Information Leakage from Optical Emanations
Joe Loughry, David A. Umphress
TL;DR
This paper uncovers a new form of optical emanation from LED indicators on communication devices that can be exploited remotely to intercept sensitive data, posing significant security risks.
Contribution
It introduces the concept of optical TEMPEST attacks, provides a taxonomy of such emanations, and proposes design modifications to prevent these vulnerabilities.
Findings
Optical signals from LEDs can carry sensitive data.
Attacks are feasible at a distance without physical access.
Many devices like modems and routers are vulnerable.
Abstract
A previously unknown form of compromising emanations has been discovered. LED status indicators on data communication equipment, under certain conditions, are shown to carry a modulated optical signal that is significantly correlated with information being processed by the device. Physical access is not required; the attacker gains access to all data going through the device, including plaintext in the case of data encryption systems. Experiments show that it is possible to intercept data under realistic conditions at a considerable distance. Many different sorts of devices, including modems and Internet Protocol routers, were found to be vulnerable. A taxonomy of compromising optical emanations is developed, and design changes are described that will successfully block this kind of "Optical TEMPEST" attack.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.