Spies attracted to the light

fearfox · Post by **fearfox** » Sat Mar 09, 2002 10:30 am

http://news.bbc.co.uk/hi/english/sci/te ... 861656.stm

for those who did not click link here is the story.

Flickering computer screens and status lights on computer hardware could be giving away important information about the data they are processing.
In separate research papers scientists have demonstrated how to decode the information hidden in the flickering lights.

One of the reported techniques can even read information from light reflected from a computer screen onto nearby walls.

But experts say there is no need to start putting sheets over computer monitors or tape over blinking lights because there are easier ways to spy on computer users.

Flash forward

Almost all pieces of computer hardware have light-emitting diodes that let their owners know if the device is powered up, passing data or sitting idle.

But scientists have discovered that, on some devices, the sequence of flashes acts like Morse code and can reveal the entire stream of data passing through the hardware.

Joe Loughry, a programmer from Lockheed Martin Space Systems in Denver, and David Umphress, a professor from Alabama's Auburn University, have demonstrated how to convert the flashing lights into readable data.

Techniques revealed in the research show how to read data from a flashing LED up to 20 metres away.

But the researchers point out that not all devices are equally susceptible to tapping in this way.

Only the flashing diodes on some dial-up modems and internet routers blink in a way that can reveal the data passing through the device.

The research has been submitted to a journal called Transactions on Information and Systems Security.

Screen grab

For his part, Markus Kuhn, a researcher at the University of Cambridge's computer science laboratory, has found that the flickering of a computer screen can also be exploited to surreptitiously gather information.

Mr Kuhn has found that the intensity of light given off by computer monitors, but not flat-panel displays, is related to the characters being displayed on that screen.

Using sensitive detectors it is possible to reconstruct the on-screen information simply by capturing the changes in the strength of the light.

The technique even works when the flickers are being reflected off a nearby wall.

Mr Kuhn will be presenting his research findings during the IEEE Symposium on Security and Privacy to held in California from 12-15 May.

EvilHorace · Post by **EvilHorace** » Sat Mar 09, 2002 11:01 am

Are these guys for real? I think they're trying to make money on some new BS that has nothing to do with nothing IMHO, another scam. "morse code".......for who, Aliens?

Post by **FlyingPenguin** » Sat Mar 09, 2002 11:48 am

Well keep in mind you CAN read what's on someone's video (not flat screen) monitor from a remote location. I have seen a lot of literature on this and it's currently in use in spy craft - enough so that sensitive computers in some government and business use must be properly shielded.

Basically you can pickup the electromagnetic noise produced by the monitor, and a computer can use that to reproduce the image on the monitor with a great deal of accuracy (keep in mind, this is a very grainy image that's reproduced - it's like picking up a weak TV station).

Now the blinking of a data light on a modem or router makes sense - after all, it's an LED connected directly to the data stream. I'm suprised no one thought about that before.

DocSilly · Post by **DocSilly** » Sat Mar 09, 2002 2:59 pm

It's true, watch out what your LEDs in Modem or switches tell to everyone who knows about this.

It's kinda interesting, you don't need anymore physical access to a network, all yer need is a clean view on some LEDs to read the data of a network.

This was posted on slashdot this wednesday ( link ) , you can download the 26 page PDF file from here

You can also "read" a monitor by tapping into the groundline (me thinks it was) somewhere outside the building and you can see a surprisingly sharp image with the right equipment due to leaked radio frequencies.
Just search for TEMPEST or check http://cryptome.org/nsa-tempest.htm for more info.

DocSilly · Post by **DocSilly** » Sat Mar 09, 2002 8:54 pm

Holy reflecting office wall batman .... this was just posted on /. about reading a monitor from the reflected light of a white office wall ... this is the PDF and it's amazing what they are able to capture, check the PDF and scroll down to see some example shots.

Now where is my tinfoil hat? ... I saw those black helicopters ... the truth is out there ...

OK OK, fun aside, this is some really interesting stuff coming up in the past few days on passive spying.

EvilHorace · Post by **EvilHorace** » Sat Mar 09, 2002 9:49 pm

To be honest, I find any of it hard to swallow. Even if the LEDs blinking or a flashing monitor has ANY significant meaning to someone or something capable of deciphering it, that in itself could hardly tell that person the contents of files in your PC, no way. I think that if there's anything at all to it besides an elaborate BS story, it'll do nothing but add to todays PC paranioa.
I'd like to actually see how a person with another PC can tell me anything of value about another PC file contents by any flashing lights. Even if they were able to see a desktop image somehow, what good is that if they can't control its programs or see its files?
I think that "The National Inquirer" is gaining power myself, not a real worry IMHO.

Post by **FlyingPenguin** » Sat Mar 09, 2002 10:38 pm

Evil,

No they can't access your files, but they can read what you're sending and receiving over a modem for instance from looking at the modem's data light. Again, that light is directly connected to the signal stream. It's blinking on and off in response to bit being sent over the modem. This works for a router or a switch data light as well.

An infra-red port works almost exactly the same basic way (albeit with approriate handshaking for duplex communication) - an IR port is just an LED operating in the infra-red range.

Now it's not something you and I really need to worry about, but corporate and government espionage is serious business.

EvilHorace · Post by **EvilHorace** » Sun Mar 10, 2002 10:15 am

but even if they can decipher anything from a modems LED blinking, there's no way that they can possibly get all the information being sent/received from that as (let's say we're talking cable......) there's too much info being moved at any moment for any PC to simultaniously be sending all the file contents at the same time. Another thing to consider, why would those who've made modems, PC parts, etc, etc (that'd all then obviously have to been "in on this" right?) ever bother with creating that feature so that "spies" could someday sneak a peak of what might or might not be on everyones PCs in this world? Think about it, it just doesn't make sense.

