Exposing Computer Monitor Side

This has actually been a thing for a long time. (and exploited out in the wild too…)

Now, just like keyboards, a monitor can do a few things to combat this issue.

Keyboards for an example can randomly scan their columns instead of scanning them one after another, and also scan them at a reduced voltage. Reducing voltage means lower amplitude in the emitted signals, and the random pattern means that we can’t as easily discern what column were pressed.

Though, since each column isn’t “identical” to each other, not to mention the rows as well… Then we can still largely discern where the key were, but since keyboards can have different trace layouts, the task becomes a bit harder. (Not to mention that we need to look at finer differences within the emitted signal.)

Another way to though leak data is via the cable going from the keyboard to the computer. Here a large change were simply to go from single ended to differential signaling, this dramatically reduced EMI. (though also dramatically increased signal integrity and thereby bitrate.)

A monitor could do something “similar”. We already have encryption on HDMI (as a form of DRM, and it’s not strong encryption btw). We could instead do a key exchange between monitor and the computer, if we do the key exchange at reduced bitrate, then our cables will be a far worse antenna. So it should be reasonably secure to send over a symmetric key, and we only need to do it during startup.

Not to mention that we could also bake in an EEPROM into the monitor, so that it can remember the computer for a while. (if it’s list of remembered computers gets too long, it can just overwrite the computer it hasn’t talked to in forever.) This means that we don’t even need to send over the key during startup, except the first time we use the monitor.

From there on we also need to fix our data leaking screen itself, if our monitor were to randomly scan it’s rows, then that would make it harder to reverse engineer what order things should be in. (Though, this would obviously just cut the image into long single pixel wide strips, putting them back in the correct order isn’t too big of a challenge, but since its a new order for each picture, the challenge becomes harder, unless you know where to search.)

Another method to mitigate data leakage is to also put on a transparent conductive coating on the display, effectively shielding it a bit and preventing the RF from leak out as much.

Though, as with anything else in the world of encryption, we can simply just make things harder, not actually make it impossible. (Even one time pad can be broken, since you need a perfectly random source, and you still leak other data surrounding the encrypted package, since it has a certain size, transmission date, source, among other things.)