Pulling Data From HDMI RF Leakage

A long-running story in the world of electronic security has been the reconstruction of on-screen data using RF interference from monitors or televisions. From British TV detector vans half a century ago to 1980s scare stories about espionage, it was certainly easy enough to detect an analogue CRT with nothing more than an AM broadcast radio receiver. But can this still be done in the digital age? It’s something [Windytan] has looked into, as she reconstructs images using leakage from HDMI cables.

The tale starts with a mystery RF noise, soon identified as not unlike the scanning frequencies of a video signal. Plotting the noise intensities while treating the supposed scanning frequencies as video synchronization yields a shadowy version of her Raspberry Pi desktop, so she’s on to something. It’s important to note that this isn’t a video signal she’s receiving, but the noise associated with the bit transitions in an uncompressed digital video stream, so she quickly concludes that trying to resolve color would be futile.

It does however leave the tantalizing possibility of using this as a medium to wirelessly export data from a compromised machine, and it’s down this route she goes. She finally arrives on a scheme of encoding data as lines of individual colors that look like interference patterns over a desktop, and from there can send and retrieve files. It works for digital audio streams, and as shown in the video below, even an MJPEG video stream, hidden in the noise from a video signal. That’s impressive work, by any standard!

We covered those BBC detector vans in detail a while back.

Continue reading “Pulling Data From HDMI RF Leakage”

Getting Data Out Of Air-Gapped Networks Through The Power Cable

If you are an organisation that is custodian of sensitive information or infrastructure, it would be foolhardy of you to place it directly on the public Internet. No matter how good your security might be, there is always the risk that a miscreant could circumvent it, and perform all sorts of mischief. The solution employed therefore is to physically isolate such sensitive equipment from the rest of the world, creating an air gap. Nothing can come in and nothing can go out, or so goes the theory.

Well, that’s the theory, anyway. [Davidl] sends us some work that punches a hole in some air-gapped networks, allowing low-speed data to escape the air gap even if it doesn’t allow the reverse.

So how is this seemingly impossible task performed? The answer comes through the mains electrical infrastructure, if the air gap is bridged by a mains cable then the load on that mains cable can be modulated by altering the work undertaken by a computer connected to it. This modulation can then be detected with a current transformer, or even by compromising a UPS or electricity meter outside the air gap.

Of course, the Hackaday readership are all upstanding and law-abiding citizens of good standing, to whom such matters are of purely academic interest. Notwithstanding that, the article goes into the subject in great detail, and makes for a fascinating read.

We’ve touched on this subject before with such various techniques as broadcast radio interference and the noise from a fan,  as well as with an in-depth feature.