A previously unknown form of compromising emanations has been discovered. LED
status indicators on data communication equipment, under certain conditions,
are shown to carry a modulated optical signal that is significantly correlated
with information being processed by the device. Physical access is not
required; the attacker gains access to all data going through the device,
including plaintext in the case of data encryption systems. Experiments show
that it is possible to intercept data under realistic conditions at a
considerable distance. Many different sorts of devices, including modems and
Internet Protocol routers, were found to be vulnerable. A taxonomy of
compromising optical emanations is developed, and design changes are described
that will successfully block this kind of "Optical TEMPEST" attack.Comment: 26 pages, 11 figure