TEMPEST refers to a technique that is used to eavesdrop on electronic equipment via their unintentional radio emissions (as well as via sounds and vibrations). All electronics emit some sort of unintentional RF signals, and by capturing and processing those signals some data can be recovered. For example the unintentional signals from a computer screen could be captured, and converted back into a live image of what the screen is displaying. We have tutorials on how to do this with a program called TempestSDR available on a previous post of ours.
At the end of their post they perform some experiments like constantly writing data to memory on a PC, and putting the PCs GPU under varying load states. These experiments result in clear RFI bursts and pulsing carriers being visible in the spectrum, indicating that the PC is indeed unintentionally transmitting RF. They note that machine learning could be used to gather some information from these signals.
Thank you to Apostolos for submitting information about his new open source program called "CygnusRFI". CygnusRFI is a tool designed for analyzing radio frequency interference (RFI) with a focus on how it affects satellite ground stations and radio telescopes. We note that in the past we've posted several times about Apostolos' other project called PICTOR, which is an open source radio telescope platform that makes use of RTL-SDR dongles.
Apostolos explains CygnusRFI in the following:
CygnusRFI is an easy-to-use open-source Radio Frequency Interference (RFI) analysis tool, based on Python and GNU Radio Companion (GRC) that is conveniently applicable to any ground station/radio telescope working with a GRC-supported software-defined radio (SDR). In addition to data acquisition, CygnusRFI also carries out automated analysis of the recorded data, producing a series of averaged spectra covering a wide range of frequencies of interest. CygnusRFI is built for ground station operators, radio astronomers, amateur radio operators and anyone who wishes to get an idea of how "radio-quiet" their environment is, using inexpensive instruments like SDRs.
Over on YouTube user Tech Minds has uploaded a video showing how you can determine if you are getting HF interference from a VDSL internet connection going to your house or neighbors. VDSL or Very High Speed Digital Subscriber Line is an internet connection technology that runs over old copper phone wires allowing for a fast broadband connection. The frequencies used by VDSL are between 25 kHz to 12 MHz, and for VDSL2 up to 30 MHz. Unfortunately the frequencies used can result in high amounts of radio interference from RFI radiating from the copper phone lines which is a major problem for HF amateurs and short wave listeners.
In his video Tech Minds uses an SDRplay RSPdx to record a short IQ file of the VDSL interference that he experiences in his home in the UK. He then opens the IQ file in a piece of software called Lelantos, which was developed by a member of the UK amateur radio organization RSGB. If a VDSL signal is present, this tool will determine various bits of information about the interference, and will give you enough information to make a complaint to OFCOM, the UK's radio communications regulator.
All electronic devices emit some sort of unintentional RF signals which can be received by an eavesdropping radio. These unintentional signals are sometimes referred to as TEMPEST, after the NSA and NATO specification which aims to ensure that electronic devices containing sensitive information cannot be spied upon through unintentional radio emissions, sounds or vibrations. TEMPEST can also refers to the opposite, which is spying on unsecured electronic devices by these means.
In their experiments they set up an AES implementation on an FPGA, and used a simple wire loop antenna and RTL-SDR to measure and record the RF emissions. By then doing some analysis on the recorded signal they are able to fairly easily extract the AES encryption key, thus defeating the encryption.
Further testing in an anechoic chamber showed that with a discone antenna they were able to recover the keys from up to a meter away. A directional antenna could probably reach even further distances.
In the past we’ve seen a similar attack using a Funcube dongle, which is an SDR similar to the RTL-SDR. In that attack they were able to remotely recover encryption keys from a laptop running GnuPC. Also, somewhat related is Disney’s EM Sense which uses an RTL-SDR to identify electronic devices by their RF emissions.
The differences in generated noise probably come from the fact that the iMac is probably much better shielded with an aluminum case and that they have high build quality standards for their monitors. The author suggests that an alternative to using an iMac could be to build your own PC, ensuring that dual chamber metal enclosures are used, which ensures that the power supply is isolated in its own separate steel compartment.
Over on YouTube user Ejo Schrama has uploaded a short video showing a demonstration of radio frequency interference (RFI) from various Arduino based devices he’s built. The interference comes from the local oscillators within the devices which are common to many electronic devices. He writes in the video description:
RFI simply means that there is a part in the radio spectrum that we wouldn’t like to see, it is usually unintentionally caused by devices around us (computers, televisions, radios, clocks, watches, etc etc) that carry local oscillators which are low power transmitters. Sometimes it is caused by illegal transmissions, so a deliberate action.
The oscillators of devices around us oftentimes feed digital circuits, sine wave become block wave, as a result higher order harmonics of the block wave pollute the spectrum. If your receiver is sensitive enough then you will pick up the RFI at some point.
In this video I’m two meter away from an antenna and I tuned the receiver to 48 MHz which is the 3rd harmonic of the 16 MHz oscillator used by all nearby Arduino experiments. Lets see what the spectrum does by turning on and off some arduino’s. The worst RFI generator was a 16 MHz atmel 328p multiplexing four 7-segment LEDs displaying the value of a IR temperature sensor. But also a nearby clock experiment clearly caused some RFI.
The receiver that I used was an airspy, and I’ve put the decimation factor high enough to get some resolution in the spectrum. The frequency offset between the different arduino’s is clearly visible. This is caused by the fact that cheap quartz oscillators are used, their accuracy is usually around 100 ppm, and this mostly determines a frequency bias.
Nowadays it is very difficult to clean up your local shortwave spectrum. For this reason reception conditions under 30 MHz and even 2 meter nowadays face the RFI problem. Only when we go to UHF frequencies like 430 MHz, better known as the the 70 cm amateur band, the RFI problem sort of disappears, apparently because higher harmonics have become insignificant.
I do not think that a lot of effort is put into keeping LW, HF but also VHF spectra clean, the worst violators are usually tracked down but only when many listeners start to complain.
To reduce RFI, the tip recommends disconnecting the shield connection of the USB cable from the ground connection of the RTL-SDR dongle. This overcomes a design flaw in the RTL-SDR which allows the shield of the USB extension cable to act as an antenna, causing unwanted RFI.
What Akos did was to remove the metal part of the USB extension cables connector to prevent any ground connection. This already reduced an interfering signal by 10dB. He also found that wrapping the connection point in foil further reduced the noise. Connecting coax to the ground then coiling it up and putting the RTL-SDR in the center of the coil also appears to significantly reduce RFI.
Update: Akos has also tried using ferrite chokes on the USB cable, and also found they significantly reduce interference.