fairly simple way to remotely access and take over your computer, according to a new report from Internet-of-things security startup Bastille.

Click to enlarge.

Atlanta-based Bastille says it has determined that a number of non-Bluetooth wireless keyboards and mouses from seven companies—including Logitech, Dell, and Lenovo—have a design flaw that makes it easy for hackers from as far as about 90 meters away to pair with the dongle that these devices use to let you interact with your computer. A hacker could do things like control your computer or add malware to the machine.

In tests, the company found around a dozen devices that were susceptible to the flaw, which it’s listing online. more

PS - In addition to stealing keystrokes, this technique can also be used to inject keystrokes into the victims keyboard.  ~Kevin

Goverment Level TEMPEST Hack Keeps Dropping in Price

Researchers from Tel Aviv University and Technion have...found a way to steal data from air-gapped machines while their equipment is in another room.

“By measuring the target's electromagnetic emanations, the attack extracts the secret decryption key within seconds, from a target located in an adjacent room across a wall,” Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer write in a recently published paper...

“The attack in its current form uses lab equipment that costs about $3000...
“The attacks are completely non-intrusive, we did not modify the targets or open their chassis"

The equipment used included an antenna, amplifiers, a software-defined radio, and a laptop. This process was being carried out through a 15cm thick wall, reinforced with metal studs, according to the paper. more

Radio Bug in a Pita Steals Laptop Crypto Keys

The list of paranoia-inducing threats to your computer’s security grows daily: Keyloggers, trojans, infected USB sticks, ransomware…and now the rogue falafel sandwich.

Researchers at Tel Aviv University and Israel’s Technion research institute have developed a new palm-sized device that can wirelessly steal data from a nearby laptop based on the radio waves leaked by its processor’s power use.

Their spy bug, built for less than $300, is designed to allow anyone to “listen” to the accidental radio emanations of a computer’s electronics from 19 inches away and derive the user’s secret decryption keys, enabling the attacker to read their encrypted communications. And that device, described in a paper they’re presenting at the Workshop on Cryptographic Hardware and Embedded Systems in September, is both cheaper and more compact than similar attacks from the past—so small, in fact, that the Israeli researchers demonstrated it can fit inside a piece of pita bread.

“The result is that a computer that holds secrets can be readily tapped with such cheap and compact items without the user even knowing he or she is being monitored,” says Eran Tomer, a senior lecturer in computer science at Tel Aviv University. “We showed it’s not just possible, it’s easy to do with components you can find on eBay or even in your kitchen.” more / research paper

Imagine these being built into restaurant and hotel room table tops.

TEMPEST in a Tea Shop, or Dude, You're Leaking

If you’re sitting in a coffee shop, tapping away on your laptop, feeling safe from hackers because you didn’t connect to the shop’s wifi, think again. The bad guys may be able to see what you’re doing just by analyzing the low-power electronic signals your laptop emits even when it’s not connected to the Internet. And smartphones may be even more vulnerable to such spying.


Researchers at the Georgia Institute of Technology are investigating where these information “leaks” originate so they can help hardware and software designers develop strategies to plug them. By studying emissions from multiple computers, the researchers have developed a metric for measuring the strength of the leaks — known technically as “side-channel signal” — to help prioritize security efforts.
(more)

Air Force One - Gets TEMPEST TSCM Tested

When it's time to make sure that communications from and to the aircraft of the president of the United States are safe from eavesdropping, who do you call? The Air Force's 346th Test Squadron.

Part of the 688th Cyberspace Wing, which itself is part of the 24th Air Force, based at Lackland Air Force base here, the 346th is tasked with making sure that electronic emissions aboard all the service's aircraft are secure. Even Air Force One.

As part of CNET Road Trip 2014, I've come to Lackland, located in this south-central Texas city of 1.3 million, to see just how the Air Force "hardens" its aircraft from unwanted eavesdropping. Though I came to hear technicians talk about their efforts on board any number of the service's planes, I wasn't expecting to hear about their recent work to secure communications on Air Force One. (more)

"Secure" Integrated Circuit Chip Salami'ed into Spilling Secrets

A technique has been developed to bypass elaborate physical protections and siphon data off the most secure chips potentially including those used to protect military secrets.

The proof-of-concept technique demonstrated by researchers at Berlin's Technical University and security consultancy IOActive was successfully applied to a low-security Atmel chip commonly used in TiVo video recording devices. But the research team found that their complex and expensive attack could be applied to successfully pry data from highly-secure chips.

The attack used a polishing machine to mill down the silicon on the target chip until it was 30 micrometers thin.

The chip was then placed under a laser microscope fitted with an infrared camera to observe heat emanating from where encryption algorithms were running.

A focused ion-beam was then shot at the chip which dug a series of two micrometer -deep trenches in which wiretap probes were inserted.

Together, the elaborate techniques if bolstered by the use of more expensive equipment not available to the researchers could potentially bypass the most advanced chip security mechanisms. (more)

Van Eck Grown Up - Time to look at eavesdropping on computer emissions again.

1985 - Van Eck phreaking is the process of eavesdropping on the contents of a CRT or LCD display by detecting its electromagnetic emissions. It is named after Dutch computer researcher Wim van Eck, who in 1985 published the first paper on it, including proof of concept.[1] Phreaking is the process of exploiting telephone networks, used here because of its connection to eavesdropping.

