On 11/25/20 6:31 AM, River~~ wrote:
Hi all

In the days of CRT monitors one way the security of a computer system
could be compromised non-intrusively (ie without amending the
installed code) was by picking up the radio-frequency leakage from the
tube in the monitor. This could only be done from near by, but where
possible it enabled the spy to see what was on the screen -- almost
everything that you typed (aprt from passwords that were blanked or
starred out). This was a remote form of shoulder surfing, where
someone looks over your shoulder in an environent like an internet
cafe.

Nowadays we do not have to worry about CRT monitors.

This is known as a TEMPEST attack:

https://en.wikipedia.org/wiki/Tempest_(codename)

Although we may not use CRT monitors any more, there are still many other forms of this attack, many of which are still relevant today. It's still important to be mindful of any kind of leaking emanation.

But TVs are
increasingly delivered with their own internet connection, making it
easy to watch You-Tube (etc) without needing a separate computer or
phone. Clearly there is a computer inside which can be hacked, and if
so a remote shoulder surfing attack would be very possible.


Yes, definitely. Smart TV spying is already a widely-reported phenomenon:

https://duckduckgo.com/?q=smart+tv+spying

Is the same true of monitors and of TVs that do not have an apparent
internet link? The digital tech to draw a picture from the input is
unlikely to be done by traditional electronics, but being all digital
is likely done by a miniporcessor of some kind in all digital
displays.


It's impossible to say without knowing exactly what kind of hardware is inside.

To put my question in the most provocative way on this forum: if there
much point securing the OS when the monitor might be an easier target
for those out to (umm) monitor our reading and our keystrokes?

This thught has only just come to me, and I wonder if there is already
some available mitigation? Any ideas?

Or am I being overly cautious?

R~~

Any ideas?


Well, there's no such thing as perfect security, but you can decrease your risk here in multiple ways, such as selecting a monitor with as few "smart" features as possible or, if you use a laptop, sticking with the built-in monitor. There might also be some advantage to preferring "dumb" ports on your monitor. For example, DisplayPort and Thunderbolt are probably bigger risks than VGA and DVI, since DisplayPort can transmit USB and other data, and Thunderbolt combines PCIe and DisplayPort.

--
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0126b42-d45f-80fb-c783-b30a0202e8cf%40qubes-os.org.

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to