DocSilly · Post by **DocSilly** » Sun Mar 10, 2002 11:22 am

Evil,

I doubt they integrated the LEDs with the purpose to enable spying as shown above.
They are used as a visible indicator to see if the modem/switch/network is working or not.

Recording and filtering the network traffic gives you a lot of information. You can record the encrypted passwords being transferred for later decryption using a password cracker, those passwords will help you in a later attack.
What about transfer of files (word.docs, database entries, etc.), stuff you don't want to leak into the open?

Former attacks required physical access to a network, often done by hacking into a client PC and setting the NIC into Promiscuous-Mode.
A NIC listens normally only to data send to his IP address, ignoring all other data while a NIC in Promiscuous-Mode records ALL the data of a network.
Now you can get this data without hacking into a system, without being endangered of detection, as long as you can SEE the LEDs.

You think it wouldn't be able to keep up with the speed of a cablemodem?
Wrong, LEDs can switch on and off fast enough to display the data from a 100Mbit network, a cablemodem transfers speed at 3-4Mbit at best.
Here a quote from the PDF-File that was linked in my first reply:

3.1 Light-Emitting Diodes

Light-emitting diodes are cheap, reliable, bright, and ubiquitous. They are used in nearly every kind of electronics, anywhere a bright, easy-to-see indicator is needed. They are especially common in data communication equipment. Every year, some 20-30 billion LEDs are sold [Perry 1995].
LEDs are very fast; that is, they exhibit a quick response to changes in the applied drive voltage (tens of nanoseconds). In fact, common visible LEDs are fast enough that a close cousin is used as a transmitter in fiber optic data links at speeds in excess of 100 Mbits/s [Hewlett-Packard Company 1993b].
Although fast response time is oftentimes a desirable quality in a display, LEDs are fast enough to follow the individual bit transitions of a serial data transmission.
Herein lies the problem: if certain LED indicators are visible to an attacker, even from a long distance away, it becomes possible for that person to read all of the data going through the device.
One of the advantages of LED displays is that they can be read from across a room. The disadvantage may be that they can be read from across the street.

EvilHorace · Post by **EvilHorace** » Sun Mar 10, 2002 12:18 pm

"They are used as a visible indicator to see if the modem/switch/network is working or not"
This I know but as for the rest being of much real use to anyone, I guess I'm one that has to have some ideas proven to me as I rarely take things at face value w/o proof. I'd have to actually see someone do it successfully in my presence to really believe it. I always question "authority" (always have), just my nature.

bluewhale · Post by **bluewhale** » Sun Mar 10, 2002 1:08 pm

If you figure that all data is in 0's and 1's, then what they claim makes sense. Except I can't see a light bulb being able to cycle fast enough for us to use it. But maybe if a light sensor where wrapped around it it could tell the difference: My thought is the LED will be dimming as the next one comes in, and there are times the LED glows... still, I can see it theoretically at the least.

And FP was right: governments devote an amazing portion of their alleged budgets to things like this

Post by **FlyingPenguin** » Sun Mar 10, 2002 2:06 pm

The point is it's NOT a light bulb, it's an LED. LED's can switch at MILLIONS and BILLIONS of times a second.

I know most of you guys aren't electronics techs but I am.

All an opto-isolator is (it's a device used to isolate one data bus from another optically) is an LED (usually infrared but it can be any color) and a phototransistor.

The LED may look like it's steadily lit, but it's actually blinking VERY rapidly.

How do you think IR computer ports work? It's a super bright Infra-red LED. Same thing with your TV remote control (although the data rate is not very high in a TV remote).

Oh trust me, it's COMPLETELY doable - I'm just amazed know one thought of this before because it's so obvious.

There would definately be limitations, however. Normal visible color LEDs aren't ideal for long range data transmission.

Also, to be useful in spycraft, your detector would need to be rigged to some kind of telescopic device and aimed at the diode, or a white wall refecting the light of the diode.

You'd obviously need a computer algorithm to filter out any unwanted background noise from the signal. Also there would be issues of signal selectivity (if it's a room full a routers, there's going to be a LOT of blinking LEDs reflecting off the walls - I'm not sure you could get a lot of clear data from that).

There would definately be a lot of variables that would affect the "quality" of data intercepted. However, if you're someone doing corporate espionage, recording an evening's worth of data picked up from reflected light through the office windows of a computer or router room, even if you only picked up 30% of the data stream it might be valuable information to the right people.

bluewhale · Post by **bluewhale** » Sun Mar 10, 2002 3:07 pm

A questions popped up after I posted: Aren't LED's for HD activity just that? Hard Drive Activity? I wonder how that could be translated into 0's and 1's... and it activates for writting as well as reading.
I think this idea/topic is very possible or likely, but... I wondered about the LED and what it actually displays. Anybody know?

Pt

Post by **FlyingPenguin** » Sun Mar 10, 2002 3:57 pm

Paul, I don't know about HD lights - it depends how they're wired. I suspect some mobos just connect a serial data stream being read from the drive to a driver transistor which drives an LED - in which case you'd be able to read the data from the LED (in theory).

If all the LED is doing is indicating movement of the head actuator, then reading the LED wouldn't tell you Jack.

HOWEVER I can really see this working on external modems, hubs, routers and switches. They all have data lights (basically the serial data stream is connected to a driver transistor which powers the LED). When data is transferred, a 1 bit turns the LED on, a 0 turns it off.

poop · Post by **poop** » Mon Mar 11, 2002 11:32 am

Fix for this? Just stick a capacitor in between the leads on your LED. Then, the cap would smooth out the flicker to a point that it shouldn't be readable. This solution is much more fashionable than an aluminum-foil hat.