Window light can give away a computer's secrets at 50m

Security: Hackers and industrial spies could exploit new ways to break into systems.

Security: Hackers and industrial spies could exploit new ways to break into systems.

Businesses and government establishments could be at risk from a new eavesdropping technology that allows snoopers to read the contents of computer screens and data devices through office windows from a distance of up to 50m.

Scientists at Cambridge University have shown that they can reconstruct images from a PC screen or read data from LED devices by measuring tiny variations in the light they reflect through office windows. Similar technology could be harnessed by intelligence agencies or industrial spies to steal commercial or government secrets from otherwise secure organisations, experts said.

The technique, known as optical time-domain eavesdropping, is analogous to the "tempest" phenomenon discovered in the 1980s, which allows eavesdroppers to read data by tuning into electromagnetic waves emitted by computer monitors.

But Markus Kuhn, a researcher at the university's computer laboratory who discovered the phenomenon, said "optical tempest" could be a more effective snooping technology than its electromagnetic equivalent.

"It is a particular concern for organisations that have removed other security risks and where there is a determined opponent, such as an intelligence agency. Military organisations that use cryptographic keys could be at risk," said Kuhn.

The technique relies on the fact that the pixels on computer screens glow for a fraction of a second when they are struck by the moving electron beam in the visual display unit (VDU). A photodetector can pick up the tiny variations in light emitted and, by averaging emissions over a few seconds, can accurately re-construct the original screen image.

The technology is sensitive enough to reconstruct images from light reflected from internal walls through a window or through frosted glass. Eavesdroppers could use the same techniques to read sensitive data by decoding the LED indicators used in transmission devices in internal company networks.

"The main limitation is that the room has to be relatively dark. It works well if there is no other light in the room, and it is twilight outside - you can [read the screen] from 50m away," said Kuhn.

Simple countermeasures are available, however. One approach is to make sure that rooms are always well lit. Certain types of fluorescent tubes can make eavesdropping difficult, if they emit light with similar frequencies to a VDU. Another approach is to replace VDUs with liquid crystal displays, which emit no afterglow.

[email protected]

Read more on IT risk management