Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Keyboard That Could Phone Home

Posted by ryuzaki0 on from the blueprints-coming-to-a-torrent-near-you dept.

An anonymous reader writes "University of Pennsylvania researchers have developed a keylogger they call the JitterBug that can modulate passwords or other information into normal traffic by adding imperceptible delays to keypresses as people use keyboard and network-intensive apps like telnet and remote desktop. The idea is that the delays in keypresses cause delays in packets, and data can be encoded in those delays. There's no software or extra network activity that the victim can see, but anyone who can see the traffic (even if it's encrypted) could grab the data. Here's the scary part: the researchers say that it could be manufactured into a keyboard, making these keyloggers widespread and virtually undetectable."

2 of 287 comments (clear)

  1. Re:Could you get around this... by interiot · · Score: 5, Interesting

    There was a talk at the university I was at about the security measures on US government firewalls, for particularly secure computers. Covert timing channels are one clear class of things that a very security firewall needs to protect against (not just for JitterBugs... trojans/viruses could try to communicate this way as well), and they did just that... changed the timing of the packets at the firewall to try to prevent covert timing channels from being possible.

  2. password exposed via timing. by Kaenneth · · Score: 5, Interesting

    I recall a story of someone who determined a co-workers password by listening to the timing of her keypresses.

    "mickeymouse" m i c k e y mou s e