Wim van Eck, an electronics research scientist in the Netherlands, showed the world in the 1980s that it was possible to steal the words being typed on a computer, from a distance. He used relatively inexpensive equipment to decode the radio frequency emissions of the monitor.

These techniques allow industrial spies to take information from terminals and workstations without the risk of physically wire tapping.

Van Eck phreaking is named after Wim Van Eck, who published a report in January 1983 entitled "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?". The report detailed methods used in reconstructing the picture on a black and white television from emitted radiation.

The principles described in the report are still applicable to most modern televisions and monitors, as they use the same technology.

The central component of a monitor or television is the cathode ray tube (CRT). Simply speaking, the CRT is an electron gun firing electrons through magnetic fields generated by electromagnets in a near-vacuum, to hit the inside of the screen, which is coated with the phosphor5 that emits a dot of light when struck by electrons1. The electron beam is guided by two magnetic fields - one for the horizontal, and one for the vertical.

The horizontal field strength oscillates in a saw tooth pattern many times per second:

 /| /| /| /| /| /| /|
/ |/ |/ |/ |/ |/ |/ | and so on.

The stronger the horizontal magnetic field being generated, the further to the right the electron beam is steered. The strength rises, causing the electron gun to draw a line across the screen, and then falls back down to zero - for the next line, one row down. The time taken for one line to be drawn is called the ''horizontal retrace interval''.

The vertical field increases in a step pattern, each increase being equivalent to one line. It changes at a slower rate than the horizontal. This is the rate of increase over time in scanlines:

1     __    __    __    __
     |  |  |  |  |  |  |  |
0   _|  |__|  |__|  |__|  |_  and so on, until one vertical scan has been completed

The stronger the vertical magnetic field being generated, the further down the electron beam travels. In one vertical cycle, one complete screen has been drawn. The time taken for this to take place is called the ''vertical retrace interval''. The combination of the two magnetic fields guide the electron gun over the inside of the screen, back and forth, then down a little, back and forth, etcetera, until the bottom of the screen is reached and it's time to start again at the top.

The actions of the horizontal and vertical electromagnets are governed by the synchronisation signal, which is either generated by the television/monitor, or included in the TV signal received.

The electron gun that generates the dots on the screen does not fire continuously; otherwise you would see a white screen and nothing else. Instead, it fires on command of the video signal, which instructs the electron gun of the precise moments at which to fire.

This is how a basic black and white television works. In colour CRTs, the principles are the same, except the one electron gun* creates three different types of dot - one each for the primary colours, red, green, and blue.

Now, whenever you get an alternating current (AC) in a wire, it emits radiation. Tune a radio receiver to the frequency of your power2 and you can hear it.

Computers, and almost all modern electronics, have many wires and circuit boards containing voltage flipping from zero to, for example, five volts and back again at a very high frequency. The high switching frequencies combined with the square wave signals used by all digital equipment means that computers are always emanating radiation at high frequencies - from HF (High Frequency)3 amplitude to SHF(Super High Frequency)4 and beyond.

Theoretically this makes it possible to record emissions from any piece of computer equipment and reconstruct the information it is processing. Practically speaking, this is not possible outside of a laboratory environment, except in special circumstances.

However, monitors are different. CRTs have much stronger signals because the voltages used to fire and steer the electrons are often between 10 and 25kV**, in order to generate a strong enough magnetic field to fire electrons at the surface of the screen. This means that the emissions from a monitor are more powerful than those generated by normal computer circuitry. In addition, CRTs normally operate at predictable frequencies - between 60 and 100 Hertz for the vertical retrace interval.

It is possible to discover the vertical retrace interval fvert because the electron gun is silent during ''vertical flyback'' - while the electromagnets switch to direct the electron beam from the bottom to the top of the monitor. This leaves large periodic gaps in the transmissions from the electron gun. Smaller gaps are present during the ''horizontal flyback'' - when the beam moves from the right back to the left of the screen. The horizontal retrace interval fhor is almost always directly related to the horizontal retrace interval by the following equation, where k is the number of lines being displayed:

fhor = k  fvert

The demonstration in the report mentioned above was done using commercially available equipment. Although this was done in laboratory conditions, tests showed that the radio emissions from standard televisions could be received from hundreds of metres away, and, in some cases, distances of up to one kilometre.

Wim Van Eck deliberately made two omissions from the report - firstly the circuit diagram for the equipment used, and secondly the method used in synchronizing the retrace intervals with the emissions of the electron gun. Van Eck felt that the purpose of the report was to educate people of the risks, and not to provide a means of spying on people.

The governmental organisations of the world have been aware of the potential intelligence aspects of Van Eck Phreaking for quite some time. In the USA, the NSA have the NACISM 5100A Tempest Standard, which is responsible for controlling emanations from sensitive or classified computer installations. NATO has a similar program by the name of "AMSG 720B Compromising Emanations Laboratory Test Standard".


*: Thanks to mordel for clearing this up.
**: Thanks to jasstrong for the corrections.
1: One dot is not one pixel except on poor-quality televisions.
2: The mains power has a frequency of roughly 50 Hertz in Europe.
3: High Frequency (or HF) is classified as 106 - one megahertz.
4: Super High Frequency (SHF) is classified as 109 - one gigahertz.
5: The phosphor of a CRT is not the chemical element phosphor, except in extremely old black and white televisions. The phosphor of a colour CRT consists of three distinct coating types, one for each primary colour. Each coating is generally a zinc or cadmium sulphide, doped with more exotic chemicals to determine the colour. The standard chemicals used in normal CRTs are listed on page 3 of http://www.cl.cam.ac.uk/~mgk25/ieee02-optical.pdf.

Sources:
http://www.cl.cam.ac.uk/users/rja14
http://www.noradcorp.com/2tutor.htm
http://www.eskimo.com/~joelm/tempestsource.html
http://www.shmoo.com/tempest
http://www.cs.nps.navy.mil/curricula/tracks/security/AISGuide/navch16.txt


23 August 2001: corrected the square wave labelling & explanation. It was wrong.
18 September 2001: corrected 'tune a transmitter' when I meant receiver (cringe) that was stupid.
Also corrected formula explanation.
7 March 2002: Electron guns in colour CRTs clarified, see footnote.

Log in or register to write something here or to contact authors.