KeyGhost Security Keyboard Records Keystrokes

CitizenC writes, "If James Bond were more into keystroke loggers, and less into cars and chicks, this is what he would use. The KeyGhost Security Keyboard looks like a plain cheapo keyboard. But it records everything you type on it. 500,000 freakin' characters worth, if necessary. And you can dump its keystroke log to any computer you connect it to. Applications for this technology are left as an exercise for the reader. Check out the review. "

Let's say you work in a shared office environment and want to prevent someone from eavesdropping on your computer use. You take the logical precautions: you have a lock on your floppy drive, you set a password in the BIOS, you encrypt your files, and you use only secure protocols for remote interaction. Odds are still low that you have a shroud or other physical impediment preventing access to your keyboard's PS/2 port, right?

Interestingly, the KeyGhost is also available in a Microsoft Natural model, so it might be inconspicous in many settings that a new standard keyboard might stick out in. So now you have more reason than plain cynicism to wonder at an "upgrade" to your regular keyboard at work. Of course, most programmers have settled on their keyboards after long trial, and would never disregard such a switch.

Despite the obvious unscrupulous uses this keyboard could be put to, I can think of one that isn't: I'd like to see one of these drawing its power from a battery pack instead of the PS/2 port and featuring a tiny LCD display, for times when it'd be nicer to type an e-mail out on the porch than inside, or as a more efficient idea-gobbler than a pen-driven PDA.

What to do, what to do....

[Accipiter]

So, when you're done typing for the day, fold up a piece of paper and jam it between letters. Hang around for an hour or so, then head home with the paper still in the keyboard.

Then let them have fun with the logs. :)

-- Give him Head? Be a Beacon?

direct physical == no security

[enkidu]

Lets face it, if someone has direct physical access to your computer/keyboard/network switch or router, you're pretty much hosed. For example, just a plain old motion activated camera watching your keyboard. You could even argue that two+ mics (strategically placed) with enough resolution could figure out what keys you were typing (especially if they could calibrate it). How 'bout a packet sniffer placed directly between your computer and your network? It used to be disgustingly easy to snoop packets/passwords from the network in the days of hubs or, to go further back, 10Base-2/5 (ah thinnet & t-junctions!).

In Cryptonomicon, Neal Stephenson gives another example of snooping a computer by reading the EMF signal from a computer monitor/display.

Basically, if someone has physical access to your computer facilities, they have a hell of a lot more options to get through your security. Hey, you have to type your password in sometime.

Even if you use some "biometric" device to read your retina/thumbprint, unless the communication between the computer/device is secure both ways, someone can put a dongle between that and your computer and snoop their way in.

There is no trap so deadly as the trap you set for yourself

Don't Buy It Online

[Voivod]

If you look at the HTML on their "Secure Order" page they're not using SSL to transmit the credit card ordering data. Furthermore, that data is just posted to a form-to-email ASP which presumably stuffs your credit card into an e-mail and zips it off to a POP3 accessable mailbox for their sales person somewhere. Ack! I was very closing to buying, but now I think I'll pass.

The order page

The insecure url they post that to