TEMPEST and TempestSDR: Securing Information and Privacy

12.07.2021

Communication and information sharing has never been easier than it is in 2021. We can effortlessly send e-mails, texts and images to friends and colleagues with minimal effort and thought. However, that information can just as easily be intercepted by a malicious entity. Even static information on a computer monitor or television in a conference room can be remotely viewed with the right tools and minimal expertise.

These ‘Compromising Emanations’ and the methods of harnessing them are not a new concept. TEMPEST is a NATO code word for compromising emanations and various methods of mitigating them. Thanks to now declassified documents1, it is clear that evidence of this concept has existed since the Second World War! However, they were first brought to the attention of the general public in 1985 when Win van Eck demonstrated2 ways of harnessing compromising emanations to remotely view a computer monitor from hundreds of meters away. Even more recently, Martin Marinov developed a software program as part of his dissertation titled “Remote video eavesdropping using a software-defined platform3“. The program was designed to allow a user to remotely view a computer monitor’s content using a Software Defined Radio (SDR) and an antenna.

Note: A software defined radio is simply a radio which can implement some or all of its physical functions in software. The main advantage of a software defined radio over a traditional radio is that changes can be made to parameters which are traditionally hardware based.

Martin Marinov’s program4 works by leveraging the SDR to receive electromagnetic waves emanated by cables carrying video signals to a computer monitor. These video signals are transmitted to a monitor from the video controller using a technique called ‘Rastering’. Rastering involves the continuous transmission of ‘scan lines’ at a specific rate known as ‘refresh rate’ (refresh rate is also referred to as FPS or frames per second). Each of these scan lines contains a line of pixels which are transmitted and received from left to right. Meanwhile, the scan lines are transmitted from top to bottom. The pixels in these scan lines are encoded as a time varying signal, which produces electromagnetic waves that can be received by an SDR, and the aforementioned program developed by Martin Marinov.

When it was released in 2014, the program (now known as TempestSDR), was only developed for MacOS devices. It has since been adapted for Windows by GitHub user Erwin Ried5. This opens the door for many other devices to perform an ‘attack’ on computer monitors, especially with SDRs being relatively cheap in 2021.

These discoveries are a security and privacy concern for government agencies, in addition to anyone who wants to keep their information secure and private. Fortunately, various methods of mitigating or eliminating these emanations exist including RF (Radio Frequency) shielding and RF filtering.

RF filters work by blocking certain frequencies from passing through the filter. These filters are usually present on RF shielded enclosure where they are essential for filtering the power and communication lines penetrating the enclosure, since these can produce compromising emanations.

RF shielded enclosures are designed to prevent the transmission of certain radio frequencies from inside the enclosure, as well as the reception of those frequencies from outside the enclosure. In Canada, these frequencies are 10 kHz to 10 GHz according to ITSG-026 (Criteria for the Design, Fabrication, Supply, Installation and Acceptance Testing of Walk-in, Radio-Frequency-Shielded Enclosures). This range is enough to block the types of electromagnetic waves that may be received by an attacker. RF shielded enclosures are geared towards entities which require their secrets to remain secret. Government agencies and well-known companies are highly encouraged to have these enclosures to prevent TEMPEST attacks.


1 “A History of U.S. Communications Security (Volumes I and II)”; David G. Boak Lectures” (PDF). National Security Agency. 1973. p. 90.
2 Van Eck, Wim (1985). “Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?” (PDF). Computers & Security. 4 (4): 269–286. CiteSeerX 10.1.1.35.1695. doi:10.1016/0167-4048(85)90046-X
3 Marinov, M. (2014). Remote video eavesdropping using a software-defined radio platform (dissertation).
4 Marinov, M. (2014). martinmarinov/TempestSDR. GitHub. https://github.com/martinmarinov/TempestSDR.
5 Ried, E. (2020). eried/Research. GitHub. https://github.com/eried/Research/tree/master/HackRF/TempestSDR.
6 Government of Canada. (2018, September 25). Criteria for the Design, Fabrication, Supply, Installation and Acceptance Testing of Walk-in, Radio-Frequency-Shielded Enclosures (ITSG-02). Canadian Centre for Cyber Security. https://cyber.gc.ca/en/guidance/criteria-design-fabrication-supply-installation-and-acceptance-testing-walk-radio.