On 11/25/20 6:31 AM, River~~ wrote:
Hi allIn the days of CRT monitors one way the security of a computer system could be compromised non-intrusively (ie without amending the installed code) was by picking up the radio-frequency leakage from the tube in the monitor. This could only be done from near by, but where possible it enabled the spy to see what was on the screen -- almost everything that you typed (aprt from passwords that were blanked or starred out). This was a remote form of shoulder surfing, where someone looks over your shoulder in an environent like an internet cafe. Nowadays we do not have to worry about CRT monitors.
This is known as a TEMPEST attack: https://en.wikipedia.org/wiki/Tempest_(codename)Although we may not use CRT monitors any more, there are still many other forms of this attack, many of which are still relevant today. It's still important to be mindful of any kind of leaking emanation.
But TVs are increasingly delivered with their own internet connection, making it easy to watch You-Tube (etc) without needing a separate computer or phone. Clearly there is a computer inside which can be hacked, and if so a remote shoulder surfing attack would be very possible.
Yes, definitely. Smart TV spying is already a widely-reported phenomenon: https://duckduckgo.com/?q=smart+tv+spying
Is the same true of monitors and of TVs that do not have an apparent internet link? The digital tech to draw a picture from the input is unlikely to be done by traditional electronics, but being all digital is likely done by a miniporcessor of some kind in all digital displays.
It's impossible to say without knowing exactly what kind of hardware is inside.
To put my question in the most provocative way on this forum: if there much point securing the OS when the monitor might be an easier target for those out to (umm) monitor our reading and our keystrokes? This thught has only just come to me, and I wonder if there is already some available mitigation? Any ideas? Or am I being overly cautious? R~~ Any ideas?
Well, there's no such thing as perfect security, but you can decrease your risk here in multiple ways, such as selecting a monitor with as few "smart" features as possible or, if you use a laptop, sticking with the built-in monitor. There might also be some advantage to preferring "dumb" ports on your monitor. For example, DisplayPort and Thunderbolt are probably bigger risks than VGA and DVI, since DisplayPort can transmit USB and other data, and Thunderbolt combines PCIe and DisplayPort.
-- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b0126b42-d45f-80fb-c783-b30a0202e8cf%40qubes-os.org.
OpenPGP_signature
Description: OpenPGP digital signature
