TEMPEST: The 80-Year Spy Trick That Still Cracks Your Laptop

Your computer is broadcasting everything it does. Every keystroke, every pixel on your screen, every bit processed by your CPU radiates electromagnetic signals into the air. Congress just asked how badly that matters. The answer is alarming.

Every electronic device leaks electromagnetic signals. For 80 years, intelligence agencies have known how to read them. Photo: Unsplash

Two members of Congress sent a letter to the director of national intelligence last week that landed with almost no coverage. It asked a deceptively simple question: how vulnerable are the computers used by American government officials - and American citizens - to surveillance through their electromagnetic and acoustic emissions?

The technique they were asking about has a classified name that has since leaked into public knowledge: TEMPEST. And it is not a new threat. It is one of the oldest surveillance methods in signals intelligence, first documented in the 1940s when American codebreakers noticed that Bell Telephone's encrypted teletype machines were broadcasting their plaintext messages in radio waves that could be picked up across the room. That discovery launched eight decades of research, secrecy, countermeasures, and classified standards - and a threat that has never fully gone away.

Congress is now asking about it in 2026, in an era of quantum computing threats, AI-powered cyberattacks, and nation-state hacking campaigns, because the basic problem has not been solved. Your laptop is still radiating. Your phone is still leaking. And the equipment to read those signals has gotten dramatically cheaper and more powerful in the past decade.

The Discovery That Launched a Classified Discipline

The origins of TEMPEST trace back to WWII-era signals intelligence work. Photo: Unsplash

In 1943, Bell Telephone engineers working with the US Army Signal Corps discovered something that nobody wanted to know. The SIGSALY encrypted voice system - the most sophisticated secure communications technology of the war - was generating spurious radio frequency emissions that perfectly mirrored the plaintext audio it was supposed to be protecting.

A sensitive receiver placed 25 meters away could pick up those emissions and reconstruct the conversation. Everything the system was designed to hide was being broadcast for free.

Bell's report to the Army is believed to be one of the founding documents of what would become the TEMPEST program. The Army reportedly buried the findings. They didn't want to admit the problem, and they certainly didn't want adversaries to learn that American cryptographers had discovered it, since that discovery implied that American signals intelligence teams were already using the technique against others.

This is the defining feature of TEMPEST as a discipline: it has operated almost entirely in secrecy for eight decades. Unlike most cybersecurity vulnerabilities - which go through public disclosure, vendor patches, and documented fixes - TEMPEST vulnerabilities are classified. The NSA publishes standards for shielding sensitive equipment, but the underlying research, the specific attack methodologies, and the extent of foreign exploitation all remain classified.

What the public knows comes primarily from three sources: academic researchers who independently discovered and published the same techniques, declassified Cold War documents, and the occasional intelligence leak. Together they paint a picture of a surveillance method that has never been neutralized and has only become more relevant as the world became more electronic.

Van Eck Phreaking: The Moment It Went Public

The first time TEMPEST became something the public could actually understand came in 1985, when a Dutch researcher named Wim van Eck published a paper in Computers and Security titled "Electromagnetic radiation from video display units: An eavesdropping risk?"

Van Eck had done something simple: he built a device from off-the-shelf components worth less than $15, drove it to a building, and used it to reconstruct what was displayed on computer monitors inside that building. From outside, through walls, without any physical access to the systems. The technique that carries his name - Van Eck phreaking - demonstrated that the electromagnetic emissions from a cathode ray tube monitor could be captured, demodulated, and displayed on a separate screen.

The intelligence community reacted with visible discomfort. Van Eck's paper described, in technical but accessible terms, a capability that classified programs had been exploiting for decades. Officials at the NSA and GCHQ declined to comment on whether the technique was used operationally. Several government contractors quietly contacted van Eck to ask how far his research had gone.

"The radiation from a VDU can be received at a distance of hundreds of meters with a fairly simple receiver. The signal can be demodulated and displayed on another screen with comparable resolution." - Wim van Eck, 1985

The reaction in the academic security community was bifurcated. Some researchers dismissed it as a niche problem - "nice trick, no practical threat." Others recognized immediately that the underlying physics applied to every electronic device ever built, not just monitors, and that the problem would only get worse as electronics became more dense, more powerful, and more ubiquitous.

Forty years later, the second camp has been proven correct on every count. The problem has not been solved. It has expanded.

How It Works: The Physics That Cannot Be Patched

The fundamental mechanism behind TEMPEST cannot be fixed with a software update. It is a consequence of the basic physics of how electronic circuits operate.

Every time a transistor switches state - from 0 to 1 or back - it causes a rapid change in voltage and current. That change generates a brief electromagnetic pulse. Modern processors contain billions of transistors switching at frequencies of 3 to 5 gigahertz - billions of times per second. The combination of all those switching events produces a complex electromagnetic signature that radiates from the chip, from the printed circuit board traces that carry signals between components, and from the cables that connect different parts of the system.

