Re: [escepticos] Sobre "optical tempest"

[Enrique Reyes <conen@...>]

Hola,

maria folco wrote:
> 
> >       Sobre este tema, acabo de encontrar una página interesante de
> >la Universidad
> >de Cambridge, que además describe una técnica para leer monitores a distancia
> >(aparte de la clásica de las señales de radiofrecuencia).
> >
> >       http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html
> >
> >
> >
> >       Borja.
> 
> Borja, ya veo que tienes tiempo para escribir... ¿Que tal el
> experimentito, lo lograste?

Bueno, como parece que el link no suscitó mayor comentario, peguemos la
información pertinente:

Q: What about LEDs? 

For devices with RS-232 serial ports, it is customary to provide a
status indicator LED for some of the signal lines (in particular
transmit data and receive data). OFTEN, these LEDs are DIRECTLY
CONNECTED to the line via just a resistor. 
*********
As a result, anyone with a line of sight to the LED, some optics and a
simple photosensor can see the data stream.
*********
Joe Loughry and David A. Umphress have recently announced a detailed
study (submitted to ACM Transactions on Information and System Security)
in which they tested 39 communications devices with 164 LED indicators,
and on 14 of the tested devices they found serial port data in the LED
light. Based on their findings, it seems reasonable to conclude that
LEDs for RS-232 ports are most likely carrying the data signal today,
whereas LEDs on high-speed data links (LANs, harddisk) do not.
Nevertheless, these LEDs are still available as a covert channel for
malicious software that actively tries to transmit data optically. 

I expect that this paper will cause a number of modem manufacturers to
add a little pulse stretcher (monostable multivibrator) to the LEDs in
the next board revision, and that at some facilities with particular
security concerns, the relevant LEDs will be removed or covered with
black tape. 

The data traffic on LEDs is not a periodic signal, and therefore, unlike
with video signals, periodic averaging cannot be used to improve the
signal-to-noise ratio. The shot-noise limit estimation technique that I
used to estimate the CRT eavesdropping risk can even more easily
(because no deconvolution is needed) also be applied to serial port
indicators and allows us to estimate a lower bound for the bit-error
rate at a given distance. I have performed a few example calculations
and concluded that with a direct line of sight, and a 100 kbit/s signal
(typical for an external telephone modem), at 500 m distance it should
be no problem to acquire a reliable signal (one wrong bit every 10
megabit), whereas for indirect reflection from the wall of a dark room,
a somewhat more noisy signal (at least one wrong bit per 10 kilobit) can
be expected to be receivable in a few tens of meters distance. 



Me he permitido poner alguna mayúscula y resaltar una frase. El último
párrafo es interesante, porque este señor hace unas estimaciones a
partir de su experiencia midiendo pulsos de luz a distancia (por cierto,
muy curioso lo de leer un monitor por el reflejo en una pared, aunque
claro, es una magufada, seguro) y su conocimiento de leds y modems,
claro. Hay que recalcar que es otro experto en el campo este, aparte de
los dos autores del artículo de marras y María Folco claro. Parece que
la opinión mayoritaria es que si se puede. Vaya... pero claro este tipo
está loco. ¡Pretende leer el led a través de su reflejo en la pared! qué
magufada! eso es imposible!

Saludos,

Enrique Reyes

P.D.: Gracias por el enlace Borja. Muy interesante




---------
Deseo proponer a la favorable consideración del lector una doctrina que,
me temo, podrá parecer desatinadamente paradójica y subversiva. La
doctrina en cuestión es la siguiente: no es deseable creer una
proposición cuando no existe fundamento para suponer que sea cierta.

Bertrand Russell
---------