Skip to main content
SpringerLink
Log in

High Data Throughput Exfiltration Through Video Cable Emanations

  • Conference paper
  • First Online:
Critical Information Infrastructures Security (CRITIS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13723))

  • 343 Accesses

Abstract

The present work investigates the feasibility to exfiltrate a large amount of data from a computer by leveraging the unintended electromagnetic emanations of an HDMI cable to reconstruct its content. The low signal strength and noise of the leaked signals make difficult to recover any useful information, particularly when the content information is text based, since it suffers from low readability. We consider a targeted attack in which malicious software executed inside the victim’s machine encodes the desired information into QR codes, which are then modulated on the HDMI cable and in turn received and reconstructed by the attacker. The efficiency of this method is evaluated under practical conditions showing that the system is capable of achieving a data exfiltration rate up to 12.67 Kbps under optimal conditions or 2.08 Kbps at 50 m distance. To the best of our knowledge, these results outperform, in terms of distance range and exfiltration rate, previous work in the field of electromagnetic leakage from the literature.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Amplifier Datasheet. https://www.minicircuits.com/pdfs/ZX60-3018G+.pdf. Accessed 12 Aug 2020

  2. Ettus USRP B210. https://www.ettus.com/all-products/ub210-kit/. Accessed 12 Aug 2020

  3. Filter Datasheet. https://www.minicircuits.com/pdfs/ZX75BS-88108+.pdf. Accessed 14 Aug 2020

  4. Python-qrcode. https://github.com/lincolnloop/python-qrcode. Accessed 12 Aug 2020

  5. PyZbar. https://github.com/NaturalHistoryMuseum/pyzbar. Accessed 12 Aug 2020

  6. QR Code Tutorial. https://www.thonky.com/qr-code-tutorial/. Accessed 12 Aug 2020

  7. Agency, N.S.: National Security Agency Specification For Shielded Enclosures Specification NSA No. 94106 (1994)

    Google Scholar 

  8. Agency, U.N.S.: TEMPEST: A signal problem (1972)

    Google Scholar 

  9. Assurance, N.I.: Tempest equipment selection process (1981)

    Google Scholar 

  10. Chaman, A., Wang, J., Sun, J., Hassanieh, H., Roy Choudhury, R.: Ghostbuster: detecting the presence of hidden eavesdroppers. In: Proceedings of the 24th Annual International Conference on Mobile Computing and Networking, pp. 337–351. MobiCom 2018, Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3241539.3241580

  11. Clark, A., Zhu, Q., Poovendran, R., Başar, T.: An impact-aware defense against Stuxnet. In: 2013 American Control Conference, pp. 4140–4147 (2013)

    Google Scholar 

  12. Erik Thiele: Tempest For Eliza. http://www.erikyyy.de/tempest/ (2001). Accessed 12 Aug 2020 (2001)

  13. Gugelmann, D., Sommer, D., Lenders, V., Happe, M., Vanbever, L.: Screen watermarking for data theft investigation and attribution, pp. 391–408 (2018). https://doi.org/10.23919/CYCON.2018.8405027

  14. Guri, M., Kedma, G., Kachlon, A., Elovici, Y.: Airhopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies. In: 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE), pp. 58–67 (2014)

    Google Scholar 

  15. Guri, M., Monitz, M.: LCD tempest air-gap attack reloaded. In: 2018 IEEE International Conference on the Science of Electrical Engineering in Israel (ICSEE), pp. 1–5 (2018). https://doi.org/10.1109/ICSEE.2018.8646277

  16. Guri, M., Monitz, M., Mirski, Y., Elovici, Y.: BitWhisper: covert signaling channel between air-gapped computers using thermal manipulations. In: 2015 IEEE 28th Computer Security Foundations Symposium, pp. 276–289 (2015). https://doi.org/10.1109/CSF.2015.26

  17. Guri, M.: AIR-FI: Generating covert WI-FI signals from air-gapped computers (2020)

    Google Scholar 

  18. Guri, M.: Air-viber: Exfiltrating data from air-gapped computers via covert surface vibrations (2020)

    Google Scholar 

  19. Guri, M., Bykhovsky, D., Elovici, Y.: Brightness: Leaking sensitive data from air-gapped workstations via screen brightness. 2019 12th CMI Conference on Cybersecurity and Privacy (CMI) (2019). https://doi.org/10.1109/cmi48017.2019.8962137

