Researchers Sniff Keystrokes From Thin Air, Wires

narramissic writes "Two separate research teams have found that the electromagnetic radiation that is generated when a computer keyboard is tapped is actually pretty easy to capture and decode. Using an oscilloscope and an inexpensive wireless antenna, the Ecole Polytechnique team was able to pick up keystrokes from virtually any keyboard, including laptops — with 95 percent accuracy over a distance of up to 20 meters. Using similar techniques, Inverse Path researchers Andrea Barisani and Daniele Bianco picked out keyboard signals from keyboard ground cables. On PS/2 keyboards, 'the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna,' Barisani said. That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. Barisani and Bianco will present their findings at the CanSecWest hacking conference next week in Vancouver. The Ecole Polytechnique team has submitted their research for peer review and hopes to publish it very soon."

Guess what

Upgrade to USB. Try to sniff that.

Re:Guess what

[Jmanamj]

They could still do it through wireless. The keys emit a signal that can be picked up no matter what connection the keyboard has to the computer.

For all you paranoid conspiracy theorists out there that are busy shitting bricks, I will be developing a USB based jamming device that will saturate the area with dummy signals. Please send $100 via brown paper bag on doorstep courier.

Re:Guess what

[Chabo]

Real data thieves don't even bother with a keystroke sniffer: they know the sound of each key, so they only have to hear your password being typed to know it.

Re:Guess what

[fuzzyfuzzyfungus]

I can't hear you sonny, type louder!

Re:Guess what

[belmolis]

A surefire way to get around keyboard monitoring is not to use one. It is admittedly rather tedious, but if you have good cause to be concerned about security, you can use an on-screen keyboard. As far as I know, they can't obtain the necessary information by monitoring your mouse signals.

Martus, a package aimed at human rights workers who need to keep their activities secret from hostile governments, includes an on-screen keyboard.

Re:Guess what

[Chabo]

Heh... I guessed it was possible, but I hadn't figured it had been done already!

Re:Guess what

[internerdj]

So listening to mp3s on my computer is a security protection rather than a security risk? Hold on. I have to go complain to IT.

Re:Guess what

[Culture20]

A surefire way to get around keyboard monitoring is not to use one. It is admittedly rather tedious, but if you have good cause to be concerned about security, you can use an on-screen keyboard.

Tempest.

In future ITSO announcements:
Your pass-group must contain one of each of the following:

1. 20 character passphrase
2. keyfob fingerprint reader
3. rentinal scan
4. one spoken word (which may not be any of: [cut dear don't everything eye God I my no off out take thumb told you])
5. MRI scan of you imagining your "happy place"

Re:Guess what

[MadnessASAP]

One second while I tune my antennas to your monitor frequency.

Re:Guess what

[Xtravar]

OR you can use speech recognition!!!!!

Re:Guess what

[Linker3000]

Keyboardless? Try this... http://www.theonion.com/content/video/apple_introduces_revolutionary

Re:Guess what

[zonky]

Any idea how this affects laptops running off battery - i.e not connected to ground.

Re:Guess what

[BagOCrap]

Whoa, Chuck Norris flashback!

Re:Guess what

[amiga500]

Modern key-logging software captures the area under the mouse on each mouse click. The defeats those on-screen keyboards, and web-sites which force you to do the same. This of course requires software to be running on your hosts. There's existing technology which can reconstruct an image from a CRT using EFI, but LCD screens are a lot harder to pick up.

Re:Guess what

[squidinkcalligraphy]

A surefire way to get around keyboard monitoring is not to use one. It is admittedly rather tedious, but if you have good cause to be concerned about security, you can use an on-screen keyboard. As far as I know, they can't obtain the necessary information by monitoring your mouse signals.

Instead 'they' only need to look at your screen (or set up a vid camera) to get you password. Screen keyboards are not any more secure.

Re:Guess what

[belmolis]

There are a great many circumstances in which you can be sure that no one else is in the room and that no video camera can see your screen but in which electromagnetic monitoring is possible. So, yes, there are ways of spying on someone using an on-screen keyboard, but in many circumstances it is far more secure than a regular keyboard.

Re:Guess what

[belmolis]

This only works if software is running on your host? Well, there are plenty of circumstances in which people can't install software on your system but could be monitoring EM from outside. In those circumstances, then, use of an on-screen keyboard is secure, isn't it?

Also, granted that one can pick up mouse signals, don't they just indicate how much the mouse moved and the direction? If so, in order to translate that into key strokes, you need to know not only the layout of the on-screen keyboard, which you can't know unless you can construct the image from EFI and the keyboard is appropriately labelled on the screen, but you need to know the point of origin of the mouse.

