There’s a useful sense of privacy from sitting in such a way that other people can’t see your laptop from behind.
When you’re working on your laptop facing other people, it follows that they’re looking at the back of your screen, so they can’t see exactly what you’re up to.
Whether you’re in a cafe, the library or a meeting room at work, why make it easy for everyone else to figure out your digital lifestle?
Simply put, “Not their business.”
But what if your screen were giving away telltale signs of what you were up to anyway?
A foursome of of cybersecurity researchers decided to take a look, and recently published a fascinating paper describing what they found out, and how – Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels,
In fact, they didn’t so much take a look as have a listen.
Stray emissions
Stray electromagnetic emissions from electrical and electronic equipment have been an eavesdropper’s friend for years, especially when display screens were made using so-called CRTs, short for cathode ray tubes.
CRTs were quite literally glass “tubes” (though they were more spherical than cylindrical) covered inside with photoluminescent paint that would light up briefly when struck by a beam of electrons generated by a high-voltage electrical “gun” and aimed by means of magnets.
The tube itself was sucked empty of air – as far as possible – during manufacture in order to let the electrons fly unimpeded to the screen.
That’s why the American slang word for a TV set is “the tube”; it’s where the word Tube in YouTube comes from; and it’s why old-school TVs were so jolly heavy – all that reinforced glass!
As you can imagine, firing a steady beam of electrons at a phosphor-coated glass surface and sweeping the beam left-to-right, top-to-bottom 50 or 60 times a second, produced a cocoon of ever-changing stray electromagnetic radiation that could be detected from a distance.
Back in the 1980s, a Dutch engineer called Wim van Eck showed that this stray radiation could be detected, received and decoded using inexpensive hardware, producing an eerie but legible echo of what was on display on the other side of the room, or even on the other side of a wall.
Suddenly, thanks to what became known as the van Eck effect, covert video eavesdropping wasn’t just the preserve of well-heeled nation-state adversaries with giant-sized detector vans.
Enter the LCD
Fortunately for our collective concerns about covert CRT surveillance, tube displays started to die out, replaced by screens using LCDs (liquid crystal displays), and latterly LEDs (light-eitting diodes), technologies that are especially handy for laptops.
Modern screens are flat, so they’re much more compact; don’t require high-voltage electrical coils, so they use much less power; don’t require a vacuum-proof reinforced glass tube and a bunch of permanent magnets to operate, so they’re much lighter…
…and they don’t work by flinging electrons around in ever-varying magnetic fields.
As a result, there’s a lot less stray radiation for crooks in your vicinity to collect.
The van Eck effect doesn’t work with today’s screens – or, if it does, there’s so little to go on that you can’t do the detection and decoding of stray emissions with commodity equipment that would fit in a handbag or a jacket pocket.
What about other emissions?
So, in this story, our intrepid researchers – Daniel Genkin, Mihir Pattani, Roei Schuster and Eran Trome – decided to try sniffing out video signals in a different way – using sound.
Recent research has shown that modern microphones, even the ones in mobile phones, can pick up sounds outside the range of human hearing.
What if modern screens produce inaudibly high-pitched sound waves as they refresh the pixels on the screen?
After all, the researchers reasoned, today’s screens are still refreshed a line-at-a-time, like old CRTs, and even though they use a tiny fraction of the electron-flinging power of their tube-based counterparts, the amount of electrical energy they consume still varies depending on what’s displayed on each line.
What if those nanoscopic power fluctuations cause micrometric fluctuations in the electronic components providing the power?
And what if those tiny, rapid fluctuations produce minuscule vibrations sufficient to generate faint pressure waves – sound! – that humans can’t perceive, because it’s too high-pitched to hear, and too low-powered to register anyway?
Reading by listening
Could the researchers “read” your screen just by listening to it?
Yes! (Sort of.)
The researchers started out with images they called “zebras”, consisting of giant-sized white-and-black stripes on the screen, chosen to give them the best chance of spotting something and convincing themselves it was worth going further.
Those results were promising, so they got a bit bolder: could someone across the table from you, for example, use a mobile phone to “record” your password off the screen as you typed it?
(Let’s assume that you’ve clicked the icon that reveals the actual password, not merely a string of **** characters – an option you might indeed choose if everyone else in the room can only see the back of your screen.)
Could our researchers sniff out the patterns on your screen using only audio emissions?
In two words, “Definitely maybe!”
What to do?
At the moment, this is an academic attack with little immediate practical value, so there’s not really anything you can or need to do.
The researchers tried “reading” individual words, consisting of no more six letters at a time on the screen, rendered in a plain, fixed-width typeface with characters 175 pixels high – not the typical font, size or layout you’d experience when reading a document or looking at a website.
Even then, their letter-by-letter success rates were as low as 75%.
But their hit rate was way better than random, so this is still worthwhile research – and it’s a fun paper to read with some cool images.
It’s also a excellent reminder about a truism in cybersecurity: attacks only ever get better.
And that’s why cybersecurity is a journey, not a destination.
Vinnie Vonheinkle
Stray electromagnetic emissions from electrical and electronic equipment have been an eavesropper’s friend for years, especially when display screens were made using so-called CRTs, short for cathode ray tubes.
What is an eavesropper’s?
Paul Ducklin
Fixed, thanks!
Matt
Awesome Article! and here i thought i was getting better at protecting myself against attacks and Tracking. things are only going to escalate arent they? thanks for keeping us informed like this ;)
More articles like this and i will stick around forever
Spryte
I’ve seen articles/videos demonstrating this a while back. We also know keyboard clicks can be detected by the microphone and our typing habits analysed (now its a ***Feature*** on some operating systems!).
No wonder some of more paranoid have opened brand new computer systems to cut the wires to the microphone and put tape over the camera.
I actually need both but I do tape the camera and use an old VB Script to disable the mike when not they are not needed.
Mark Risley
Cover the mic too. Vibration induced signal is like a moving coil phono needle.
s31064
OK, so basically what you’re (or they’re) saying is that I need to break out my old pink/white noise generator and turn it on whenever I use my laptop.
Paul Ducklin
In old-school spy movies they always seem to go into the bathroom and turn on the shower or the bathtaps.
Mark Risley
The article CRT tech was weak but the point made was right on. Before we get too far away from CRTs…. The vacuum sealed; not proof tube, don’t drop a tube… had weak magnets stuck on the tube outside surface to correct the yoke’s copper winding generated electric charge fields, used to displace horizontally and vertically the electron beams; one for each color, to scan across the face of the CRT. Additional voltage adjustments were made to the yoke input to balance color intensity. Fine tune of “color registration” to reduce colored edge effects; seen easily on white characters of red or blue usually, was polished off by turning weak magnetic rings with north/south poles around the tube’s neck. Toward the end of CRT televisions, quality control became so precise some of this was no longer required. Sony top-end television sets I believe had the premier tech performance generally available off the shelf to the consumer. It only took 80-years for the industry to produce a true flat-faced tube of superior color picture quality, and perhaps 15-years more till 4K LED display panels doubled the display size with twice the resolution; ~8x NTSA, while shaving hundreds of pounds of weight. Just in time too… I was waiting for a judge to sustain a thief in California or Illinois suing a Sony set owner for injuries sustained while stealing their near 300 lbs. television. By the way… the bandwidth of interest is up to 10x the scan frequencies of your LED screen due to impedance induced signal harmonic rise and fall times. You could shield and ground the display enclosure? Perhaps a Panasonic Tough Book style. If there are several LED screens close to each other at the same time and same display resolution, how do you isolate the one of interest…?