An Adversary can eavesdrop on the content of an external monitor through the air without modifying any cable or installing software, just capturing this signal emitted by the cable or video port, with this the attacker will be able to impact the confidentiality of the data without being detected by traditional security tools
Description
Attack Execution Flow
3
1
Step 1
Explore[Survey Target] The adversary surveys the target location, looking for exposed display cables and locations to hide an SDR. This also includes looking for display cables or monitors placed close to a wall, where the SDR can be in range while behind the wall. The adversary also attempts to discover the resolution and refresh rate of the targeted display.
AI Translation
[Survey Target] L'attore malevolo ispeziona la posizione obiettivo, cercando cavi di visualizzazione esposti e punti nascosti dove collocare un SDR. Ciò include anche la ricerca di cavi di visualizzazione o monitor posizionati vicino a una parete, dove l'SDR può essere in portata pur essendo dietro la parete. L'attore malevolo tenta inoltre di scoprire la risoluzione e la frequenza di aggiornamento del display target.
2
Step 2
Experiment[Find target using SDR] The adversary sets up an SDR near the target display cable or monitor. They use the SDR software to locate the corresponding frequency of the display cable. This is done by looking for interference peaks that change depending on what the screen is showing. The adversary notes down the possible frequencies of unintentional emission.
An adversary can make use of many different commercially available SDR devices which are easy to setup such as a HackRF, Ubertooth, RTL-SDR, and many others.
AI Translation
[Trova il target utilizzando SDR] L'attore malevolo installa un SDR vicino al cavo di visualizzazione o al monitor di destinazione. Utilizza il software SDR per individuare la frequenza corrispondente al cavo di visualizzazione. Questo viene fatto cercando picchi di interferenza che variano a seconda di ciò che mostra lo schermo. L'attaccante annota le possibili frequenze di emissione involontaria.
Un attaccante può utilizzare molti dispositivi SDR commercialmente disponibili, facili da configurare, come HackRF, Ubertooth, RTL-SDR e molti altri.
Attack Techniques
-
An adversary can make use of many different commercially available SDR devices which are easy to setup such as a HackRF, Ubertooth, RTL-SDR, and many others.
3
Step 3
Exploit[Visualize Monitor Image] Once the SDR software has been used to identify the target, the adversary will record the transmissions and visualize the monitor image using these transmissions, which allows them to eavesdrop on the information visible on the monitor.
The TempestSDR software can be used in conjunction an SDR device to visualize the monitor image. The adversary will specify the known monitor resolution and refresh rate, or if those are not known they can use the provided auto-correlation graphs to help predict these values. The adversary will then try the different frequencies recorded from the experiment phase, looking for a viewing monitor display. Low pass filters and gain can be manipulated to make the display image clearer.
AI Translation
[Visualize Monitor Image] Una volta che il software SDR è stato utilizzato per identificare il target, l'attore malevolo registrerà le trasmissioni e visualizzerà l'immagine del monitor utilizzando queste trasmissioni, il che gli permette di intercettare le informazioni visibili sul monitor.
Il software TempestSDR può essere utilizzato in combinazione con un dispositivo SDR per visualizzare l'immagine del monitor. L'attore malevolo specificherà la risoluzione del monitor nota e il refresh rate, oppure, se questi non sono noti, può utilizzare i grafici di auto-correlazione forniti per aiutare a prevedere questi valori. Successivamente, l'attaccante proverà le diverse frequenze registrate durante la fase di sperimentazione, cercando una visualizzazione del monitor. Filtro passa basso e guadagno possono essere manipolati per rendere l'immagine del display più chiara.
Attack Techniques
-
The TempestSDR software can be used in conjunction an SDR device to visualize the monitor image. The adversary will specify the known monitor resolution and refresh rate, or if those are not known they can use the provided auto-correlation graphs to help predict these values. The adversary will then try the different frequencies recorded from the experiment phase, looking for a viewing monitor display. Low pass filters and gain can be manipulated to make the display image clearer.
Mitigations
4
Design: Lock Away The Video Cables, Making It Difficult For The Attacker To Access The Cables And Place The Antenna Near Them (If The Distance Condition Between The Antenna And Display Port/Cable Is Not Satisfied, The Attack Will Not Be Possible).
Enhance: Increase The Number Of Electromagnetic Shield Layers In The Display Ports And Cables To Contain Or Reduce The Intensity Of The Leaked Signal.
Implement: Use A Protocol That Encrypts The Video Signal; In Case The Signal Is Intercepted The Signal Is Protected By The Encryption.
Implement: Use Wireless Technologies To Connect To External Display Devices.
Consequences
Security Scopes Affected
Confidentiality
Potential Impacts
Read Data
Indicators
1
The target will not observe any indicators of the attack from the computer userâs perspective. The only indication of this attack would be a visible SDR with antenna that can be seen in close proximity to a display cable which is not normally present. This requires that the target is aware of what SDRs look like and can recognize that it may be out of place.
Relationships
Parent CAPECs
Resources Required
2
SDR device set with the correspondent antenna
Computer with SDR Software