In 1985, Dutch computer scientist Wim Van Eck published a proof of concept detailing a frightening new kind of eavesdropping. Using nothing more than a television and $15 worth of equipment, he was able to eavesdrop on a computer system several hundred meters away. He required neither physical access to the system nor remote access to the network on which it operated.
This attack vector came to be known as Van Eck Phreaking, and it’s still present to this day. Modern LCD displays emit electromagnetic radiation as well, and as such are just as vulnerable as old-style CRTs. The good news is that the equipment requires costs significantly more than Van Eck’s original gear, running at approximately $2,000.
Unlike most forms of intrusion, Van Eck Phreaking is completely untraceable. There is no way to determine if you’re being targeted by it. And the only way to defend yourself against it is through techniques such as metallic walls, video signal scramblers, and custom laptop batteries.
It gets worse. As reported by tech publication Ars Technica, a similar attack, known as Synesthesia, uses remote audio recording and machine learning to reconstruct the contents of a display. This all sounds rather frightening, doesn’t it?
The good news is that your business is highly unlikely to be targeted in this way. It simply isn’t practical. As has been well documented, most cybercriminals will inevitably seek the path of least resistance.
And Van Eck Phreaking is anything but.
Not only is it relatively obscure, but it also requires highly specialized equipment to pull off effectively. As such, most hackers aren’t likely to bother with it. Why would they, when simple vectors such as ransomware, phishing emails, and distributed denial of service attacks work just as well?
Additionally, while older LCD displays are more vulnerable to Van Eck Phreaking, the high pixel density of modern, more expensive displays makes the attack significantly more difficult to pull off. All this together means you’re far likelier to suffer a ransomware attack or an accidental data leak than you are to be targeted by this relatively obscure attack method. That’s not to say there isn’t risk there.
Just that you shouldn’t be losing any sleep over it. It’s far better to ensure you’ve covered the basics of security hygiene. A robust password policy, multiple backups, comprehensive access control, and well-designed training programs will go a lot further in protecting your organization than worrying about something so obscure.
Still, it’s worth at least being aware of it — after all, you never know who might be listening.