Covertly intercepting video signals is a very old-fashioned way to go about electronic spying, but a new method discovered by researchers puts a frightening spin on it.
A research team out of Uruguay has found that it’s possible to intercept the wireless electromagnetic radiation coming from an HDMI cable and interpret the video by processing it with AI. Three scientists from the University of the Republic in Montevideo published their findings on Cornell’s ArXiv service earlier this year, as spotted by Techspot.
It’s possible to train an AI model to interpret the tiny fluctuations in electromagnetic energy from the wired HDMI signal, the paper says. Even though it’s a wired standard and it’s usually encrypted digitally, there’s enough electromagnetic signal coming off of these cables to detect without direct access.
Detecting and decoding are two different things, of course. But the researchers also found that using an AI model paired to text recognition software, it’s possible to “read” the wirelessly recorded EM radiation with up to 70 percent accuracy.
Further reading: Hackers are stealing more info than ever. These 4 actions keep you safe
Adam Patrick Murray
Though that’s a long way from a conventional recording, it’s still a 60 percent improvement over previous methods—and it’s more than enough to steal passwords and other sensitive information. It’s even possible to do wirelessly without physical access to a target computer, even from the outside of a building under ideal conditions.
Skimming off wireless electromagnetic signals for surveillance isn’t a new idea. It’s a vulnerability referred to as TEMPEST (Transient ElectroMagnetic Pulse Emanation STandard, a very awkward backronym) with roots in espionage going all the way back to World War II. But as a digital transmission with at least some level of encryption using the HDCP system, HDMI cables weren’t thought to be particularly susceptible to it. The researcher’s AI algorithm-assisted method of attack (which they’re calling “Deep-TEMPEST”) opens up some very disturbing possibilities.
The researchers claim that this system, or functionally identical alternatives, are already being used by state-level spies and industrial espionage agents. The sophisticated nature of the technique and the need to be at least somewhere in the vicinity of the target system means that it’s unlikely to affect regular users. But any government agency or large company with sensitive data should be wary and might want to look into EM-shielding measures—and that goes double for any of their employees who work from home.
Further reading: Beware of these 7 new hacker tricks — and how to protect yourself
Author: Michael Crider, Staff Writer, PCWorld
Michael is a 10-year veteran of technology journalism, covering everything from Apple to ZTE. On PCWorld he’s the resident keyboard nut, always using a new one for a review and building a new mechanical board or expanding his desktop “battlestation” in his off hours. Michael’s previous bylines include Android Police, Digital Trends, Wired, Lifehacker, and How-To Geek, and he’s covered events like CES and Mobile World Congress live. Michael lives in Pennsylvania where he’s always looking forward to his next kayaking trip.
Recent stories by Michael Crider:
Gmail might start offering ‘dummy’ email addresses soonWatch out for fake online stores as Black Friday approachesNew Android malware can hijack bank calls and reroute you to hackers