Van Eck phreaking
Encyclopedia
Van Eck phreaking is the process of eavesdropping
on the contents of a CRT-
or LC-Display by detecting its electromagnetic
emissions. It is named after Dutch
computer
researcher
Wim van Eck, who in 1985 published the first paper on it, including proof of concept
.
Phreaking
is the process of exploiting telephone network
s, used here because of its connection to eavesdropping.
Van Eck phreaking might also be used to compromise the secrecy of the votes in an election using electronic voting
. This caused the Dutch government to ban the use of NewVote computer
voting machine
s manufactured by SDU
in the 2006 national elections
, under the belief that ballot information might not be kept secret. In a 2009 test of electronic voting systems in Brazil, Van Eck phreaking was used to successfully compromise ballot secrecy as a proof of concept.
electrical signals. These oscillating electric currents create electromagnetic radiation
in the RF
range. These radio
emission
s are correlated to the video
image being displayed, so, in theory, they can be used to recover the displayed image.
the image is generated by an electron beam that sweeps back and forth across the screen. The electron beam excites the phosphor
coating on the glass and causes it to glow. The strength of the beam determines the brightness of individual pixel
s (see CRT
for a detailed description). The electric signal which drives the electron beam is amplified to hundreds of volts from TTL circuitry. This high frequency, high voltage signal creates electromagnetic radiation that has, according to Van Eck, "a remarkable resemblance to a broadcast TV signal". The signal leaks out from displays and may be captured by an antenna, and once synchronization pulses are recreated and mixed in, an ordinary analog television receiver can display the result. The sync can be recreated either through manual adjustment or by processing the signals emitted by electromagnetic coils as they deflect the CRT's electron beam back and forth.
In the paper, Van Eck reports that in February 1985 a successful test of this concept was carried out with the cooperation of the BBC
. Using a van filled with electronic equipment and equipped with a VHF
antenna array
, they were able to eavesdrop from a "large distance".
Van Eck phreaking and protecting a CRT display from it was demonstrated on an episode of Tech TV's The Screen Savers
on December 18, 2003.
s are detailed in the article on TEMPEST
, the NSA
's standard on spy-proofing digital equipment. One countermeasure involves shielding
the equipment to minimize electromagnetic
emissions. Another method, specifically for video information, scrambles
the signals such that the image is perceptually undisturbed, but the emissions are harder to reverse engineer
into images. Examples of this include low pass
filtering
fonts and randomizing the least significant bit
of the video data information.
Eavesdropping
Eavesdropping is the act of secretly listening to the private conversation of others without their consent, as defined by Black's Law Dictionary...
on the contents of a CRT-
Cathode ray tube
The cathode ray tube is a vacuum tube containing an electron gun and a fluorescent screen used to view images. It has a means to accelerate and deflect the electron beam onto the fluorescent screen to create the images. The image may represent electrical waveforms , pictures , radar targets and...
or LC-Display by detecting its electromagnetic
Electromagnetic radiation
Electromagnetic radiation is a form of energy that exhibits wave-like behavior as it travels through space...
emissions. It is named after Dutch
Netherlands
The Netherlands is a constituent country of the Kingdom of the Netherlands, located mainly in North-West Europe and with several islands in the Caribbean. Mainland Netherlands borders the North Sea to the north and west, Belgium to the south, and Germany to the east, and shares maritime borders...
computer
Computer
A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...
researcher
Researcher
A researcher is somebody who performs research, the search for knowledge or in general any systematic investigation to establish facts. Researchers can work in academic, industrial, government, or private institutions.-Examples of research institutions:...
Wim van Eck, who in 1985 published the first paper on it, including proof of concept
Proof of concept
A proof of concept or a proof of principle is a realization of a certain method or idea to demonstrate its feasibility, or a demonstration in principle, whose purpose is to verify that some concept or theory that has the potential of being used...
.
Phreaking
Phreaking
Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. As telephone networks have become computerized, phreaking has become closely...
is the process of exploiting telephone network
Telephone network
A telephone network is a telecommunications network used for telephone calls between two or more parties.There are a number of different types of telephone network:...
s, used here because of its connection to eavesdropping.
Van Eck phreaking might also be used to compromise the secrecy of the votes in an election using electronic voting
Electronic voting
Electronic voting is a term encompassing several different types of voting, embracing both electronic means of casting a vote and electronic means of counting votes....
