[EN] Eavesdropping HDMI and TEMPEST Attacks
I was recently reminded of a fun project I once worked as one of my students and I were discussing.
Try to imagine the scene — You're sitting in front of your computer, working on a sensitive document. Little did you know that right behind the thin walls, I, an attacker, unpacked a little device called a Software-Defined Radio (SDR) to intercept the electromagnetic emissions from your monitor, effectively recreating the image of your entire screen, thus your sensitive document. Sounds unreal, doesn't it ?
Well, it's not as far-fetched as you might think.
A TEMPEST attack is a term coined by the U.S. National Security Agency that refers to the practice of spying on information systems through unintentional radio or electrical signals, sounds, and vibrations that these systems emit.
The principle behind our example is quite simple. Every electronic device, including your computer monitor, emits a certain amount of electromagnetic radiation. This radiation can be intercepted and analyzed to extract information about the device's operation. In the case of a monitor, the radiation can be used to recreate the image being displayed.
Martin Marinov, a software enginner, has done some remarkable work in this area. He developed a software called TempestSDR, which is specifically designed to intercept and recreate images from monitor emissions. With nothing but an RTL-SDR or an Air-spy mini and a rubber duck antenna, it's possible to recreate a readable black and white image of a screen at a range of a few inches.
Shoutout also to Oona Räisänen (windytan), who has been able to reconstruct images using HDMI EMI. She even managed to use this leakage as a medium to wirelessly exfiltrate data from a compromised machine, demonstrating the potential of this technique for both data theft and covert communication.
Sounds fun ? — Well, while it might sounds like a quick win, it's worth noting that it requires a certain level of expertise and specialized equipment. Moreover, you have plenty of ways to protect yourself, such as using shielded cables and monitors (lol), you may also better be maintaining a safe distance between sensitive equipment and potential eavesdroppers.
But just in case, here's a Tinfoil-hat for you :P
https://www.rtl-sdr.com/tempestsdr-a-sdr-tool-for-eavesdropping-on-computer-screens-via-unintentionally-radiated-rf/
https://hackaday.com/2023/03/07/pulling-data-from-hdmi-rf-leakage/
https://www.windytan.com/2023/02/using-hdmi-radio-interference-for-high.html