Explained: How Your HDMI Cable Could Let Hackers ‘See’ Your Passwords

We usually think that wired connections are more secure compared to wireless connections. For example, wired file transfer from pendrive to computer is much more secure compared to wireless data transfer because hackers can eavesdrop on wireless signals transmitting data between devices and access them if they are not properly encrypted.
Some researchers in Uruguay have found a method to capture video signals from HDMI cables using artificial intelligence. While HDMI cables are a wired standard and are usually encrypted, they still emit electromagnetic (EM) radiation. This unintentional leak can be intercepted and decoded by hackers to reveal the transmitted video content. This method is known as STORM (Transient Electromagnetic Pulse Emanation Standard).
What is TEMPEST
TEMPEST (Transient Electromagnetic Pulse Emanation Standard) is a security standard that addresses the risk of electronic eavesdropping through inadvertent electromagnetic emissions from electronic devices. These emissions, which can be intercepted and decoded, potentially reveal sensitive information such as video content being viewed, keystrokes, or other data.
This technique is not new, however. The existence of this method dates back to World War II. However, it was easier then due to weak secure networks, and the signal was analog, which was easier to exploit. However, digital signals from HDMI cables are not only more secure, but have complex encoding. However, researchers managed to exploit a single leak using an AI-based approach.
How it’s working
The researchers mentioned that they were able to access the transmitted HDMI content by training deep learning model.Thanks to this, scientists were able to decipher Electromagnetic radiation from HDMI cables, with significantly improved accuracy.
They call it “Deep-TEMPEST,” a method that can interpret minute fluctuations in EM energy, achieving a sign error rate improvement of more than 60 percentage points over previous methods. This allows them to “read” wirelessly recorded EM signals with up to 70% accuracy.
What all users can steal using this method
Well, the researchers mentioned that this method is not perfect and 60% accuracy is not enough to decode the entire video footage at the moment, but it can allow hackers to steal sensitive data such as passwords, usernames, etc.
The process involves using widely available Software Defined Radio (SDR) technology, integrated with the GNU Radio framework, making the method accessible to those with the necessary technical skills. The researchers generated a comprehensive dataset to train their AI model, combining simulated and more than 1,000 real captures.
What users can do
While this method does not pose a significant risk of attack for now, as technology advances and artificial intelligence (AI) capabilities increase, the accuracy rate could increase from 60%, making systems more vulnerable to attacks.
To mitigate these risks, it is advisable to implement EMF protection measures. This can include physically shielding cables and equipment or even redesigning workspaces to minimize EMF leakage. As remote work continues to grow, ensuring that home offices are safe also becomes crucial.