Re:Guess what

[beav007]

Here's a slightly different way to do it: a laser projected keyboard. No keypresses to hear, and unless you can crack the bluetooth encryption (yes, I know), it suffers none of the problems previously discussed.

Re:Guess what

[fractoid]

For all you paranoid conspiracy theorists out there that are busy shitting bricks, I will be developing a USB based jamming device that will saturate the area with dummy signals. Please send $100 via brown paper bag on doorstep courier.

I'm interested in buying one of your devices. There are... agencies... who would be very interested to know what I know.

What? You want my address? WHY? No, I can't come and pick it up, THEY'll see me. Courier companies report to the NSA so I can't use one of them. None of my friends can be trusted, I know two of them are spies for Botswana independence movement... WHO ARE YOU? WHAT DO YOU WANT? Is this to do with case 44318? Oh god, that twinkie WAS a tracking device, wasn't it?

...cash is too traceable, do you accept payment in ingots of Cobalt?

Re:Guess what

[StarkRG]

Except that if you use TFT screens they can be detected and decoded wirelessly...

Re:Guess what

[JoCat]

http://en.wikipedia.org/wiki/Van_Eck_phreaking

Van Eck Phreaking and reading the contents of your monitor is likely orders of magnitude easier than decyphering your keyboard signals, considering the back of your monitor is probably against a wall, making for a better transmitter than a wire that runs around and along a bunch of other wires.

Re:Guess what

[Meski]

And would probably be defeated by the onscreen keyboards that move after you enter each character, and rearrange the character layout. (I've only seen that done for numeric PINs, rearranging an alpha kb would be a UI pain)

Re:Guess what

[cryptoluddite]

Real data thieves ... only have to hear your password

Damn, and here I thought I was safe because my voice is my password...

Verify me.

Re:Guess what

[AmiMoJo]

The parent jests, but this might actually work.

With the USB protocol you could easily send thousands of fake reports per second and the PC would simply ignore them. Ideally this would be done by the keyboard controller, which if you want to DIY it could be replaced with an AVR microcontroller.

The signal to noise ratio would then be pretty high, making it much harder to sniff genuine keystrokes since the only difference between the fake reports and the genuine ones could be as little as one bit (e.g. in the report ID).

Re:Guess what

[conureman]

Oh great, now I have to sound-proof my Faraday Cage.

Re:Guess what

[TheLink]

Unless you actually test a device for "tempest" emanations, you can never be sure what information it could actually leak.

Some slashdotters here seem to think that LCDs are unsniffable, but that is not true.

See: http://www.newscientist.com/blog/technology/2007/04/seeing-through-walls.html

I believe other people have successfully attacked LCDs years before that guy did. I can't remember the details :).

Re:Guess what

[mattib]

You should use your voice was your passport. Then you'd be safe.

Re:Guess what

[interstellar_donkey]

You have just typed the letter "a". Please repeat process for next character.

Re:Guess what

[Sethumme]

Not if you build animatronic dogs and go on dates with women from internet dating services.

Re:Guess what

[KDR_11k]

And real data security is when you simply shoot anyone in a position to hear or sniff your data.

Re:Guess what

[cbiltcliffe]

Some slashdotters here seem to think that LCDs are unsniffable, but that is not true.

Nothing is unsniffable, and nothing is unhackable.

Anybody who claims otherwise doesn't understand security.

needs another tag

This needs a Van Eck tag, for Stephenson's Cryptonomicon bit.

Re:needs another tag

[Chabo]

What is this "Va Neck" you speak of?

Re:needs another tag

[Sir_Lewk]

Van Eck phreaking is real stuff (as this article demonstrates), not a creation of Cryptonomicon.

Re:needs another tag

[luder]

From wikipedia:

"Van Eck phreaking is the process of eavesdropping on the contents of a CRT display by detecting its electromagnetic emissions".

Also worth checking: open-source Van Eck phreaking implementation.

Re:needs another tag

[Chabo]

It was a joke.

Slashdot's tag system doesn't support whitespace or capitalization, so "Van Eck" could also be read as "Va Neck".

Re:needs another tag

[luder]

Oh... Duh, silly me... Sorry about that.

Re:needs another tag

[blueg3]

It was also actually done, in 1985, by Van Eck. While Cryptonomicon might overstate the situation a bit, the entire "Van Eck" thing is quite true.

Re:needs another tag

[TheLink]

I'm not sure if it's overstated.

The cost of doing such attacks appears to be going down.

Whereas the cost of protecting yourself against such attacks don't appear to be going down. They are either about the same or even increasing.

You could line your walls and windows with conductive meshes and install a jammer. But if someone just punctures one hole in your defense, they're in, and you might not know about it.

