Feeds

Readers' Letters Storm in a TEMPEST?

And why would we want to look at your PC, anyway?

  • alert
  • submit to reddit

Security for virtualized datacentres

Can't pay - won't pay

To quote from your page on Only UK viewers have to pay:-

"instead they work by detecting the TV tuner's local oscillator which always leaks a small amount of
radiation back up the aerial."

I have to question this because there's a couple of flaws here. Firstly 99% of tv's sold now conform to CE approval, hence limiting there RF emissions. And secondly, what happens if your using a cable tv /
satellite tuner / etc?? The local oscillator is going to not be passed up the coax to the antenna because of a cascade of RF amplifiers in those devices. I suppose the tv licensing 'authority' will try to kid us that the signal goes through the satellite tuner and out of the dish to the satellite where they can use XY or Z to pinpoint the BBC service thief?!

'The' TV detector van should be renamed "psychological prompting vehicle" because that's the only purpose it serves, ie, The one and only psychological prompting vehicle is seen in the area and people spread the word, and lo and behold, a panic purchase of TV - Taxdiscs!

Anyway that's my 99p's worth, and before you ask, No I dont have a tv license, I pay enough taxes as is.

Jump up and down

This chap works for a Tempest manufacturer - we'd better keep his name out of here - and he writes...

TEMPEST has no meaning. But people like to speculate. You can simulate this yourself, by placing an AM radio next to you computer; then, tune the radio up and down the dial until you hear your computer on it. That's what they intercept and reconstruct.

On the other hand

"TEMPEST stands for "Telecommunications Electronics Material Protected From Emanating Spurious Transmissions". Catchy, no?"

No, it doesn't stand for anything. It is a codeword whose meaning is defined as the unwanted dissemination of information by electromagnetic means.

TEMPEST was defined initially by CESG which is a
branch of GCHQ. It's original meaning was classified but is now public domain.

TEMPEST assessments are carried out on equipment, rooms, buildings etc. both in Government and in private sector.

TEMPEST is *not* some sort of great mystery or magical technique. It is a widely studied area which is now much more controlled by regulations such as Radio frequency Interference laws common to the European Community etc.

The TVLA (technical dept.) are not interested in TEMPEST technology as it is exactly the opposite of what they are trying to achieve. They CAN tell what channel and programme you are watching using "their low tech equipment".

I'm sure I used that last piece of tin foil on the turkey...

You might be interested to note that it is possible to intercept VDU emmanations at 1km for monochrome (Black & White) and more for RGB. Both figures are likely to be greater using sophisticated technical
means.

If you are worried that I am reading your VDU, you might consider 'papering' your walls, floor, ceiling, doors and windows with aluminium baking foil. This will greatly reduce the risk but not enough to be
secure. Remember also, power cables and phone lines etc. leaving your 'baking' room.

Regards. Gatekeeper

"What, us?"

EM emissions from electronic devices have long been a source of worry for organisations carrying or transmitting sensitive information. I imagine that
even the IBM golfball typewriter's keystrokes could be monitored by "listening" devices. Typically, most counter-measures have concentrated in the government/military arena, where the research bases at GCHQ Cheltenham and RSRE Malvern and in the USA, the National Security Agency, have long developed and maintained NATO MilSpec standards for manufacturers to comply with.

When working for several major IT vendors in the 1980s, during a demonstration of intercept techniques, I was informed that it was possible to pick up a screen/PC signature as much as a mile away from source! Various well known systems houses were contracted by Govt to provide quality assurance services and compliance certificates for manufacturers' wishing to sell computer equipments to the (secret) state. This is all public domain
stuff, if you read the relevant magazines. It's conceivable that such counter-measures are now included in manufacturers' production runs as
standard nowadays; otherwise, I imagine electronic intercept of, say, Bank of England information is perfectly possible if they don't use other means
of protecting their electronic environments (safe cages for operators for example).

As for television intercept by the TVLA, the TVLA must be being disingenuous when it says it doesn't know about TEMPEST tested equipment precisely because it's using low-level intercept equipment (to detect unpaid TV licensees using their sets) that TEMPEST is supposed to defeat! ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Are you a fat boy? Get to university NOW, you PENNILESS SLACKER
Rotund types paid nearly 20% less than people who didn't eat all the pies
Emma Watson should SHUT UP, all this abuse is HER OWN FAULT
... said an anon coward who we really wish hadn't posted on our website
Japan develops robot CHEERLEADERS which RIDE on BALLS
'Will put smiles on faces worldwide', predicts corporate PR chief
Bruges Booze tubes to pump LOVELY BEER underneath city
Belgian booze pumped from underground
Let it go, Steve: Ballmer bans iPads from his LA Clippers b-ball team
Can you imagine the scene? 'Hey guys, it's your new owner – WTF is that on your desk?'
Amazon: Wish in one hand, Twit in the other – see which one fills first
#AmazonWishList A year's supply of Arran scotch, ta
SLOSH! Cops dethrone suspect - by tipping over portaloo with him inside
Talk about raising a stink and soiling your career
Ingredient found in TASTY BEER is GOOD for your BRAIN
You only have to drink 2k litres a day to see the effect...
Oz carrier Tiger Air takes terror alerts to new heights
Don't doodle, it might cost you your flight
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.