Jonas Karlsson MCS-2003:13, pp. 16. Inst. för programvaruteknik och datavetenskap/Dept. of Software Engineering and Computer Science, 2003.
There are no public records that give an idea of how much emanation monitoring is actually taking place. However, there are a few data points that lead us to believe there is a real threat. One of these is that TEMPEST industry is over a billion dollars a year business.
Reports like the ”Redefining Security” by Joint Security Commission stated that electronic equipment such as computers, printers, and electronic typewriters give off electromagnetic emanations and that this has long been a concern for various industries. An attacker using the latest and most efficient equipment can monitor and retrieve classified or sensitive information as it is being processed without the user being aware that a loss is occurring. But new information states that the attacker doesn’t need to have access to the latest equipment.
This master thesis is based on the three statements below:
It exists a cheap and simple TEMPEST technique that is a security risk.
A downloadable TEMPEST virus is a powerful tool when conducting TEMPEST attacks.
It does not exist a cheap and simple solution that protects common users from TEMPEST attacks.
In the experiment I use a program called Tempest_for_eliza and a simple Philips radio receiver.
In this thesis I prove that it exist a TEMPEST technique, that is cheap and relatively simple and still is a security risk. I prove this with facts from literature studies and an experiment. Today there is only one way to protect yourself against TEMPEST attacks and that is by metal shielding. This is expensive and home users have the option but not often the resources to finance this type of protection.