WAS: Thermal Imaging Decision Applicable to TEMPEST?

Bill Stewart bill.stewart at pobox.com
Sun Jun 17 19:25:03 EDT 2001

>David Koontz wrote:
> >Is the average person susceptible to TEMPEST attacks?

At 01:22 PM 06/13/2001 -0700, John Young wrote:
>Probably most people are not subject to TEMPEST attacks
>in the same way they are not in need in crypto.

The average person's equipment could be eavesdropped relatively
easily if somebody wanted to.  I remember once seeing the
screen from my laptop displayed on a near television set -
the sync was all wrong, but the characters were relatively readable,
and somebody who wanted to mount a real TEMPEST attack
could easily do so.  Reading data off the CPU is becoming
harder as CPU speeds go up, but if you can grab the
keyboard and display signals, that's usually good enough.

This kind of interference is not supposed to happen, of course,
but if you read the FCC information included with most computers,
it'll generally say that they're intended for office use, not home,
and a bit about who to complain to if somebody's PC bothers your TV.
As home computers become more common, and more powerful,
there may be tighter restrictions on emissions,
though perhaps the upcoming digital TV technology is
less affected by it.

The main difference between crypto attacks and TEMPEST attacks
is that crypto attacks can affect your communications from a distance,
while TEMPEST attacks require the attacker to be nearby,
or at least to put an eavesdropping device nearby.
That doesn't mean they can't be in a van out on the street
(depending on your equipment and theirs),
but it's an attack that needs individual targeting of
suspicious people or places with relatively expensive equipment
rather than a Carnivore-like attack that can stay in one place
and hoover up data wholesale from lots of people;
the difference in cost of the attack also means that
TEMPEST scanning probably will be mainly used with warrants
against people strongly suspected of actual law-breaking,
as opposed to internet eavesdropping on the general public
and on people who are politically unpopular but not necessarily criminal.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list