Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel

TL;DR

This paper demonstrates a novel electromagnetic side-channel attack on mobile device screens using SDRs and deep learning to reconstruct sensitive information without visual access, highlighting security risks and potential defenses.

Contribution

It introduces the screen gleaning TEMPEST attack, combining electromagnetic signal capture with deep learning to read screen content remotely, and provides a testbed for evaluating such attacks.

Findings

Successfully reconstructed security codes from electromagnetic signals

Deep learning classifiers effectively interpret emages

Attack feasibility increases with SDR and deep learning advancements

Abstract

We introduce screen gleaning, a TEMPEST attack in which the screen of a mobile device is read without a visual line of sight, revealing sensitive information displayed on the phone screen. The screen gleaning attack uses an antenna and a software-defined radio (SDR) to pick up the electromagnetic signal that the device sends to the screen to display, e.g., a message with a security code. This special equipment makes it possible to recreate the signal as a gray-scale image, which we refer to as an emage. Here, we show that it can be used to read a security code. The screen gleaning attack is challenging because it is often impossible for a human viewer to interpret the emage directly. We show that this challenge can be addressed with machine learning, specifically, a deep learning classifier. Screen gleaning will become increasingly serious as SDRs and deep learning continue to rapidly advance. In this paper, we demonstrate the security code attack and we propose a testbed that provides a standard setup in which screen gleaning could be tested with different attacker models. Finally, we analyze the dimensions of screen gleaning attacker models and discuss possible countermeasures with the potential to address them.