From: Christian Weisgerber (naddy@mips.inka.de)
Date: Mon Apr 29 2002 - 11:26:35 MDT
Mike Lorrey <mlorrey@datamann.com> wrote:
> As anyone who has read Cryptonomicon (by Neal Stephenson) or is
> themselves a phreaker of sorts, it is possible to tap into the keyboard
> strokes of a computer by using an antenna to receive what are called Van
> Eyck Radiation.
I don't know whether listening in on keyboards has been demonstrated
in practice, but the idea has been floating around for some time.
When you send an electrical signal down a wire, you experience
attenuation: The received signal has less energy than the one fed
in at the source. For a long time, outside power transmission,
engineers didn't care too much where the energy was going. Probably
heat deposited along the transmission line, negligible at typical
power levels. However, as transmission frequencies rise to, well,
radio frequencies, energy is increasingly radiated away. In recent
years this has become a substantial concern because of the resulting
radio interference with wireless and even other wirebound services.
RF screening has become a major effort in the design of microelectronics.
One remaining aspect that so far has received little attention in
civilian engineering is that the RF noise can betray sensitive
information.
> I am wondering if a similar technique could be used to tap into a secure
> network by reception of ghost signals that are reflections of packets
> that are normally blocked by a firewall.
The keyword for further reading on this topic is "Tempest". The
military has been concerned about RF leaks for a long time. Standards
how to shield sensitive areas have been around for decades. Basically
you put everything in a big Faraday cage. No windows, metal mesh
or sheet metal on all walls/ceiling/floor, airlock-style doors.
The tricky part is shielding power and communications lines because
these can serve as conduits for EM radiation. The more paranoid
protection levels resemble locking yourself in a bank vault.
Eavesdropping on RF "noise" is the domain of the sigint community,
i.e. the spy organizations, and they don't talk, so there is little
public information on the exact techological possibilities and
limits. There's a Computer Security Group at the University of
Cambridge/UK who occasionally does some interesting work in that
area.
People with a penchant for paranoia should keep in mind that there
are a variety of more straightforward approaches applicable to soft
(civilian) targets, such as social engineering, burglery, physical
taps, and rubberhose questioning.
-- Christian "naddy" Weisgerber naddy@mips.inka.de
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:13:42 MST