  20. Guri, M., Kachlon, A., Hasson, O., Kedma, G., Mirsky, Y., Elovici, Y.: GSMem: data exfiltration from air-gapped computers over GSM frequencies. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 849–864. USENIX Association, Washington, D.C. (2015). https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/guri

  21. Guri, M., Zadov, B., Bykhovsky, D., Elovici, Y.: Powerhammer: Exfiltrating data from air-gapped computers through power lines (2018)

    Google Scholar 

  22. Guri, M., Zadov, B., Daidakulov, A., Elovici, Y.: ODINI: escaping sensitive data from faraday-caged, air-gapped computers via magnetic fields (2018)

    Google Scholar 

  23. Hanspach, M., Goetz, M.: On covert acoustical mesh networks in air (2014)

    Google Scholar 

  24. Hanspach, M., Goetz, M.: Recent developments in covert acoustical communications. In: Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI), pp. 243–254 (2014)

    Google Scholar 

  25. Kuhn, M.: Compromising emanations: eavesdropping risks of computer displays (2004)

    Google Scholar 

  26. Kuhn, M.G.: Compromising emanations: eavesdropping risks of computer displays, Ph. D. thesis, Technical Report Number 577. University of Cambridge (2003)

    Google Scholar 

  27. Kuhn, M.G.: Electromagnetic eavesdropping risks of flat-panel displays. In: Martin, D., Serjantov, A. (eds.) Privacy Enhancing Technologies, pp. 88–107. Springer, Berlin Heidelberg, Berlin, Heidelberg (2005). https://doi.org/10.1007/11423409_7

    Chapter  Google Scholar 

  28. Kuhn, M.G., Anderson, R.J.: Soft tempest: hidden data transmission using electromagnetic emanations. In: Aucsmith, D. (ed.) Inf. Hiding, pp. 124–142. Springer, Berlin Heidelberg, Berlin, Heidelberg (1998). https://doi.org/10.1007/3-540-49380-8_10

    Chapter  Google Scholar 

  29. Larimer, J.: An inside look at Stuxnet. IBM X-Force, pp. 1–37 (2010)

    Google Scholar 

  30. Lynn, F.: Defending a new domain: The pentagon’s cyberstrategy. Foreign Affairs 2010, 13 (2010)

    Google Scholar 

  31. Marinov, M.: Remote video eavesdropping using a software defined radio platform, Ph. D. thesis, MA thesis. University of Cambridge (2014)

    Google Scholar 

  32. van Eck, W.: Electromagnetic radiation from video display units: an eavesdropping risk? Comput. Secur. 4(4), 269–286 (1985). https://doi.org/10.1016/0167-4048(85)90046-X. http://www.sciencedirect.com/science/article/pii/016740488590046X

Download references

Author information

Authors and Affiliations

  1. Armasuisse Science and Technology, Cyber-Defence Campus, Thun, Switzerland

    Llorenç Romá Álvarez, Daniel Moser & Vincent Lenders

Authors
  1. Llorenç Romá Álvarez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Moser
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vincent Lenders
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Llorenç Romá Álvarez .

Editor information

Editors and Affiliations

  1. Lucerne University of Applied Sciences, Lucerne, Switzerland

    Bernhard Hämmerli

  2. Universität der Bundeswehr München, Neubiberg, Germany

    Udo Helmbrecht

  3. Universität der Bundeswehr München, Neubiberg, Germany

    Wolfgang Hommel

  4. Universität der Bundeswehr München, Neubiberg, Germany

    Leonhard Kunczik

  5. Universität der Bundeswehr München, Neubiberg, Germany

    Stefan Pickl

A QR Code Capacities

A QR Code Capacities

The following table shows the maximum capacity of different QR code versions using ECL levels L and H and for the different modes. We omitted the capacities for levels M and Q, and we just included a limited number of versions. For more details about the capacities of each version we suggest [6].

Table 4. Modules and capacities of different QR code versions for ECL L and H when using different modes.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Álvarez, L.R., Moser, D., Lenders, V. (2023). High Data Throughput Exfiltration Through Video Cable Emanations. In: Hämmerli, B., Helmbrecht, U., Hommel, W., Kunczik, L., Pickl, S. (eds) Critical Information Infrastructures Security. CRITIS 2022. Lecture Notes in Computer Science, vol 13723. Springer, Cham. https://doi.org/10.1007/978-3-031-35190-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35190-7_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35189-1

  • Online ISBN: 978-3-031-35190-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation