LCD TEMPEST Air-Gap Attack Reloaded

摘要

In 1998, researcher showed how attackers can transmit data from computers through electromagnetic radio waves generated by the computer video card. 20 years later, we examine this type of threat in a context of modern cyber-attacks. In this type of threat, attackers can covertly leak sensitive data from isolated (`air-gapped') computers using the electromagnetic emission from the video card. We present related work and give a brief technical background. We tested the TEMPEST attack with modern LCD screens and affordable user-defined-radio hardware available today for only $30. We implement a transmitter malware that can modulate binary data and transmit it over electromagnetic waves emitted from the video cable. We also implement a remote receiver, which demodulate and decode the transmission using GNU Radio. We present an analysis of the frequency range, effective distance and the bandwidth of this covert-channel. We found that malware can covertly leak data (e.g., encryption keys, keylogging data and documents) from air-gapped computers to a nearby RF receiver via the electromagnetic emission. The effective bitrate of this channel is 60 bit/sec to 640 bit/sec.