Tuning In

EMR Interception: What it is, how it works, and what it means for the future of computer use and hacking.

by Triscal Islington

As a bit of a preamble, I'd like to say a few things.

Firstly, I'm not an expert on the subject of electromagnetic radiation interception, just a curious mind and a hobbyist.

Secondly, there is not a lot of easily available information on enacting an EMR interception breach, and so you'll find the article below to be primarily based in theory.

The Basics

Known by many names - Electromagnetic Emanation Interception, Van Eck phreaking, TEMPEST - the concept of electromagnetic (EM) radiation interception is relatively simple.

When an electrical signal is passed down a cable or through circuitry, it gives off a weak electromagnetic wave.  Normally this is so weak as to be negligible.  If it wasn't, you'd get all sorts of interference and cross-talk.  However, just like any wave, you can pick it up with the right antenna (a big one) and decode/display it with the right equipment.

This type of intrusion can be especially dangerous because it targets weak points that can be especially revealing.  By monitoring the EM waves of a monitor, one could see, in real-time, everything that monitor is being sent.

Perhaps you want keystrokes?  Just analyze the waves coming from the USB or PS/2 cable of the keyboard.  The more complex the system, the harder it is to decode.

A VGA display uses a fairly simple form of transmission compared to a twisted pair Ethernet cable, but that doesn't make decoding the Ethernet impossible.  It might be difficult or impossible for you to do in your own home, but the U.S. government is already doing it and I'm sure others, like my own Canadian government, are doing so as well.

What's worse is that this form of monitoring is completely passive, and therefore nearly undetectable (unless, perhaps, if you were using the same technique to sniff out any would-be attackers).  You see, EM interception is just that, interception.  They're simply pulling waves out of the air that are already there.  They are not broadcasting anything, nor interfering in any way with the target equipment.

What Can I Do To Stop It?

The most effective way would be to put your computer into a lead-lined bunker hundreds of feet underground, but adding EMR shielding to your computer's weak spots is much easier.  Anything that gives off EM waves is a potential leak, but cables are the easiest to exploit and the easiest to protect.

There are plenty of options out there, and anyone who has had experience defeating electromagnetic interference will be in familiar territory.  Otherwise, just look up EMI shielding.  Normally this is used to prevent one device's EMR from causing undesirable effects on nearby devices, but it works just the same in keeping those waves from being spied on.

While doing this, you may also want to look at other potential forms of non-standard data leakage.  I've heard that it is sometimes possible to derive rudimentary data from your computer's grounding.  Meaning that, for example, someone could detect keystrokes from anywhere on the same circuit by analyzing the ground wire.

Regardless, I'm sure there are many ways of remotely monitoring a computer's emissions, but it's likely that some good shielding on your weakest points will do the job.  You could also give Tinfoil Hat Linux a try.

I Want To Do It Myself!

The technology involved is not altogether complex, so some types of EM interceptors are possible to build on a hobby budget and the software to use them is starting to appear online.

The Eckbox project offers specs on building the hardware as well as a nice open-source program to analyze those results.  The project is simple enough to build and I hope that the open-source software will yield some interesting modifications to the project over the coming months and years.  Just head over to their site for the software and for specs on the hardware: eckbox.sourceforge.net

If you're the type of person who is interested in building this stuff for yourself, I'd recommend reading up on more regular forms of transmission first.  Learn how radio waves work, then build a rig that will let you pick up radio transmissions on your computer.

That type of setup is not far off from what you'd need to intercept other forms of transmission.  Perhaps trying picking up TV signals and, when you're familiar with how that works, move to an old VGA monitor (older is often better, as they have less shielding).

The Future

As a longtime fan of hardware hacking, radio technology, and computer programming, I feel that EMR hacking is a great way of fusing "old" hacking and "new" hacking.

It's also a great excuse for software hackers to get together with some of the awesome people involved in the transmission hobby world and start pioneering some really neat tools.

Looking to the future?

The field of emanation analysis is one that is relatively new for the hobbyist, but I'm sure that the wonderful readers of 2600 will continue to explore this interesting form of computer breach.

Personally, I'm really quite interested and I'd love to see how this field can be made more publicly accessible and advance beyond the basics that we can currently achieve.

Thanks to IW4, Arisuki and jefftheworld for their support in my research.

Further Reading

If you want a quick and dirty way to see the results of EMR, check out this neat app that intentionally causes your computer to emit radiation that can be picked up with an AM radio: www.erikyyy.de/tempest

Wim Van Eck, considered an early expert on the subject, has a good paper on the topic that I recommend you read if you're interested: jya.com/emr.pdf