What makes this exploitable rather than just being background noise is that the emissions are not random. They are directly correlated with the data being processed. When a processor encrypts data, the specific pattern of transistor switching events is partly determined by the data itself. When a video card renders text to a screen, the electromagnetic emissions pattern of the card correlates with the specific characters being displayed. When a keyboard sends a keystroke to a computer, the signal traveling down the USB cable produces a characteristic electromagnetic pulse.

With the right equipment - a sensitive radio receiver, a directional antenna, and signal processing software - these emissions can be captured from a distance and analyzed. The analysis can recover what the device was doing when it emitted the signal: what text was being typed, what data was being encrypted, what was displayed on screen.

The Modern Threat Landscape

Software-defined radio has made electromagnetic interception accessible to researchers - and adversaries - at minimal cost. Photo: Unsplash

The 2025-2026 threat environment is substantially different from van Eck's 1985 proof of concept, in ways that make the problem both better understood and more dangerous.

On the attack side, software-defined radio (SDR) has transformed what TEMPEST-style attacks require in terms of equipment. In 1985, van Eck built custom hardware at significant personal expense. Today, an RTL-SDR dongle capable of receiving a broad spectrum of radio frequencies costs roughly $25 on Amazon. More sophisticated equipment capable of high-fidelity capture across wider bandwidths runs from $300 to several thousand dollars - still a fraction of what purpose-built signals intelligence hardware once cost.

The processing side has also been revolutionized. The signal processing algorithms needed to extract meaningful data from electromagnetic noise can run on commodity hardware. Machine learning techniques have proven particularly effective at identifying patterns in noisy emissions that earlier signal processing methods would have missed. Researchers at Tel Aviv University demonstrated in 2015 that they could extract RSA encryption keys from a laptop computer using a portable radio receiver placed 50 centimeters away, all in a matter of seconds.

More recent research has pushed the boundaries further. A 2020 study demonstrated that screen contents could be reconstructed from the unintentional radio emissions of HDMI cables, which are standard on virtually every modern computer. The attack used a $300 software-defined radio setup and required no modifications to the target system. Another research team showed that GPU processing could be detected and partially characterized from electromagnetic emissions in an adjacent room.

The most unsettling development is the demonstration that TEMPEST attacks can work against systems that are intentionally disconnected from all networks - so-called "air-gapped" systems designed to hold sensitive information by eliminating every electronic connection to the outside world. Researchers at Ben Gurion University in Israel have spent a decade demonstrating creative methods for extracting data from air-gapped machines: using modulated LED indicators to transmit data to cameras, encoding data in hard drive vibrations that propagate through desks, generating radio signals using RAM to communicate with a nearby receiver, even manipulating CPU fan speeds to produce acoustic signals that carry data.

"Air-gapped computers are no longer the impenetrable security barriers they were once assumed to be. If we can do this in an academic setting with off-the-shelf components, intelligence agencies with multi-billion dollar budgets and years of classified research have been doing it for decades." - Mordechai Guri, Ben Gurion University Cybersecurity Research Center

The Congressional Push: Why Now?

The question of why Congress is asking about TEMPEST in March 2026 has several plausible answers, and they are not mutually exclusive.

The most immediate context is the ongoing conflict with Iran and the associated intelligence surge across US government agencies. When nations are at war, or in a state of near-war as the US has been with Iran since the February 28 strikes, the intensity of signals intelligence collection by all sides increases dramatically. Iran's signals intelligence service, SIGINT Unit 8200's Iranian equivalents at the Ministry of Intelligence and Security and IRGC Intelligence Organization, have been active for decades. The question of whether they have developed TEMPEST-equivalent capabilities - or purchased them from more advanced suppliers - is not hypothetical.

But the longer-term context is China. The congressional letter specifically references "foreign adversaries," language that in current US policy discussions almost invariably means China as the primary concern. China's Ministry of State Security has substantial signals intelligence capabilities, and the question of whether Chinese intelligence services are conducting TEMPEST-style collection against US government officials - particularly those working on sensitive matters from home offices or traveling internationally - has been a concern within the intelligence community for years.

The practical mechanics of what the lawmakers are requesting include an assessment of what percentage of US government computer equipment currently meets the NSA's classified TEMPEST shielding standards (designated NSTISSAM TEMPEST/1-92 for the highest level), and an evaluation of whether those standards are adequate given advances in receiver technology and signal processing since they were last comprehensively updated.

The concern applies with particular force to remote work environments. Before the pandemic-era shift to distributed work, most sensitive government computing happened in SCIFs - Sensitive Compartmented Information Facilities - specifically designed and certified to meet TEMPEST standards. Heavy shielding, Faraday cage construction, and controlled electromagnetic environments were standard. But the expansion of remote work has pushed sensitive computing into home offices, hotel rooms, and other uncontrolled environments that have none of those protections.

A Timeline of Key TEMPEST Milestones

What China and Russia Know

The most classified aspect of TEMPEST - and the aspect that congressional investigators are presumably most interested in - is what foreign adversaries have actually done with the technique.

