Exposing Computer Monitor Side-Channel Vulnerabilities With TempestSDR

Having been endlessly regaled with tales of side-channel attacks and remote exploits, most of us by now realize that almost every piece of gear leaks data like a sieve. Everything from routers to TVs to the power supplies and cooling fans of computers can be made to give up their secrets. It’s scary stuff, but it also sounds like a heck of a lot of fun, and with an SDR and a little software, you too can get in on the side-channel action.

Coming to us via software-defined radio buff [Tech Minds], the video below gives a quick tour of how to snoop in on what’s being displayed on a monitor for almost no effort or expense. The software that makes it possible is TempestSDR, which was designed specifically for the job. With nothing but an AirSpy Mini and a rubber duck antenna, [Tech Minds] was able to reconstruct a readable black and white image of his screen at a range of a few inches; a better antenna and some fiddling might improve that range to several meters. He also shares a trick for getting TempestSDR set up for all the popular SDRs, including SPRplay, HackRF, and RTL-SDR.

Learning what’s possible with side-channel attacks is the key to avoiding them, so hats off to [Tech Minds] for putting together this simple, easy-to-replicate demo. To learn even more, listen to what [Samy Kamkar] has to say about the subject, or check out where power supplies, cryptocurrency wallets, and mixed-signal microcontrollers are all vulnerable.

Continue reading “Exposing Computer Monitor Side-Channel Vulnerabilities With TempestSDR”

Software Defined Radio Hack Chat

Join us on Wednesday, September 18 at noon Pacific for the Software Defined Radio Hack Chat with Corrosive!

If you’ve been into hobby electronics for even a short time, chances are you’ve got at least one software-defined radio lying around. From the cheap dongles originally intended to watch digital TV on a laptop to the purpose-built transmit-capable radio playgrounds like HackRF, SDR has opened up tons of RF experimentation. Before SDR, every change of band or mode would need new hardware; today, spinning up a new project is as simple as dragging and dropping a few blocks around on a screen, and SDRs that can monitor huge swaths of radio spectrum for the tiniest signal have been a boon to reverse engineers everywhere.

Corrosive is the handle of Harold Giddings, amateur callsign KR0SIV, and he’s gotten into SDR in a big way. Between his blog, his YouTube channel, and his podcast, all flying under the Signals Everywhere banner, he’s got the SDR community covered. Whether it’s satellite communications, aircraft tracking, amateur radio, or even listening in on railway operations, Harold has tried it all, and has a wealth of SDR wisdom to share. Join us as we discuss the state of the SDR ecosystem, which SDR to buy for your application, and even how to transmit with an SDR (hint: you’ll probably want a ham license.)

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, September 18 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Eavesdropping On Cosmonauts With An SDR

Usually when we hear about someone making contact with astronauts in orbit, it’s an intentional contact between a ham on the ground and one of the licensed radio amateurs on the ISS. We don’t often see someone lucky enough to snag a conversation between ground controllers and a spacecraft en route to the ISS like this.

For [Tysonpower], this was all about being in the right place at the right time, as well as having the right equipment and the know-how to use it properly. Soyuz MS-12 launched from Baikonur on March 14 with cosmonaut [Aleksey Ovchinin] and NASA astronauts [Nick Hague] and [Kristina Koch] onboard, destined for the ISS after a six-hour flight. The lucky bit came when [Tysonpower] realized that the rendezvous would happen when the ISS was in a good position relative to his home in Cologne, which prompted him to set up his gear for a listening session. His AirSpy Mini SDR was connected to a home-brew quadrifilar helical (QFH) “eggbeater” antenna on his roof. What’s nice about this antenna is that it’s fixed rather than tracking, making it easy to get on the air with quickly. After digging around the aviation bands at about 121 MHz for a bit, [Tysonpower] managed to capture a few seconds of a conversation between [Ovchinin] and Moscow Flight Control Center. The commander reported his position and speed relative to the ISS a few minutes before docking. The conversation starts at about 1:12 in the video below.

We think it’s just cool that you can listen in on the conversations going on upstairs with a total of less than $50 worth of gear. Actually talking to the hams aboard the ISS is another matter, but not a lot more involved really.

Continue reading “Eavesdropping On Cosmonauts With An SDR”

SDR IF Experiments

The R820T tuner IC is used in the popular Airspy software defined radio (SDR) as well as many of the inexpensive RTL SDR dongles. [TLeconte] did some experiments on intermediate frequency (IF) configuration of the chip, and you’ll find his results interesting.

Using 5 million samples per second and the device’s real mode, the tests look at a what comes out when the IC reads a noise source. There are two registers that set the IF parameters, but the tests show the effects these registers have in precise terms.

Continue reading “SDR IF Experiments”