Monday 11 March 2002
A German research student says that under the right conditions, hackers could steal information off CRT computer screens by measuring the light reflected from a user's face.
Markus Kuhn, a doctoral student at the University of Cambridge, will present his findings at the Institute of Electrical and Electronic Engineers Symposium on Security and Privacy in May.
"Even if I can't see your screen surface, as long as your face is illuminated from a distance of 50 metres I can collect the photons from your face into a sensor and I will have a very good chance of turning it into a readable text," Kuhn said.
While his research on information leakage from monitor reflections should not worry the general population of computer users, he said government agencies and corporations dealing with top secret or confidential materials would probably want to take precautions.
In his 16-page paper, Kuhn provides screen shots that his team was able to capture using filters and light collectors. He said that his mathematical models show that intruders using telescopes could probably capture information from even further away. Kuhn also said that the person capturing the information does not have to be looking at the user head-on; the light can be collected from an angle and still get usable information.
Kuhn said the process is possible because of the way a CRT works. These tubes light individual pixels across the screen at a rate that is too fast for the human eye to see, but not too fast for instruments to detect.
By measuring fluctuations in light, either on the face of a user or on the wall behind the user, it is possible to recreate everything on a CRT-based computer screen. Kuhn said the technique would not work on LCD screens because they light all pixels on the screen at the same time.
The technique also only works in a darkened room. Kuhn said the scenario he envisions is a user who gets caught up in work at the computer. As the sun sets, the user does not turn on any lights and continues to work by the light of the monitor. He noted that this is a common occurrence at Cambridge.
The technique might also work in rooms lighted by fluorescent tubes because they flicker at regular intervals. It should be possible for an eavesdropper to take into account the flickering of the light and only gather photons when the lights darken, Kuhn said.
In the mid-1980s, researchers discovered that computers emitted radio waves over a short distance, and many government agencies and companies shielded their machines from eavesdroppers. Anyone who took such action should probably think about light reflection, as well, Kuhn said.
"Compared to other computer security risks, it is a more exotic thing," Kuhn said.
He added that the information a spy could collect this way would only be the information on the screen. It would be more worthwhile, he speculated, for a hacker to break into a system and simply read every e-mail the user sent "for the last three years."
Winn Schwartau, president of security firm Interpact, said while he believes it might be possible to grab information off a user's glasses, it would be expensive and require the right equipment, he explained. Schwartau said he doubted that Kuhn's ideas about the reflectivity of photons would work.