What is publicly documented comes primarily from the Snowden disclosures of 2013, which included internal NSA documents describing a number of signals intelligence programs that directly relate to electromagnetic surveillance. A program codenamed VAGRANT was described as collecting video signals from the electromagnetic emissions of computer screens. Another program, ANGRYNEIGHBOR, involved concealing passive TEMPEST collection devices within power strips and other infrastructure equipment that could be positioned near target computers.

A separate NSA catalog leaked as part of the Snowden documents - known as the ANT catalog - listed a range of hardware implants, including devices designed to capture keystrokes from the electromagnetic emissions of USB keyboards without requiring any physical connection to the keyboard itself.

None of that establishes what Russian or Chinese agencies have developed independently. But there is substantial reason to believe that both have active TEMPEST research programs. Russia's FSB and GRU have inherited the full signals intelligence architecture of the Soviet KGB and GRU, organizations that invested heavily in TEMPEST research throughout the Cold War. Chinese signals intelligence, primarily conducted by the Strategic Support Force's Network Systems Department (formerly the Technical Reconnaissance Bureau), has benefited from two decades of aggressive technology acquisition, including some that specifically targets signals intelligence capabilities.

The FBI's counterintelligence division has warned repeatedly about the practice of Chinese intelligence targeting US government officials' personal devices and home computers. TEMPEST-style collection from those devices would be particularly difficult to detect, since it leaves no traces on the target system - there is nothing to log, no network connection to monitor, no file to scan. The attack exists entirely in the radio frequency domain.

Security researchers who have worked with US government agencies describe the threat as one that is widely acknowledged internally but rarely discussed publicly, partly because any public discussion immediately raises questions about how the US exploits the same vulnerabilities against adversaries.

Defenses That Work - and Their Limits

The good news, such as it is, is that TEMPEST vulnerabilities are understood well enough that effective countermeasures exist. The bad news is that those countermeasures are expensive, impractical at scale, and largely inaccessible to civilian users.

The most effective defense is electromagnetic shielding - constructing a Faraday cage around the computing environment. A properly constructed SCIF provides exactly this: metal-lined walls that prevent electromagnetic emissions from escaping the room. The NSA's TEMPEST standards specify the attenuation requirements for different classification levels of information, and certified SCIF construction follows those specifications carefully.

For equipment rather than rooms, TEMPEST-hardened computers exist. The US military and intelligence community use equipment certified to NSA TEMPEST standards, designated by a NATO zone system (Zone 0 for the most stringent, requiring emissions to be undetectable at essentially zero distance from the device). These machines are substantially more expensive than commercial equivalents - the shielding adds significant cost and weight - and they are not available on the consumer market.

Distance is the simplest practical mitigation. Electromagnetic signals follow the inverse square law: double the distance between attacker and target, and signal strength drops to one quarter. A laptop emitting a strong HDMI signal might be readable from 30 meters under ideal conditions; in a dense urban environment with multiple signal sources, the practical range is much shorter. This is of limited comfort in a world where a targeted surveillance operation can park a van on the street outside a target's home or office.

The Second-Order Problem: Everyone Carries a TEMPEST Risk

The congressional inquiry focuses on government computing. But the underlying problem is orders of magnitude larger.

Modern smartphones are arguably worse TEMPEST risks than desktop computers. They are carried into sensitive environments by people who would never bring a compromised device to a classified meeting - because they don't think of their phone that way. But a phone is a radio-frequency broadcasting device by design; the cellular, WiFi, Bluetooth, and NFC radios in a typical smartphone create a much richer electromagnetic profile than a desktop computer, and that profile correlates directly with the phone's activities in ways that sophisticated receivers can exploit.

The concentration of sensitive people in particular locations creates aggregated TEMPEST risk that goes beyond any individual device. A meeting of senior government officials - a cabinet meeting, a Congressional hearing, a diplomatic summit - brings together dozens of devices, all emitting, in a single room. The correlation of multiple devices' emissions can in some circumstances recover more information than any single device would reveal in isolation.

The rise of AI-powered signal processing has changed the practical calculation here. Pattern recognition algorithms trained on the electromagnetic signatures of specific chipsets can now identify device models, operating systems, and sometimes specific applications from their radio frequency profiles. That's a step toward being able to target a specific device in a crowd of emitting devices - not just capturing everything and hoping to filter it later.

The question is not whether nation-state intelligence agencies have capabilities that go far beyond what academic researchers have published. They do. The NSA publishes classified technical standards for TEMPEST - standards that commercial equipment consistently fails to meet - which implies that the organization has a detailed understanding of how badly commercial equipment leaks. That same understanding has presumably been developed by Russian and Chinese equivalents.

What Congress is asking is really a simple question about accountability: does the US government know the extent of its own exposure? And is it telling civilians - who use commercial equipment for sensitive work in an era of remote government and distributed industry - anything useful about the risks they face?

Eighty years after Bell Labs first discovered the problem, the honest answer to both questions is no.