The enthusiast community engaged in the use of Software Defined Radio (SDR) projects is ever finding new functionality with which to experiment. One recent example, particularly relevant to the TSCMi, is development of software capable of utilising SDR to mount a TEMPEST attack upon laptop screens.

TEMPEST attack capabilities have been around for a long time, but such an attack as this has previously required sophisticated and expensive hardware and associated complex software.

SDR is the use of a computer to move much of the functionality, previously provided within the expensive hardware of a radio transmitter or receiver, to be carried out by applications within the computer itself. All that is required to construct a highly sophisticated radio device is the addition of relatively inexpensive front-end USB radio peripheral. Examples can range from a simple TV dongle (about £15) to a more complex USRP (Universal Software Radio Peripheral) (£250 to £1000). A typical and capable device would be such as the HackRF Half duplex Transmitter/Receiver (see illustration). Link this to the wide range of open source software and you have your TEMPEST capability.

For more details about how this SDR community is progressing, and to gauge the breadth of interest in this project, details and related URLs may be found at https://www.rtl-sdr.com/tempestsdr-a-sdr-tool-for-eavesdropping-on-computer-screens-via-unintentionally-radiated-rf/

What does this mean in terms of presently identified TEMPEST threats?

In reality little has changed. Such an attack still requires close covert presence to the target, an RF spectrum clear of interference such as nearby laptops with similar emissions, and a target source that is vulnerable to such an attack (most laptops do not radiate sufficiently to be vulnerable from more than a couple of metres distant, but others can be susceptible from 10s of metres).

What has changed is the resource cost of carrying out such an attack, the size of the capable community, and wider knowledge of the vulnerability. Although at present the screen definition achieved by the enthusiasts is rather crude recent software upgrades to the hardware front end, and the enthusiasm of the SDR community, may see significant improvement in the not too distant future.

What can be done to combat this threat?

When conducting your own corporate security threat assessments you may now wish to include threat sources previously considered to have no capability in this area. You may also need to consider a raised risk of falling foul of the activities of an opportunist (as with hacking there are some SDR enthusiasts who like a challenge).

The mitigating action deployed to defend against such activity will remain as at present and will include some simple actions such siting laptops and PCs away from uncontrolled space, and being cautious when using laptops in premises electronically quiet such as at home and in hotels. A TSCM consultant will be able to advise upon the particular vulnerability to such an attack in your offices.

It may be worth having your laptop and PC models checked to ensure the radiating emissions carrying intelligible data fade into noise within a few centimetres of the source (include here not just the screen but keyboard activity which can, on some laptop models, radiate keystroke data). Such will significantly reduce the vulnerability to such a TEMPEST attack.

However TEMPEST threats do not relate solely to PCs and Laptops, and there are easier methods of capturing screen data (telescope for instance). Far more vulnerable may be your telephones or data cable infrastructure. A TSCM survey will identify any further TEMPEST threats and advise upon mitigating measures.