Slashdot Mirror

← Back to Stories (view on slashdot.org)

Compromising Wired Keyboards

Posted by CmdrTaco on from the not-a-lot-of-substance-here dept.

Flavien writes "A team from the Security and Cryptography Laboratory (LASEC) in Lausanne, Switzerland, found 4 different ways to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. They tested 11 different wired keyboard models bought between 2001 and 2008 (PS/2, USB and laptop). They are all vulnerable to at least one of the 4 attacks. While more information on these attacks will be published soon, a short description with 2 videos is available."

10 of 277 comments (clear)

  1. Re:TEMPEST by CRCulver · · Score: 4, Insightful

    Indeed. Already a decade ago I was hearing people claim that the best way to enter passphrases and the like would be an on-screen keyboard whose keyboard map changes after each letter is input, all ideally displayed with a TEMPEST-resistant font. Even back then people knew anything wired was snoopable.

  2. Re:Time for a Faraday cage? by bhima · · Score: 4, Insightful

    Being the only house on your block not radiating all sorts of data sounds like an excellent reason for the DHS to perform a no-knock raid with a legions of SWAT teams and an armored troop carrier or two.

    --
    Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
  3. Cryptonomicomics by argent · · Score: 4, Insightful

    Oh no, we will have to learn to type code by tapping on a single key and read the results in the flickering of the hard drive light.

    When they can manage the same trick in a noisy office environment with dozens of keyboards and monitors in use, then I'll worry.

    1. Re:Cryptonomicomics by argent · · Score: 5, Insightful

      Most modems back in the '80s just ran either RD, TD, or (RD|TD) through the LED. It was cheap and easy and gave you a good activity signal. Nobody cared about people sniffing the data through the LED, and really hardly anyone is ever going to be in a situation where they're even potentially exposed. And for virtually all the rest, this is hardly the low hanging fruit... if you can get close enough to read the LED, you're close enough to see what the target is doing any number of easier ways.

  4. laptops only? by ikirudennis · · Score: 3, Insightful

    These videos indicate that the powersupply interferes with the signal, so they only test on laptops running on battery. Does this mean that it doesn't work on desktop computers?

  5. Features win over Security (again). by geekmux · · Score: 2, Insightful

    Instead of trying to put 72 hot keys, along with a volume knob, EQ, and 17 LEDs emitting a dizzying array of light colors, how about just a keyboard?

    Without all the extra crap, there just may be a chance to reduce the overall voltage required to drive a keyboard, and therefore reduce the eminations. Could go hand in hand with all this talk of going "Green" with PCs.

    Of course, that will never happen, because we're far too fascinated with keyboard bling. After all, feature-creep isn't a problem, it's a lifestyle, right?

  6. Re:Truecrypt refuses to deal with this.... by Anonymous Coward · · Score: 1, Insightful

    could that be because every major operating system comes with an onscreen keyboard if you're paranoid enough to want to use one?

  7. Re:TEMPEST by IceCreamGuy · · Score: 5, Insightful

    I don't see the big "News Flash" on this.

    I think the big news flash on this is that they actually performed four different, real attacks on real, physical keyboards. Theory is one thing, someone actually saying "hey, we can really do this on the cheap now to 11 different keyboards sold at your local Best Buy; here's how..." is another. I don't think it's unreasonable to consider that "news for nerds."

  8. Re:Maybe time for a DVORAK keyboard by rhsanborn · · Score: 2, Insightful

    It shouldn't keep them busy for long. I haven't been able to get to the description yet, but I assume a Dvorak layout, or any other layout for that matter would look like a simple replacement cipher and wouldn't take long to crack.

  9. Re:Shenanigans? by Seth024 · · Score: 2, Insightful

    It was probably set to stop listening after a few seconds to make the demonstration easier.