Slashdot Mirror

← Back to Stories (view on slashdot.org)

Compromising Wired Keyboards

Posted by CmdrTaco on from the not-a-lot-of-substance-here dept.

Flavien writes "A team from the Security and Cryptography Laboratory (LASEC) in Lausanne, Switzerland, found 4 different ways to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. They tested 11 different wired keyboard models bought between 2001 and 2008 (PS/2, USB and laptop). They are all vulnerable to at least one of the 4 attacks. While more information on these attacks will be published soon, a short description with 2 videos is available."

15 of 277 comments (clear)

  1. No comment.. by Anonymous Coward · · Score: 5, Funny

    I won't type what I think about that...

  2. TEMPEST by michaelhood · · Score: 5, Informative

    This appears to be related to why TEMPEST attacks work on monitors.

    1. Re:TEMPEST by __aajxax2722 · · Score: 5, Interesting

      I agree. I don't see the big "News Flash" on this. This was well known back in the mid 80's when I fixed computers for the military. They had to be Tempest certified before and after the fixes. It was common knowledge that EMF emissions would be able to be picked up and recorded some distance away from the host computer.

    2. Re:TEMPEST by IceCreamGuy · · Score: 5, Insightful

      I don't see the big "News Flash" on this.

      I think the big news flash on this is that they actually performed four different, real attacks on real, physical keyboards. Theory is one thing, someone actually saying "hey, we can really do this on the cheap now to 11 different keyboards sold at your local Best Buy; here's how..." is another. I don't think it's unreasonable to consider that "news for nerds."

    3. Re:TEMPEST by Jay+L · · Score: 5, Funny

      I think the big news flash on this is that they actually performed four different, real attacks on real, physical keyboards.

      When the first mass-transit-quality teleporter is installed in a major city, there will be a commenter on Slashdot, sneering at it: "This isn't news. They've been doing that at the quantum level for years."

  3. Dubious claim by Drakkenmensch · · Score: 5, Funny

    Is this going to be another one of those hollow claims backed up by a viral video, like unlocking car doors with a tennis ball?

  4. Time for a Faraday cage? by apathy+maybe · · Score: 5, Interesting

    To determine if wired keyboards generate compromising emanations, we measured the electromagnetic radiations emitted when keys are pressed. To analyze compromising radiations, we generally use a receiver tuned on a specific frequency. However, this method may not be optimal: the signal does not contain the maximal entropy since a significant amount of information is lost.

    Our approach was to acquire the signal directly from the antenna and to work on the whole captured electromagnetic spectrum.

    Looks like a room or building size Faraday Cage (a foil hat the size of your house!) might be the only defence...

    Especially considering that you can also detect what is shown on monitors (again, by detecting the electromagnetic radiation), and so on screen "keyboards" operated with a mouse become not so useful.

    It's not clear from the article whether they have have the keyboard before hand to be able to record which key-press outputs what radiation, or if they can use this (and by that I mean one of the four) technique on any old keyboard, including ones they haven't seen before.

    Anyway, this shouldn't be too surprising to anyone, electronics emit electromagnetic radiation, which can be captured.

    --
    I wank in the shower.
    1. Re:Time for a Faraday cage? by Anonymous Coward · · Score: 5, Funny

      Which is why you move to Pennsylvania and live among the Amish. Also, your crazy hacker beard will look a little less crazy.

  5. Easier way to open the car... by MindKata · · Score: 5, Funny

    "like unlocking car doors with a tennis ball".

    Its much easier with a cricket ball. Just use it to break the window.

    --
    There are 10 kinds of people in the world... those who understand binary and those who don't.
    1. Re:Easier way to open the car... by nacturation · · Score: 5, Funny

      Its much easier with a cricket ball. Just use it to break the window.

      That may be how the Brits do it, but using a bowling ball generally meets with smashing success.

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  6. Nothing new by thered2001 · · Score: 5, Interesting

    I saw this demonstrated about 10 years ago while working for a military contractor during a demonstration to increase awareness of security risks. They were able to capture video and keyboard data through a wall adjacent to the PC being monitored. (I can't elaborate on who 'they' were...but I'm sure astute readers can guess correctly.)

    --

    If your only tool is a hammer, every problem becomes a nail.

    1. Re:Nothing new by Constantine+XVI · · Score: 5, Informative

      It's called van Eck phreaking, and it's been applied to monitors for a while now, but no-one's really talked about sniffing from the keyboard.

      --
      "I think an etch-a-sketch with an ethernet port would beat IE7 in web standards compliance."
  7. Re:But did they test with a Model M? by thered2001 · · Score: 5, Funny

    I'm not so sure...I would expect that the Model M probably produces a spark-gap kind of effect which can be picked up on AM radios a block away.

    --

    If your only tool is a hammer, every problem becomes a nail.

  8. Shenanigans? by tdc_vga · · Score: 5, Interesting

    If you watch the video he sets the keyboard.eavesdropper into a listening/polling state waiting for keypress information. From there it's filtered and decoded --fine. Now the part that seemed odd to me is it exits as soon as it finds the 'e' in 'trust no one', why?

    If the eavesdropper is in a polling state it should continue looking for more keypresses, unless something there are some smoke and mirrors going on. Also, if you listen there's no termination sent --no keypresses heard on camera.

  9. Re:Cryptonomicomics by argent · · Score: 5, Insightful

    Most modems back in the '80s just ran either RD, TD, or (RD|TD) through the LED. It was cheap and easy and gave you a good activity signal. Nobody cared about people sniffing the data through the LED, and really hardly anyone is ever going to be in a situation where they're even potentially exposed. And for virtually all the rest, this is hardly the low hanging fruit... if you can get close enough to read the LED, you're close enough to see what the target is doing any number of easier ways.