SAN FRANCISCO, March 9: New research that shows how people can remotely snoop on data communications through blinking computer status lights and reflections of monitor glow should concern everyone, but especially governments with highly sensitive networks, experts said on Thursday.

One British study details how flickering light from a common computer display screen reflected off a wall can be reconstructed to reveal whatever appears on the PC monitor.

Another research paper from the United States discusses how light emitting diode (LED) lights from equipment such as modems, routers and keyboards can be captured and processed to reveal the data passing through the device.

With the proper telescope and light sensor equipment, the eavesdropping can be done from two kilometres away or more for the LEDs, and up to about 50 metres away for the monitor light reflection, the research concluded. Computers using cable modem and other high-speed networks appear not to be susceptible to the LED exploit, the study found.

To prevent such spying, researchers recommend placing equipment away from windows, putting black tape over the lights or diffusing monitor glow with sunlight or incandescent light from common light bulbs.

Markus Kuhn, the researcher who discovered the vulnerability of cathode-ray tube (CRT) monitor displays, acknowledged that the findings will likely be more applicable to military and government agencies such as embassies, the Whitehouse, the Pentagon and the military.

Joe Loughry, co-author of the scientific paper on the LED exploit, also resisted inflating the significance of the research, saying, “I think it will be one more curiosity in computer security.”

“These are problems the CIA needs to worry about,” said Peter Tippett, chief technology officer of TruSecure Corp., a managed security services provider based in Herndon, Virginia. “This sort of knowledge is true, but irrelevant for the vast majority of people. It matters if the KGB is after you.”

A well-known privacy expert noted that there are many other, easier ways for someone to eavesdrop on people.

“It’s intellectually interesting, but it’s sort of out there” in terms of practical security, said Richard M. Smith, a privacy expert and security consultant based in Boston, Massachusetts. “If a spy wanted to eavesdrop, it might be easier to just install a bug in the room.”

With so much attention paid to malicious hacking and viruses that are accomplished with computer commands and programming, people often forget about how susceptible they can be to other methods of attack.

One of the most common and easiest ways for hackers to get the information they need to break into a network is called “social engineering,” which involves tricking someone into giving it to them. That is often accomplished with a phone call to an unsuspecting employee by someone pretending to be a legitimate network user who has lost a password.

Other attacks bypass humans altogether and are more direct than sending malicious computer instructions over the Internet.

DECADES OF RESEARCH: For example, the LED and CRT studies build on decades of research into methods for eavesdropping by analyzing the radio frequency emissions from computers and video displays. The code word for reconstructing data from electromagnetic signals is “Tempest,” said Kuhn, a computer security professor at Cambridge University in England.