A newly-discovered technique combines wireless EM monitoring and AI algorithms to “read” text on a victim’s screen, and it’s already being used in the wild.
Covertly intercepting video signals is a very old-fashioned way to go about electronic spying, but a new method discovered by researchers puts a frightening spin on it.
A research team out of Uruguay has found that it’s possible to intercept the wireless electromagnetic radiation coming from an HDMI cable and interpret the video by processing it with AI. Three scientists from the University of the Republic in Montevideo published their findings on Cornell’s ArXiv service, spotted by Techspot.
According to the paper, it’s possible to train an AI model to interpret the tiny fluctuations in electromagnetic energy from the wired HDMI signal. Even though it’s a wired standard and it’s usually encrypted digitally, there’s enough electromagnetic signal coming off of these cables to detect without direct access.
Detecting and decoding are two different things, of course. But the researchers also found that using an AI model paired to text recognition software, it’s possible to “read” the wirelessly recorded EM radiation with up to 70 percent accuracy.
Though that’s a long way from a conventional recording, it’s still a 60 percent improvement over previous methods—and it’s more than enough to steal passwords and other sensitive information. It’s even possible to do wirelessly without physical access to a target computer, even from the outside of a building under ideal conditions.
Skimming off wireless electromagnetic signals for surveillance isn’t a new idea. It’s a vulnerability referred to as TEMPEST (Transient ElectroMagnetic Pulse Emanation STandard, a very awkward backronym) with roots in espionage going all the way back to World War II. But as a digital transmission with at least some level of encryption using the HDCP system, HDMI cables weren’t thought to be particularly susceptible to it. The researcher’s AI algorithm-assisted method of attack (which they’re calling “Deep-TEMPEST”) opens up some very disturbing possibilities.
The researchers claim that this system, or functionally identical alternatives, are already being used by state-level spies and industrial espionage agents. The sophisticated nature of the technique and the need to be at least somewhere in the vicinity of the target system means that it’s unlikely to affect regular users. But any government agency or large company with sensitive data should be wary and might want to look into EM-shielding measures—and that goes double for any of their employees who work from home.