Through the eyepiece of Michael Backes’s small Celestron telescope, the 18-point letters on the laptop screen at the end of the hall look nearly as clear as if the notebook computer were on my lap. I do a double take. Not only is the laptop 10 meters (33 feet) down the corridor, it faces away from the telescope. The image that seems so legible is a reflection off a glass teapot on a nearby table. In experiments here at his laboratory at Saarland University in Germany, Backes has discovered that an alarmingly wide range of objects can bounce secrets right off our screens and into an eavesdropper’s camera. Spectacles work just fine, as do coffee cups, plastic bottles, metal jewelry—even, in his most recent work, the eyeballs of the computer user. The mere act of viewing information can give it away.

The reflection of screen images is only one of the many ways in which our computers may leak information through so-called side channels, security holes that bypass the normal encryption and operating-system restrictions we rely on to protect sensitive data. Researchers recently demonstrated five different ways to surreptitiously capture keystrokes, for example, without installing any software on the target computer. Technically sophisticated observers can extract private data by reading the flashing light-emitting diodes (LEDs) on network switches or by scrutinizing the faint radio-frequency waves that every monitor emits. Even certain printers make enough noise to allow for acoustic eavesdropping.

14 Comments

1. 1. BillR 12:11 PM 4/27/09

   Does anyone else feel a little uneasy that these techniques are being published? If the hackers only need the knowledge on how to do it, why do we have scientists researching the methods and publishing papers on these techniques? We are now providing free research for them? DUH!

   Reply | Report Abuse | Link to this

2. 2. KerSnap 01:11 PM 4/27/09

   Umm, uneasy about it being published? No. Not at all. I'd be more concerned if they were only known to a few. As in just a few criminals or spys.
   
   The only way to build security is for you to be aware of the threats you face. Otherwise you cannot take countermeasures or design a more secure system.
   
   In this case, these methods are so obscure and painful to implement that the only people who would use them would be organizations with lots of resources and great need.

   Reply | Report Abuse | Link to this

3. 3. taerog 06:24 PM 4/27/09

   "extract private data by reading the flashing light-emitting diodes (LEDs) on network switches "
   Well this is not possible, an activity LED does not represents any data. . Thus cant be decoded into data.
   Tempest is very spotty and range dependent and allot can block the signal (without even trying to). LCDs just make it more so..
   keystrokes  can be easier BUT not all keyboards are constructed in the same manner (same chips) and the more Common USB keyboards are more so.. So doable but again limited range and having a large library of profiles is still a problem as is the limited data (best to get password then get the data using it).
   Using the persons own webcam is laughable, since most laptop cams are physically incapable of viewing its own keyboard or users hands and if possible (on a desktop, or external cam etc) the cam would almost never point at a keyboard either. (if so what the heck is the user doing in the first place)
   Mapping reflections is again quite possible but still rather impractical alone  lowered the threshold of legibility to 36-point type at 10 meters for a telescope that could easily be hidden inside a car.  36 point type? Only 10 meters? That is lighting and reflective surface allowing also!
   All of these methods still require a big investment of time and effort on the Spys part for a possibility at a glimpse of information. The only way this would be useful is to use ALL of these possible methods on a single target and given enough time you could get some sensitive information . . . or hours of twitters. . . The common person need not worry too much since the chance of you doing something truly useful to some outside party at the moment they are looking given all of the targets . . is quite long odds . . but from a spys stand point it is simply not worth in a sea of noise and useless info. . . much better to have a target.
   Possibly more alarmist then necessary for the normal person. One not in a job with data sensitive enough for a dedicated spy to be assigned to them? Much easier to war drive and find real exploitable security holes in the masses of wireless users then wait for a lucky chance off some random person.

   Reply | Report Abuse | Link to this

4. 4. SpoonmanWoS in reply to taerog 09:33 AM 4/28/09

   "All of these methods still require a big investment of time and effort on the Spys part for a possibility at a glimpse of information."
   
   Yup, and when you work for a foreign government, the secrets gleaned can be worth all of the effort. Simply catching a username or part of a password typed on a keyboard is a powerful find!

   Reply | Report Abuse | Link to this

5. 5. IrvingWashington 08:52 AM 4/29/09

   This wasn't alarmist at all. I think taerog is writing having just destroyed his/her dot matrix printer for fear of being discovered with ASCII porn.