. This caused the Dutch government to ban the use of NewVote computer
Computer
A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...
voting machine
Voting machine
Voting machines are the total combination of mechanical, electromechanical, or electronic equipment , that is used to define ballots; to cast and count votes; to report or display election results; and to maintain and produce any audit trail information...
s manufactured by SDU
SDU
SDU is a three-letter abbreviation that may refer to:*Special Duties Unit, a paramilitary special force of the Hong Kong Police Force.*Special Detective Unit, specialist branch in the Garda Síochána....
in the 2006 national elections
Dutch general election, 2006
The General Election to the House of Representatives of the States-General of the Netherlands was held in the Netherlands on November 22, 2006. And followed the call for new elections after the fall of the Second Balkenende cabinet....
, under the belief that ballot information might not be kept secret. In a 2009 test of electronic voting systems in Brazil, Van Eck phreaking was used to successfully compromise ballot secrecy as a proof of concept.
Basic principle
Information that drives the video display takes the form of high frequencyHigh frequency
High frequency radio frequencies are between 3 and 30 MHz. Also known as the decameter band or decameter wave as the wavelengths range from one to ten decameters . Frequencies immediately below HF are denoted Medium-frequency , and the next higher frequencies are known as Very high frequency...
electrical signals. These oscillating electric currents create electromagnetic radiation
Electromagnetic radiation
Electromagnetic radiation is a form of energy that exhibits wave-like behavior as it travels through space...
in the RF
Radio frequency
Radio frequency is a rate of oscillation in the range of about 3 kHz to 300 GHz, which corresponds to the frequency of radio waves, and the alternating currents which carry radio signals...
range. These radio
Radio
Radio is the transmission of signals through free space by modulation of electromagnetic waves with frequencies below those of visible light. Electromagnetic radiation travels by means of oscillating electromagnetic fields that pass through the air and the vacuum of space...
emission
Radio waves
Radio waves are a type of electromagnetic radiation with wavelengths in the electromagnetic spectrum longer than infrared light. Radio waves have frequencies from 300 GHz to as low as 3 kHz, and corresponding wavelengths from 1 millimeter to 100 kilometers. Like all other electromagnetic waves,...
s are correlated to the video
Video
Video is the technology of electronically capturing, recording, processing, storing, transmitting, and reconstructing a sequence of still images representing scenes in motion.- History :...
image being displayed, so, in theory, they can be used to recover the displayed image.
CRTs
In a CRTCathode ray tube
The cathode ray tube is a vacuum tube containing an electron gun and a fluorescent screen used to view images. It has a means to accelerate and deflect the electron beam onto the fluorescent screen to create the images. The image may represent electrical waveforms , pictures , radar targets and...
the image is generated by an electron beam that sweeps back and forth across the screen. The electron beam excites the phosphor
Phosphor
A phosphor, most generally, is a substance that exhibits the phenomenon of luminescence. Somewhat confusingly, this includes both phosphorescent materials, which show a slow decay in brightness , and fluorescent materials, where the emission decay takes place over tens of nanoseconds...
coating on the glass and causes it to glow. The strength of the beam determines the brightness of individual pixel
Pixel
In digital imaging, a pixel, or pel, is a single point in a raster image, or the smallest addressable screen element in a display device; it is the smallest unit of picture that can be represented or controlled....
s (see CRT
Cathode ray tube
The cathode ray tube is a vacuum tube containing an electron gun and a fluorescent screen used to view images. It has a means to accelerate and deflect the electron beam onto the fluorescent screen to create the images. The image may represent electrical waveforms , pictures , radar targets and...
for a detailed description). The electric signal which drives the electron beam is amplified to hundreds of volts from TTL circuitry. This high frequency, high voltage signal creates electromagnetic radiation that has, according to Van Eck, "a remarkable resemblance to a broadcast TV signal". The signal leaks out from displays and may be captured by an antenna, and once synchronization pulses are recreated and mixed in, an ordinary analog television receiver can display the result. The sync can be recreated either through manual adjustment or by processing the signals emitted by electromagnetic coils as they deflect the CRT's electron beam back and forth.
