A German research student says that under the right conditions, hackers could steal information off cathode-ray tube (CRT) computer screens by measuring the light reflected from a user’s face.
Markus Kuhn, a doctoral student at the University of Cambridge in England, will present his findings in a paper (download .pdf) at the Institute of Electrical and Electronic Engineers Inc. Symposium on Security and Privacy in Oakland, Calif., in May.
“Even if I can’t see your screen surface, as long as your face is illuminated from a distance of 50 meters I can collect the photons from your face into a sensor and I will have a very good chance of turning it into a readable text,” Kuhn said in a telephone interview from Cambridge this afternoon.
While his research on information leakage from monitor reflections shouldn’t worry the general population of computer users, government agencies and corporations dealing with top secret or confidential materials would probably want to take precautions, he said.
In his 16-page paper, Kuhn provides screen shots that his team was able to capture using filters and light collectors. He said that his mathematical models show that intruders using telescopes could probably capture information from even farther away. Kuhn also said that the person capturing the information doesn’t have to be looking at the user head-on; the light can be collected from an angle and still get usable information.
Kuhn said the process is possible because of the way a CRT works. These tubes light individual pixels across the screen at a rate that’s too fast for the human eye to see, but not too fast for instruments to detect.
By measuring fluctuations in light, either on the face of a user or on the wall behind the user, it is possible to recreate everything on a CRT-based computer screen. Kuhn said the technique won’t work on liquid crystal display screens because they light all pixels on the screen at the same time.
The technique also only works in a darkened room. Kuhn said the scenario he envisions is a user who gets caught up in work at the computer. As the sun sets, the user doesn’t turn on any lights and continues to work by the light of the monitor. It’s a common occurrence at Cambridge, he noted.
The technique might also work in rooms lighted by fluorescent tubes because they flicker at regular intervals. It should be possible for an eavesdropper to take into account the flickering of the light and only gather photons when the lights darken, Kuhn said.
In the mid-1980s, researchers discovered that computers emitted radio waves over a short distance, and many government agencies and companies shielded their machines from eavesdroppers. Anyone who took such action should probably think about light reflection, as well, Kuhn said.
“Compared to other computer security risks, it is a more exotic thing,” Kuhn said.
He added that the information a spy could collect this way would only be the information on the screen. It would be more worthwhile, he speculated, for a hacker to break into a system and simply read every e-mail the user sent “for the last three years.”
Winn Schwartau, president of security firm Interpact Inc. in St. Petersburg, Fla., said he doubts Kuhn’s claims but would like to see a demonstration. While he believes it might be possible to grab information off a user’s glasses, it would be expensive and require the right equipment, he explained. While calling Markus “a really smart guy,” Schwartau said he doubted that Kuhn’s ideas about the reflectivity of photons would work.
Kuhn grew up in Munich, Germany. He holds a graduate degree in computer science from the University of Erlangen in Germany and studied at Purdue University in West LaFayette, Ind., as a Fulbright scholar before pursuing a his Ph.D in computer security at Cambridge.
