Intercepting video signals has long been a technique used in electronic spying, but researchers have now discovered a more advanced and alarming method. A team from Uruguay has demonstrated that it is possible to intercept wireless electromagnetic radiation emitted from an HDMI cable and interpret the video using AI. The findings, published by three scientists from the University of the Republic in Montevideo on Cornell’s ArXiv service and highlighted by Techspot, reveal a new level of vulnerability.
The researchers explain that an AI model can be trained to interpret the minute fluctuations in electromagnetic energy from a wired HDMI signal. Despite HDMI being a wired standard with digital encryption, the emitted electromagnetic signals can be detected without direct access. While detection and decoding are distinct challenges, the team found that an AI model paired with text recognition software could “read” the wirelessly recorded EM radiation with up to 70 percent accuracy.
Though this accuracy is far from perfect, it marks a 60 percent improvement over previous methods and is sufficient to steal sensitive information, such as passwords. The fact that this can be done wirelessly and without physical access to the target computer, even from outside a building, makes it particularly concerning.
The concept of skimming wireless electromagnetic signals for surveillance is not new, known as TEMPEST (Transient ElectroMagnetic Pulse Emanation STandard). This vulnerability has roots in espionage dating back to World War II. However, HDMI cables, with their digital transmission and HDCP encryption, were not previously considered highly susceptible. The researchers’ AI-assisted method, termed “Deep-TEMPEST,” introduces disturbing possibilities.
The team suggests that this technique, or similar ones, may already be in use by state-level spies and industrial espionage agents. While the sophisticated nature of the attack and the proximity requirement make it unlikely to affect regular users, government agencies and large companies with sensitive data should be cautious. EM-shielding measures might be necessary, particularly for employees working from home.