Over on his blog SQ5BPF has been documenting a TEMPEST experiment where he's been able to transmit data via RF being leaked from a Raspberry Pi's Ethernet connection. The idea was born when he found that his Raspberry Pi 4 was leaking a strong RF signal at 125 MHz from the Ethernet cable. He went on to find that it was easy to turn a tone on and off simply changing the Ethernet link speed with the "ethtool" command line tool. Once this was known it is a simple matter of creating a bash script to generate some morse code.
Quite amazingly the Ethernet RF leakage is very strong. With the Raspberry Pi 10 meters away, and a steel reinforced concrete wall in between, SQ5BPF was able to receive the generated morse code via an RTL-SDR connected to a PC. Further experiments show that with a Yagi antenna he was able to receive the signal from 100 meters away.
His post explains some further experiments with data bursting, and provides links to the scripts he created, so you can try this at home.
Update - SQ5BPF also notes the following:
The leakage differs a lot with the hardware used. The Raspberry Pi 4 is exceptional and also allows to switch the link speed quickly, so was a nice candidate for a demo, but other hardware works as well.
The first tests were done on some old laptops I had laying around, and they leak as well. Maybe someday I will publish this, but everyone of them behaves differently.
Etherify 1 demo receiving via SDR and decoding via fldigi
Over on YouTube user SignalSearch has uploaded a video showing how he uses an active magnetic loop antenna indoors to identify local noise sources. Magnetic loop antennas are directional, meaning that they receive best when pointing towards a signal. This means that they also receive noise better when pointed at a noise source. In the video SignalSearch uses a W6LVP receive loop antenna and demonstrates noise being emitted from his lightbulb, and from a plug in Ethernet over powerline adapter, which are known to be huge sources of HF noise.
If you are interested in the noise produced by these Ethernet over powerline adapters then we did a previous post on this problem over here.
Using an Active Receive Loop Indoors & utilizing Software Defined Radio to identify noise sources
Over on our YouTube channel we’ve uploaded a new video that shows how bad the interference from Ethernet over Power devices can be. Ethernet over Power, Powerline Networking, Powerline Communications or ‘HomePlug’ is a technology that allows you to use any of your household power outlets as an internet Ethernet port, completely eliminating the need for runs of Ethernet cabling. They are capable of high speeds and can be used anywhere in the house assuming the two plugs are on the same power circuit.
Unfortunately these devices tend to wipe out almost the entire HF spectrum for anyone listening nearby. As household powerline cables are not shielded for RF emissions they radiate in the HF spectrum quite heavily. In the video we demonstrate what the HF spectrum looks like with one of these devices used in the house. The particular device used was a TP-Link brand adapter, and a WellBrook Magnetic Loop antenna was used outdoors, with the null facing the house. An Airspy R2 with SpyVerter was used to view the spectrum.
The video shows that even when the network is idling there are several brief bursts of noise all over the spectrum. Then when a file is downloaded almost the entire spectrum is completely wiped out.
Interestingly from the video it appears that the amateur radio frequencies are actually carefully notched out and those frequencies remain relatively clean. Most manufacturers of these devices appear to have worked with the ARRL to please ham radio enthusiasts, but SWLers will likely be in trouble if any of these devices are used in your house or neighbors house.
How Ethernet/Internet over Powerline Can Wipe out the HF Band