   Reply | Report Abuse | Link to this

6. 6. lbindle 10:08 AM 4/30/09

   There are some new techniques being developed to close these visual eavesdropping gaps. One interesting system from Oculis Labs uses a gazetracker to display data in a small area only where the user is looking. It replaces all other content with similar-but-false data on-the-fly. The display looks normal to the user, but is illegible to any eavesdroppers.
   
   I've seen it working. The eavesdropping techniques discussed in the article would not work against it. True, they would collect data, but the data collected would be mostly false and finding the true data in the false is quite tricky.

   Reply | Report Abuse | Link to this

7. 7. taerog in reply to IrvingWashington 12:53 PM 4/30/09

   Read "Possibly more alarmist then necessary for the 'normal' person. . . "
   The article talks in a very general sense and does not specify that to the 'normal' person none of this really applies. It is the trend in news to make it over dramatic, then lay out the often more mundane details. A single hacker would not be doing this but a large organization with resources and agenda. (like a foreign government)
   And remember you need a secret useful to the one looking to steel first! (and it better be a good one for the time and effort needed here)
   How many of you have foreign spy's actively dogging you with big budgets and time to spare?? (the very few that do, SHOULD head the article  the rest . . well should not)
   
   As for Irving above? I do not really understand what he is saying, since I advocate the position that the average person has no need to fear any of this. . I find the response rather off. Possibility should have read my entire response.

   Reply | Report Abuse | Link to this

8. 8. opello 11:40 PM 5/10/09

   Not that using an antenna to monitor a poorly shielded keyboard's output is new or anything:
   http://lasecwww.epfl.ch/keyboard/

   Reply | Report Abuse | Link to this

9. 9. SarahA 11:27 AM 5/15/09

   If this article interests you and you have an innovative idea to solve a security problem (either as an individual or a start-up) you should take a look at the Global Security Challenge website: www.globalsecuritychallenge.com.
   
   We have just launched the fourth annual Global Security Challenge Competition 2009 - the leading international competition for security innovators. The winners will gain cash grants totalling $500,000 USD, mentorship by venture capitalists and invaluable publicity and exposure. Entry is free and the closing date is 15 June 2009.
   

   Reply | Report Abuse | Link to this

10. 10. SarahA 11:28 AM 5/15/09

    If this article interests you and you have an innovative idea to solve a security problem (either as an individual or a start-up) you should take a look at the Global Security Challenge website: www.globalsecuritychallenge.com.
    
    We have just launched the fourth annual Global Security Challenge Competition 2009 - the leading international competition for security innovators. The winners will gain cash grants totalling $500,000 USD, mentorship by venture capitalists and invaluable publicity and exposure. Entry is free and the closing date is 15 June 2009.
    

    Reply | Report Abuse | Link to this

11. 11. tloewald in reply to BillR 11:34 PM 6/29/09

    I'm very glad someone is bringing this to people's attention. I was looking through some photos I'd taken of my twins on a recent plane trip, and in the background I could clearly read the computer screen of another passenger.

    Reply | Report Abuse | Link to this

12. 12. Big_Al 03:30 PM 7/13/09

    Someone wrote: "Well this is not possible, an activity LED does not represents any data. . Thus can't be decoded into data." This is/was quite possible. Apparently, in the early days of 10 Mbps Ethernet hubs and switches, so I've been told, the activity LED was simply driven from the serial data line, and the data speed was less than the maximim switching speed of the LEDs. Data centers that displayed their expensive network equipment behind picture windows were sitting ducks for someone across the street with a telescope, photodetector. and something like WireShark software.
    

    Reply | Report Abuse | Link to this

13. 13. sajad 03:04 AM 6/28/10

    Cmon people...All this techniques require in one way or another the proximity to the device going to be cracked/hacked..if one can reach that proximity liking finding keystrokes ,or something on monitor.. a simple wireless hidden camera is sufficient...i guess that would be easy

    Reply | Report Abuse | Link to this

14. 14. EricEddler 03:40 PM 7/12/10

    Thanks for the internet network safety tips. Turn-key technologies is a fantastic company that offers high quality <a href="http://www.turn-keytechnologies.com/">computer and network security</a>

    Reply | Report Abuse | Link to this