blocking remote surveillance of monitor/keyboard signals?
 

For the truly paranoid: A CS instructor once told me that it is possible to remotely monitor the output of a computer monitor or keyboard with an antenna - by picking up and translating the signals emitted by the equipment. Since then, I have seen this idea used in an episode of Numbers, in which such a device was used to spy on a programmer's computer activity even though he had firewalls, etc. which would have made a real hacking attempt very difficult.

Do such surveillance devices exist? How difficult are they to use? What kind of range do they have? Is it possible to block pre-emptively such surveillance by the use of another device?: I.e., a device that emits interference signals at the same frequencies?

Spying using the radio emissions of computer displays is often called Van Eck Phreaking after a paper on the subject by Wim van Eck, there's a Wikipedia entry on it which gives some details.
The military have a set of specifications called TEMPEST regarding sheilding against this type of thing.
Depending on tho you beleive this kind of surveilance is either pretty easy or quite difficult -- the succesful demonstrations I've heard about tend to use known target hardware in lab conditions so I have no idea about real-world use.
There is also something I've seen referred to as "Optical TEMPEST" which uses cameras to capture reflections of computer screens then reconstructs them.
There have been demonstrations using microphones too to listen for which keys are being pressed, with some success I beleive.

Up to a point, this is true. If, for example, you knew that someone pressed the 'Q' key, would that help a lot (without, for example, knowing where on the screen it went, which screen the user was looking at, which program the user was using? Further, if you didn't really know that the user pressed a Q, but only that there was an 80 or 95% probability that the key pressed was Q, would that be all that helpful?

This still leaves a relatively high probability that you could get a log in password (quiet-quiet-quiet-qwerty-noisy-noisy-noisy-etc-quiet-quiet-quiet-qwerty has a high probability of meaning that the user types qwerty at the start of their active period, and knowing the log in password could be something that you might be trying to do).

That's no indication of anything other than some people who don't don't know anything about it thought that it sounded good as a plot point.

Depends massively on conditions and error rate that you are prepared to tolerate, but you should be able to achieve 1 cm under all conditions :D Actually, a few metres may often be achievable, and, if you are prepared to use a very, very apparent receiver (imagine a receive antenna of a couple of metres in diameter) you should be easily able to quadruple that.

Let me also point out that you have missed a big point that you should have queried. What chance is there that a piece of snooping equipment optimised for one computer and set of conditions will work with a completely different computer.

No, probably not.

Yes and no.

Possible, yes, but you may not be able to legally operate such a device, depending on location and whether you prepared to ignore legal niceties.

Usually, the tin foil hat brigade (the tin foil hat goes on the computer this time, and, for once, actually does something other than just reflect light) suggests a tin foil hat at this point. Nice, but the idea that tin foil really suppresses all the emissions is wildly mistaken. It can be done, to an extent, but go off and buy a 'tempested' computer from a military supplier. You might ask about it, but once you hear the price, you won't buy.

The 'same frequencies' bit is problematic, because, to a greater or lesser extent, that's all frequencies. Some frequencies contain zero information, some contain information of limited utility (eg, is the laptop charging its battery? is the fan on? for most people, having other people know those things isn't something that they care all that much about spending money to avoid, but, if you are a three letter agency, you might wisj to take another view) and some could conceivably be deciphered. You'll need to do the research on the particular target computer to know which frequencies are which.

Probably, there are easier ways of achieving the original objective, but that doesn't put it beyond possibility.

That Wikipedia article was very helpful. In the final section they mentioned one countermeasure approach which was to scramble the signal by the randomizing the least significant bit of the video output. This seems like an inexpensive approach, since it could be implemented in software. However, they did not provide a reference to any kind of implementation. I wonder how difficult it would be to implement that in Gnu/Linux, or if anyone has already implemented it.

I've not looked into this kxind of thing much recently so I don't know whether anyone has tried the software approach. It wouldn't surprise me if somebody had though as there are always people trying these things out.

nowadays the electromagnetic signals that are caused by typing on your keyboard are almost nothing... make sure your tv is on when you're typing and there is no way to use that technique. There are other ways that are much easier tho... spy camera's are much easier or just putting a sniffing device between your keyboard and computer.

Please point to an authoritative document that supports your claim?

okay, I just got a bit more paranoid! http://infoscience.epfl.ch/record/140523/files/VP09.pdf is a study that shows that modern keyboards can be used for this purpose. I do stand by my previous statement that it's hard to use the techniques if the SNR is too low (adding noise by turning on tv or something like that) It is however possible to use a wide variety of techniques to eavesdrop key presses. Proper shielding could prevent this from happening.

see http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf for more on the eavesdropping of RF signals.

@unSpawn thanks for challenging my aparently wrong beliefs. It's not something that's easy to do but it CAN be done.

I think the way around the signal to noise ration is that the keyboard sends out recognisable pulses at frequencies not commonly generated by other devices.
I still get the feeling nobody has really demonstrated this "in the field" but it's still within the realms of possibility.

This is as close as in the field gets tho:
http://lasecwww.epfl.ch/keyboard/vid...-640-sound.avi

That's one I've not seen before, thanks.
Time to buy a personal SCIF room then...

or buy 2 keyboards and a monkey that keeps pressing buttons?

:D Yes, or that. You might even end up with some Shakespear or, at least, some Dan Brown.

Please keep the thread on topic, TIA.

That actually was on topic, I mean if you are able to generate some random noise that mimics these electromagnetic pulses you have a pretty random input that can be used to hide passwords with as well...