Report: Spies may read LED lights

R. A. Hettinga rah at shipwright.com
Thu Mar 7 19:45:49 EST 2002 

More on those power-analyzed blinkenlights...

Cheers,
RAH

--- begin forwarded text


Status:  U
Reply-To: <frese at jhu.edu>
From: Somebody
To: "R. A. Hettinga" <rah at shipwright.com>
Subject: Report: Spies may read LED lights
Date: Thu, 7 Mar 2002 14:15:09 -0400

http://www.cnn.com/2002/TECH/ptech/03/07/led.snooping.reut/index.html

Report: Spies may read LED lights
'Like fiber optics but without the fiber'
March 7, 2002 Posted: 9:45 AM EST (1445 GMT)

SAN FRANCISCO, California (Reuters) -- By monitoring the flashes of LED
lights on electronics equipment and the indirect glow from monitors,
scientists in the United States and the United Kingdom have discovered ways
to remotely eavesdrop on computer data.

Optical signals from the little flashing LED (light-emitting diode)
lights -- usually red and dotting everything from modems to keyboards and
routers -- can be captured with a telescope and processed to reveal all the
data passing through the device, Joe Loughry, a computer programmer at
Lockheed Martin Space Systems in Denver, told Reuters.

"It requires little apparatus, can be done at a considerable distance, and
is completely undetectable," he writes in his paper titled "Information
Leakage from Optical Emanations."

"In effect, LED indicators act as little free-space optical data
transmitters, like fiber optics but without the fiber."

Home systems less vulnerable
Not every LED-enabled device is at risk, though. Affected is equipment used
in low-speed, long-distance networks typically found in proprietary
networks, such as ATM (automated teller machines) at banks, as opposed to
corporate local area networks or home Internet connections, Loughry said.

He said he was able to collect a strong optical signal from about 22 yards
(20 meters), using optical sensor equipment.

"It is interesting to walk around downtown at night in a large city and look
up at the glass windows and you see a lot of computers," Loughry said. "I've
seen racks of equipment with LEDs on them visible from the street. That's
kind of what got me to pursue this."

'Nobody ever looked'
Loughry began his research on LEDs in 1994 when he was a graduate student at
Seattle University. Asked how computer researchers could have overlooked for
so long something that stares them in the face, he said: "I guess nobody
ever looked at it before.

"I was working very late one night and waiting for a long file transfer to
complete and I was just staring at these lights on the front of the modem
and started to wonder if there was anything there," said Loughry.

The remedy for having LED signals read is easy -- locate equipment away from
windows, put black tape over LEDs or de-activate them when not in use.
Equipment manufacturers also can modify the devices.

Loughry's paper is scheduled to be published later this year in the
scientific journal for the Association for Computing Machinery, called "ACM
Transaction on Information and System Security."

His co-author is his former professor, David Umphress, now a software
engineering professor at Alabama's Auburn University.


--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list