In the paper, Van Eck reports that in February 1985 a successful test of this concept was carried out with the cooperation of the BBC
BBC
The British Broadcasting Corporation is a British public service broadcaster. Its headquarters is at Broadcasting House in the City of Westminster, London. It is the largest broadcaster in the world, with about 23,000 staff...
. Using a van filled with electronic equipment and equipped with a VHF
Very high frequency
Very high frequency is the radio frequency range from 30 MHz to 300 MHz. Frequencies immediately below VHF are denoted High frequency , and the next higher frequencies are known as Ultra high frequency...
antenna array
Antenna array (electromagnetic)
An antenna array is a group of isotropic radiators such that the currents running through them are of different amplitudes and phases. These are radiators of electromagnetic frequency and energy. Antenna arrays are the solution to the problem defined as the limitations of operating a single antenna...
, they were able to eavesdrop from a "large distance".
Van Eck phreaking and protecting a CRT display from it was demonstrated on an episode of Tech TV's The Screen Savers
The Screen Savers
The Screen Savers was a live American TV show on TechTV. The show launched concurrently with the channel ZDTV on May 11, 1998. The Screen Savers originally centered around computers, new technologies, and their adaptations in the world...
on December 18, 2003.
LCDs
In April 2004, academic research revealed that flat panel and laptop displays are also vulnerable to electromagnetic eavesdropping. The required equipment for espionage was constructed in a university lab for less than US$2000.Countermeasures
CountermeasureCountermeasure
A countermeasure is a measure or action taken to counter or offset another one. As a general concept it implies precision, and is any technological or tactical solution or system designed to prevent an undesirable outcome in the process...
s are detailed in the article on TEMPEST
TEMPEST
TEMPEST is a codename referring to investigations and studies of compromising emission . Compromising emanations are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any...
, the NSA
National Security Agency
The National Security Agency/Central Security Service is a cryptologic intelligence agency of the United States Department of Defense responsible for the collection and analysis of foreign communications and foreign signals intelligence, as well as protecting U.S...
's standard on spy-proofing digital equipment. One countermeasure involves shielding
Electromagnetic shielding
Electromagnetic shielding is the process of reducing the electromagnetic field in a space by blocking the field with barriers made of conductive and/or magnetic materials. Shielding is typically applied to enclosures to isolate electrical devices from the 'outside world' and to cables to isolate...
the equipment to minimize electromagnetic
Electromagnetic radiation
Electromagnetic radiation is a form of energy that exhibits wave-like behavior as it travels through space...
emissions. Another method, specifically for video information, scrambles
Scrambler
In telecommunications, a scrambler is a device that transposes or inverts signals or otherwise encodes a message at the transmitter to make the message unintelligible at a receiver not equipped with an appropriately set descrambling device...
the signals such that the image is perceptually undisturbed, but the emissions are harder to reverse engineer
Reverse engineering
Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation...
into images. Examples of this include low pass
Low-pass filter
A low-pass filter is an electronic filter that passes low-frequency signals but attenuates signals with frequencies higher than the cutoff frequency. The actual amount of attenuation for each frequency varies from filter to filter. It is sometimes called a high-cut filter, or treble cut filter...
filtering
Filter (signal processing)
In signal processing, a filter is a device or process that removes from a signal some unwanted component or feature. Filtering is a class of signal processing, the defining feature of filters being the complete or partial suppression of some aspect of the signal...
fonts and randomizing the least significant bit
Least significant bit
In computing, the least significant bit is the bit position in a binary integer giving the units value, that is, determining whether the number is even or odd. The lsb is sometimes referred to as the right-most bit, due to the convention in positional notation of writing less significant digits...
of the video data information.
See also
- TEMPESTTEMPESTTEMPEST is a codename referring to investigations and studies of compromising emission . Compromising emanations are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any...
, a US government standard for limiting electric or electromagnetic radiation emanations from electronic equipment - RINT, the acronym for Radiation INTelligence, military application
- Election fraud
External links
- Van Eck phreaking
- Van Eck phreaking Demonstration
- Tempest for Eliza is a program that uses your computer monitor to send out AM radio signals. You can then hear computer generated music in your radio.
- Video eavesdropping demo at CeBIT 2006 by a Cambridge University security researcher
- eckbox – unsuccessful or abandoned attempt in spring 2004 to build an open-source Van Eck phreaking implementation