{ "id": "bundle--8340da62-8f2a-4c99-a71c-1d8f3bc6323f", "objects": [ { "created": "2023-01-24T00:00:00.000Z", "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", "description": "An Adversary can eavesdrop on the content of an external monitor through the air without modifying any cable or installing software, just capturing this signal emitted by the cable or video port, with this the attacker will be able to impact the confidentiality of the data without being detected by traditional security tools", "external_references": [ { "external_id": "CAPEC-699", "source_name": "capec", "url": "https://capec.mitre.org/data/definitions/699.html" }, { "external_id": "CWE-1300", "source_name": "cwe", "url": "http://cwe.mitre.org/data/definitions/1300.html" }, { "description": "TempestSDR: An SDR Tool For Eavesdropping on Computer Screens Via Unintentionally Radiated RF", "external_id": "REF-744", "source_name": "reference_from_CAPEC", "url": "https://www.rtl-sdr.com/tempestsdr-a-sdr-tool-for-eavesdropping-on-computer-screens-via-unintentionally-radiated-rf/" }, { "description": "Dan Maloney, Exposing Computer Monitor Side-Channel Vulnerabilities with TempestSDR", "external_id": "REF-745", "source_name": "reference_from_CAPEC", "url": "https://hackaday.com/2020/07/15/exposing-computer-monitor-side-channel-vulnerabilities-with-tempestsdr/" } ], "id": "attack-pattern--0a8ef002-1cb8-46e1-bc44-efd0a39b2a67", "modified": "2023-01-24T00:00:00.000Z", "name": "Eavesdropping on a Monitor", "object_marking_refs": [ "marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d" ], "type": "attack-pattern", "x_capec_abstraction": "Meta", "x_capec_child_of_refs": [ "attack-pattern--94e596d2-6844-4031-80c3-8522642aaff8" ], "x_capec_consequences": { "Confidentiality": [ "Read Data" ] }, "x_capec_execution_flow": "
Survey Target: The adversary surveys the target location, looking for exposed display cables and locations to hide an SDR. This also includes looking for display cables or monitors placed close to a wall, where the SDR can be in range while behind the wall. The adversary also attempts to discover the resolution and refresh rate of the targeted display.
Find target using SDR: The adversary sets up an SDR near the target display cable or monitor. They use the SDR software to locate the corresponding frequency of the display cable. This is done by looking for interference peaks that change depending on what the screen is showing. The adversary notes down the possible frequencies of unintentional emission.
Techniques |
---|
An adversary can make use of many different commercially available SDR devices which are easy to setup such as a HackRF, Ubertooth, RTL-SDR, and many others. |
Visualize Monitor Image: Once the SDR software has been used to identify the target, the adversary will record the transmissions and visualize the monitor image using these transmissions, which allows them to eavesdrop on the information visible on the monitor.
Techniques |
---|
The TempestSDR software can be used in conjunction an SDR device to visualize the monitor image. The adversary will specify the known monitor resolution and refresh rate, or if those are not known they can use the provided auto-correlation graphs to help predict these values. The adversary will then try the different frequencies recorded from the experiment phase, looking for a viewing monitor display. Low pass filters and gain can be manipulated to make the display image clearer. |