Researchers from the Universidad de la República in Montevideo, Uruguay, have developed a sophisticated eavesdropping method called Deep-Tempest. Utilizing deep learning, this method can decipher HDMI video content from its unintended electromagnetic emissions.
Discovery and methodology
The research team, comprising Santiago Fernández, Emilio Martínez, Gabriel Varela, Pablo Musé, and Federico Larroca, focused on leveraging electromagnetic waves that inadvertently emanate from HDMI cables and connectors. These emissions, while often minimal, can be captured using Software Defined Radio (SDR) technology.
Traditional TEMPEST attacks on digital interfaces like HDMI have been challenging due to complex 10-bit encoding and non-linear signal mapping. Deep-Tempest overcomes these challenges by recasting the eavesdropping problem as an inverse problem and training a deep convolutional neural network (CNN) to reconstruct the original video content from the captured signals.
How Deep-Tempest works
Deep-Tempest utilizes a deep learning module integrated with the GNU Radio framework to analyze and reconstruct images from baseband complex samples obtained via Software Defined Radio (SDR). The system captures unintended electromagnetic emissions from HDMI cables and processes them through SDR hardware, converting the analog signals into digital format for analysis.
Arxiv
Using the GNU Radio toolkit, these digital signals are filtered and synchronized, preserving both magnitude and phase information. The deep learning component, based on the DRUNet architecture, then maps these signals back to the original video content. This architecture effectively handles the inverse problem of image reconstruction, significantly reducing the Character Error Rate (CER) in text recovery by over 60 percentage points compared to previous methods.
The research team developed an extensive dataset comprising both simulated and over 1,000 real captures to train the system. This combination of comprehensive data and advanced neural network design enables Deep-Tempest to produce high-quality reconstructed images from electromagnetic signals, showcasing a substantial advancement in the field of side-channel attacks.
Arxiv
Countermeasures
The potential for HDMI signal eavesdropping presents serious security concerns, particularly for environments handling sensitive or classified information. The feasibility of capturing video content through electromagnetic emissions poses a threat to privacy and data security.
To mitigate the risks posed by Deep-Tempest and similar attacks, several measures can be implemented:
- Use HDMI cables with better shielding to minimize electromagnetic emissions.
- Place physical barriers around cables and connectors to block the leakage of electromagnetic waves.
- Employ signal scrambling techniques to obscure the content being transmitted.
- Introduce low-level noise to the displayed images, which can disrupt the eavesdropping process by altering the signal just enough to degrade the reconstruction quality without affecting the user experience.
- Use color gradients in the background of images, which can significantly alter the HDMI signal and hinder accurate reconstruction.
Arxiv
Deep-Tempest underscores the need for heightened awareness and proactive security measures in critical environments, no matter what connectivity interfaces are used. As eavesdropping techniques become more advanced, leveraging deep learning and SDR technology, the importance of adopting robust countermeasures cannot be overstated.
More details on the Deep-Tempest attack can be found on the technical paper, published earlier on Arxiv.org.
macOS Malware Disguised as The Unarchiver App Steals Keychain Data
Leave a Reply