Slashdot Mirror
The Keyboard That Could Phone Home
An anonymous reader writes "University of Pennsylvania researchers have developed a keylogger they call the JitterBug that can modulate passwords or other information into normal traffic by adding imperceptible delays to keypresses as people use keyboard and network-intensive apps like telnet and remote desktop. The idea is that the delays in keypresses cause delays in packets, and data can be encoded in those delays. There's no software or extra network activity that the victim can see, but anyone who can see the traffic (even if it's encrypted) could grab the data. Here's the scary part: the researchers say that it could be manufactured into a keyboard, making these keyloggers widespread and virtually undetectable."
There was a talk at the university I was at about the security measures on US government firewalls, for particularly secure computers. Covert timing channels are one clear class of things that a very security firewall needs to protect against (not just for JitterBugs... trojans/viruses could try to communicate this way as well), and they did just that... changed the timing of the packets at the firewall to try to prevent covert timing channels from being possible.
The thing I don't get is how you distinguish the miniscule delay introduced with this system from the much larger delay between subsequent keypresses the user makes. I don't think most people type at such a consistent rate that you could plug this in and immediately start observing traffic. (I wouldn't be too surprised if you could do it after observing the person's typing habits for a long time... but that would be different for every person, so most likely impractical.)
I recall a story of someone who determined a co-workers password by listening to the timing of her keypresses.
"mickeymouse" m i c k e y mou s e