2009 - A simple experiment showing how to intercept computer keyboard emissions. 

It is notable that there is: 
• no connection to the Internet; 
• no connection to power lines (battery operation); 
• no computer screen in use (eliminates the screen emissions possibility); 
• and no wireless keyboard or mouse. 
Intercepted emissions are solely from the hard-wired keyboard.

The interception antenna is located about one meter away. (This is why we look for antenna wires under desks, and metal parts on desks to which wiring is attached.) 
(video 1) (video 2)

The point is, if one can get an antenna withing close proximity of your computer, what you type belongs to them.
 
December 2012 - Not satisfied with pulling information from your keyboard, injecting information becomes a concern (pay attention investment firms).

"The roughly half-dozen objectives of the Tactical Electromagnetic Cyber Warfare Demonstrator program are classified, but the source said the program is designed to demonstrate ready-made boxes that can perform a variety of tasks, including inserting and extracting data from sealed, wired networks.

Being able to jump the gap provides all kinds of opportunities, since an operator (spy) doesn’t need to compromise the physical security of a facility to reach networks not connected to the Internet. Proximity remains an issue, experts said, but if a vehicle can be brought within range of a network, both insertion and eavesdropping are possible." (more)

2013 is going to be an interesting year. ~Kevin

Two Cell Phone Eavesdropping Attacks Reported

 • Security firm Cryptography Research showed how it's possible to eavesdrop on any smartphone or tablet PC as it is being used to make a purchase, conduct online banking or access a company's virtual private network.

• Researchers at security firm McAfee, a division of chipmaker Intel, highlighted several ways to remotely hack into Apple iOS, the operating system for iPads and iPhones.

McAfee's research team remotely activated microphones on a variety of test devices and recorded conversations taking place nearby. They also showed that it's possible to steal secret keys and passwords, and pilfer sensitive data, including call histories, e-mail and text messages.

"This can be done with absolutely no indication to the device user," says Ryan Permeh, McAfee's principal security architect. (more)

Let's hope it's also blue under the hotel carpeting...

via the BBC...

A rare photo, released by the White House, shows Barack Obama fielding calls from a tent in Brazil, to keep up with events in Libya. The tent is a mobile secure area known as a Sensitive Compartmented Information Facility, designed to allow officials to have top secret discussions on the move.

They are one of the safest places in the world to have a conversation.

Designed to withstand eavesdropping, phone tapping and computer hacking, Sensitive Compartmented Information Facilities - also known as SCIFs - are protected areas where classified conversations can be held...

A photo released by the White House showed the president and advisers gathered around a video phone, inside what looked like a standard blue tent, erected on the hotel's floral carpets. (more)

Presenters at the CanSecWest security conference detailed on Thursday how they can sniff data by analyzing keystroke vibrations using a laser trained on a shiny laptop or through electrical signals coming from a PC connected to a PS/2 keyboard and plugged into a socket.

Using equipment costing about $80, researchers from Inverse Path were able to point a laser on the reflective surface of a laptop between 50 feet and 100 feet away and determine what letters were typed.

Chief Security Engineer Andrea Barisani and hardware hacker Daniele Bianco used a handmade laser microphone device and a photo diode to measure the vibrations, software for analyzing the spectrograms of frequencies from different keystrokes, as well as technology to apply the data to a dictionary to try to guess the words. They used a technique called dynamic time warping that's typically used for speech recognition applications, to measure the similarity of signals. (more)

TGIF! Have fun this weekend.
Make a cheap laser microphone yourself.

Ditch the Grid - Black Hole Your Cell - $12.00

If you are concerned about people or governments covertly turning your cell phone 'on' and listening to you behind your back, this is for you!

Smother your mobile in The Black Hole. No one will be able to eavesdrop or know you location. Your phone will become deaf, dumb and blind.

Or, you could just turn your phone off. Ok, pluck out the battery, too. Heck, go all out, a la Unibomber or Clifford Stoll (buy one of his Klein Steins, too). Shun technology altogether! (more)

The Emperor's New Shades

(from a press release) "CPFilms Inc., a unit of Solutia Inc., announced today that it is introducing LLumar® Signal Defense Security Film, a high-tech clear window film for businesses and high net-worth individuals looking to secure and protect the confidentiality of their wireless and other “free-space” electronic communications. The film is ideally suited for industries where securing confidential information and protecting data is paramount – such as retail, healthcare, and the financial services industry.

Patented technology built into LLumar Signal Defense film reduces electronic signal leakage through windows, a building’s point of least resistance, by serving as a transparent barrier that allows light to pass through, while minimizing transmission of wireless (WiFi), radio frequency (RF), and other electronic signals." (press release)(patent)

Think about it...
Do radio waves only travel through windows?
Does "reduced" signal leakage prevent interception?
"Tested and Proven" ???... Got proof?
What are the attenuation measurements?
Perhaps this would be effective if it were presented as part of a larger architectural shielding effort. In our opinion, the inventors worked hard and developed a clever and potentially useful product. But, to promote this film as a simple paste-on eavesdropping solution is neither credible, nor honest.