Over the last few months, I have become increasingly intrigued by physical side-channel attacks, and in particular, I have been looking into the TEMPEST attack. This is a concept that dates back a while, but enables an attack to intercept a display signal due to radio emmissions from the cable and connector. A project called DEEP-TEMPEST really peaked my interest, where the recovered image could then be further enhanced using deep learning, to be able to read the text (see https://www.rtl-sdr.com/deep-tempest-eavesdropping-on-hdmi-via-sdr-and-deep-learning/ for more).

I have been meaning to blog this for a little while (and it keeps getting put back!)— so to at least just get started, here is a look at the setup where we can recover a display using only HDMI cable radio emissions!

Above shows the results so far — I have a HackRF with portapack and aerial that is connected to a laptop. The laptop is also outputting to a display using HDMI, and the aerial is near to the HDMI cable. Using SDR++ I can tune the HackRF to pick up the frequency that cable emissions are being picked up on. Then, using the TEMPEST software, I can tune to this same frequency to try and recover the image. You can see that the webpage being displayed on the monitor has been recovered on the laptop — however the image requires some further processing to really make this clearer.

In the next set of posts, I will walk through how to create this setup, how to find the suitable frequency using SDR++, and how the TEMPEST software allows you to recover the image from only the cable emission.