Slashdot Mirror

← Back to Stories (view on slashdot.org)

KeyGhost Security Keyboard Records Keystrokes

Posted by timothy on from the let-their-fingers-do-the-walking dept.

CitizenC writes, "If James Bond were more into keystroke loggers, and less into cars and chicks, this is what he would use. The KeyGhost Security Keyboard looks like a plain cheapo keyboard. But it records everything you type on it. 500,000 freakin' characters worth, if necessary. And you can dump its keystroke log to any computer you connect it to. Applications for this technology are left as an exercise for the reader. Check out the review. "

Let's say you work in a shared office environment and want to prevent someone from eavesdropping on your computer use. You take the logical precautions: you have a lock on your floppy drive, you set a password in the BIOS, you encrypt your files, and you use only secure protocols for remote interaction. Odds are still low that you have a shroud or other physical impediment preventing access to your keyboard's PS/2 port, right?

Interestingly, the KeyGhost is also available in a Microsoft Natural model, so it might be inconspicous in many settings that a new standard keyboard might stick out in. So now you have more reason than plain cynicism to wonder at an "upgrade" to your regular keyboard at work. Of course, most programmers have settled on their keyboards after long trial, and would never disregard such a switch.

Despite the obvious unscrupulous uses this keyboard could be put to, I can think of one that isn't: I'd like to see one of these drawing its power from a battery pack instead of the PS/2 port and featuring a tiny LCD display, for times when it'd be nicer to type an e-mail out on the porch than inside, or as a more efficient idea-gobbler than a pen-driven PDA.

4 of 133 comments (clear)

  1. I'm pretty sure I can beat it. by Odinson · · Score: 4

    I love those old clicky IBM 10 lb cast steel jobs. Try finding one of those prefabed to swap on me. Just in case I'll make sure to weld it shut in 10 places and padlock it to the desk. I'll leave a horse hair in just the right place and wipe my prints off it every night and spray for prints every morning. Not to mention my hidden spy-cam...uh oh I hear helicopters.

    Who says I ain't safe ;)

    --
    Novel theory: Modern Man evolved from psychopath
  2. What to do, what to do.... by Accipiter · · Score: 5
    So, when you're done typing for the day, fold up a piece of paper and jam it between letters. Hang around for an hour or so, then head home with the paper still in the keyboard.

    Then let them have fun with the logs. :)

    -- Give him Head? Be a Beacon?

    --

    -- Give him Head? Be a Beacon?
    (If you can't figure out how to E-Mail me, Don't. :P)

  3. direct physical == no security by enkidu · · Score: 5
    Lets face it, if someone has direct physical access to your computer/keyboard/network switch or router, you're pretty much hosed. For example, just a plain old motion activated camera watching your keyboard. You could even argue that two+ mics (strategically placed) with enough resolution could figure out what keys you were typing (especially if they could calibrate it). How 'bout a packet sniffer placed directly between your computer and your network? It used to be disgustingly easy to snoop packets/passwords from the network in the days of hubs or, to go further back, 10Base-2/5 (ah thinnet & t-junctions!).

    In Cryptonomicon, Neal Stephenson gives another example of snooping a computer by reading the EMF signal from a computer monitor/display.

    Basically, if someone has physical access to your computer facilities, they have a hell of a lot more options to get through your security. Hey, you have to type your password in sometime.

    Even if you use some "biometric" device to read your retina/thumbprint, unless the communication between the computer/device is secure both ways, someone can put a dongle between that and your computer and snoop their way in.

    There is no trap so deadly as the trap you set for yourself

    --

    There is no trap so deadly as the trap you set for yourself
    -Raymond Chandler, The Long Goodbye
  4. Don't Buy It Online by Voivod · · Score: 5

    If you look at the HTML on their "Secure Order" page they're not using SSL to transmit the credit card ordering data. Furthermore, that data is just posted to a form-to-email ASP which presumably stuffs your credit card into an e-mail and zips it off to a POP3 accessable mailbox for their sales person somewhere. Ack! I was very closing to buying, but now I think I'll pass.

    The order page

    The insecure url they post that to