Researchers in Uruguay have uncovered a way for hackers to use AI to snoop on what’s shown on your display by intercepting leaked electromagnetic radiation from the cable between your computer and monitor. They say such attacks are probably already happening, but home PC users don’t have much to worry about. The attacks can be done through multiple methods, including by using antennas placed outside a building to intercept signals from HDMI cables.
The spying is done by intercepting the electromagnetic radiation that leaks from your computer’s HDMI cable. Such snooping was much easier in the days of analog video signals, they say, because the digital transmission used for high-definition video is much more complex.
More complex, but that doesn’t mean the task is impossible. According to Federico Larroca at the University of the Republic in Uruguay, he and his team have developed an AI model that can reconstruct digital signals from leaked signals several meters away.
The U.S. National Security Agency (NSA) and NATO call these sorts of attacks TEMPEST attacks. The NSA’s TEMPEST standards (PDF) mandate protections to prevent electromagnetic radiation that hackers might intercept and interpret.
Using a method similar to the one Larroca’s team developed, hackers could snoop on a screen as the user entered encrypted messages, banking log-ins, or other personal information. The hackers could, the team says, intercept the signals even standing outside the building with an antenna. They could also plant a small device that captures the signals and either transmits the data or someone recovers it physically.
The researchers trained the AI model using a set of matching original and intercepted signals. Then, they used text recognition software on the recovered image and compared it to the original screen Image. In their testing, the eavesdropping process misinterpreted approximately 30% of the characters. The team says that the error rate is low enough that humans could still read most of the text accurately.
What’s concerning is that such attacks are growing more successful. The previous state-of-the-art attack method was about 60% more prone to errors than the one Larroca’s team has devised. The silver lining is that Larroca doubts the average home or small business computer user needs to worry about it.
Instead, Larroca believes such attacks are already happening, but only in highly sensitive industrial or government settings. In these cases, entire buildings are often shielded from electromagnet signals to prevent such security breaches. “Governments are worried about this, but I wouldn’t say that the normal user should be too concerned,” Larroca said. “But if you really care about your security, whatever your reasons are, this could be a problem.”