Van-Eck-Phreaking

Van Eck phreaking is a technique for electronic espionage, received at the unintentional electromagnetic emissions. It thus belongs to the group of side-channel attacks.

Operation

All electrical equipment, particularly computer monitors or CRT monitors or unshielded data cables, emit electromagnetic waves. This so-called compromising emanations can be with suitable receiving devices over greater distances collected ( over 100 m ) away, to listen to the traffic. In particular, an attacker can reconstruct the video signal, or to tap the information processed by the unwanted radiation of the signal lines.

In addition to this radiation, there are also compromising conducted disturbances such as variations in the power consumption.

The BSI recommends the use of protected ( by zone model zone 1) computer for sensitive areas in the IT baseline protection safeguards catalogs.

History

The term goes back to an essay by the Dutch scientist Wim van Eck, who in 1985 described this technique for the first time and also warned of the consequences. A secret research program of the NSA called TEMPEST has long dealt with this technique. It has been successfully demonstrated at DefCon IV, a conference of the hacker community in 1996. TEMPEST is, according to the U.S. government not an acronym, it can however find numerous Backronyme (eg Temporary Emanation and Spurious Transmission).

Protection options

  • Cryptography is ineffective as a protective measure, since no one encrypts transmitted data stream is monitored in a network, but electromagnetic radiation of a computer screen, necessarily unencrypted present on the corresponding data for the user. Cryptography is at this level does not apply.
  • An effective but also costly protective measure is the complete isolation of the working space ( according to the principle of the Faraday cage ), which shields electromagnetic waves effectively, and for example for the transparent window of the workspace metal film coatings can be applied.
  • At equipment level, the shield with the radiating components such as graphics card, monitor cable and focused. To this end, the computer case is RF-shielded cable with insulation suitable and used films and braid shielding.
  • Radiation arms or abstrahlgeschützte devices can possibly complicate the van Eck phreaking. Radiation but poverty can not be measured on guidelines in how they apply in the allocation of labels, such as MPR II or TCO. The requirements that apply to this label, set limit values ​​for the avoidance of harmful radiation emissions from computer screens. Protection against compromising radiation is not included in this label.
  • The BSI has for the military-related area as implementation of NATO's approval levels in a German model, the zone model with three main zones developed ( The standards were renamed the end of 2006, the old NATO standards are listed in the brackets): Zone 0 - NATO SDIP 27 Level A ( AMSG 720B ) is in use without special requirements
  • Zone 1 - NATO SDIP 27 Level B ( AMSG 788 ) site must be easily protected ( equivalent to 20 m free space attenuation )
  • Zone 2 - NATO SDIP 27 Level C ( AMSG 784 ) operating site must lie significantly protected ( equivalent to 100 m free space attenuation )
  • Also effective in analogue control low-pass filters can be used as a protective measure, but associated with sometimes severe loss of quality in the detail recognition. Above all text displays on the screen, which consist primarily of high-frequency frequency components are made ​​difficult to detect by using a low-pass filter to eavesdropping. For the user, in the workplace, however, there is the disadvantage that the low-pass filter in particular textual representations can appear blurred and therefore little easy on the eyes. For constant use in the workplace, this method is therefore not suitable. Similarly, it protects only the video signal before compromising radiation.
  • A simple to implement protection for analog displays offer tempest safe fonts, which has the contours environment of the individual characters appropriately adapted gradients. The visible result is similar to a two-dimensional low -pass filtering and makes the text representation in individual cases blurred. This protection, however, is untenable in digitally controlled display, since the re- digitized pixel data can generate the signal. DVI-D driven displays work with another signal transmission (bit coding ) which bit pattern for each color, and black and white results. Therefore, by these fonts even an exacerbation occur when used in the gradient colors use a bit pattern in the intercepted spectrum strongly differs from the bit pattern of the background color. Brightness and hue do not allow any conclusion on the bit coding.
  • Against compromising conducted interference help line filter and harmonic filters.
  • More ways to protect are jammers. Jammers are designed to radiate at a frequency (or frequency range ), which corresponds to the monitor, but with a much higher amplitude. Since the Telecommunications Act restrictions on the allowed transmission strength are given, jammers can optionally be operated only limited, thus, allow a possible scope for eavesdroppers who may try to filter out or calculate out the desired signal. In this case, it makes sense to bring jammers and emitted from the monitor frequencies interrelated. This is done by allowing the RGB signals that control the monitor, at the same time supplying the jammer and modulates him with it. Alternatively, one can modulate the jammer with a noise signal, so that a broadband noise spectrum.

Dissemination in the media

  • Van Eck phreaking was a recurrent theme in spy thrillers, prominent example is the novel Cryptonomicon by Neal Stephenson.
  • In the documentary " top secret D" the issue is addressed within the espionage complex for about two minutes.
  • Various journals of the Heise Verlag, including mainly the computer and technology magazine c't, had already taken up the issue several times.
  • 2006 reported the mirror on a listening demonstration and the theme TEMPEST.
  • The MDR ( here 4), Sat1 ( 17:30) and DMAX ( D-Tech ) reported in mid-2006 with various reports on a demonstration interception structure.
  • Message from the proof of interception of wired keyboards at EPFL
  • The Chaosradio the Chaos Computer Club themed TEMPEST in a row CR148
  • In episode 1 × 11 of the TV series Numb3rs a computer screen by Van Eck phreaking is monitored, the method is explained briefly below.
Electronic visual display DEF CON Correlator
764995
de