After all they can work out keystrokes from the sound.

They can also listen in by bouncing a laser off your vibrating windowpanes.

If you use a CRT, even if it is not pointed at your window, they could even point a telescope at your window, and recreate the picture just from the reflection on the walls of your room. The CRT's electron beam only lights up a dot or short line on the phosphors, your eyes and brain form the entire picture from the traces - so the CRT lit walls are actually changing colours very rapidly.

In the old days, some modems used to have LEDs almost directly connected to the data lines...

Paranoid

None of this would happen if you used ParanoidLinux... or would it?

The Illuminati are tapping our power lines! Run! Call Cory Doctorow! Call Dan Brown! Call John Munch!

Re:Paranoid

[SIR_Taco]

Better get a tinfoil hat for your keyboard too.

Much ado about nothing?

[Tumbleweed]

Sounds like a TEMPEST in a teapot to me.

Re:Much ado about nothing?

[geekmux]

Sounds like a TEMPEST in a teapot to me.

Sounds like a TEMPEST in a teapot to me.

Nothing you say? Here's the part where I tell you I knew what you typed before it posted.

Re:Much ado about nothing?

[davester666]

So, now I have to look around and see if anybody is looking at an oscilloscope?

Re:Much ado about nothing?

[Prof.Phreak]

Yes, and wasn't there a declassified NSA thing about just this late last year?

Re:Much ado about nothing?

[Tumbleweed]

> Sounds like a TEMPEST in a teapot to me.

> Sounds like a TEMPEST in a teapot to me.

Nothing you say? Here's the part where I tell you I knew what you typed before it posted.

No way, man, that's just because I surf in full duplex!

8N1 fo life!

Re:Much ado about nothing?

[DrLang21]

I'm fairly certain that I've heard about this several times before.

Re:Much ado about nothing?

[nicolas.kassis]

They were talking about listening to the noise the keys are making through a computers microphone. This is worse. This is saying that someone can sniff you keystrokes through power lines.

Re:Much ado about nothing?

[kolicha]

And me. I remember the videos: http://lasecwww.epfl.ch/keyboard/ Engadget reported it last October: http://www.engadget.com/2008/10/20/keyboard-eavesdropping-just-got-way-easier-thanks-to-electrom/

Re:Much ado about nothing?

[Vlado]

I don't see why this would be treated as something new or unusual.

US army and intelligence departments are more than familiar with such emanations. In fact they are so familiar with them, that there have been procedures available for shielding the equipment for more than 30 years now. And we're not talking only about keyboard stroke interceptions but also about remote-capture of monitor displays.

You can actually buy equipment that's pre-shielded from a lot of different vendors. Usually it's a normal mouse/keyboard/PC that has additional anti-EM emanating housing/protection applied to it. Of course for about double the price of a standard component :-)

In any case a bit more background can be found here http://en.wikipedia.org/wiki/TEMPEST

Good news, tinfoil hat crowd!

Tinfoil keyboards! Accessorize, baby!

Re:Good news, tinfoil hat crowd!

[Sidn]

What about the aluminium macbooks then? Short USB cables + shielding by metal case.

Well, just in case...

[retroStick]

I will have to type "I know you're eavesdropping" every few sentences.

http://xkcd.com/525/

Re:Well, just in case...

God. We all love xkcd, and we all already though of this right after we though of TEMPEST. These xkcd posts have gone from redundant to flamebait. For the love of Randal, please stop!

Re:Well, just in case...

[Chyeld]

Won't help. They also know where to buy $5 wrenches.

http://xkcd.com/538/

Fools....

Two separate research teams have found that the the electromagnetic radiation that is generated when a computer keyboard is tapped is actually pretty easy to capture and decode.

...We at the NSA have known this for years.

Re:Fools....

[westlake]

...We at the NSA have known this for years.

I can't imagine this story being news to Hertz or Marconi.

Re:Fools....

[thethibs]

Everybody has known this for years, except, it seems, the guys and girls at Polytechnique and their grant committee.

As a reminder

[geekoid]

Publishing is one of the first steps in peer review.

Thank you.

Re:As a reminder

[welcher]

Actually, for a large number of papers, the formal peer review process (that begins when the article is sent off to a journal and before publishing) is the only time that the article gets closely read. The informal peer review process that i assume you are referring to (people reading the published paper) may never happen.

Mouse

[Dan+East]

This is exactly why I do all my typing with my mouse on an on-screen virtual keyboard. It's much faster too.

On a serious note, it is ironic that literally broadcasting a bluetooth signal over-the-air between a wireless keyboard and computer is apparently more secure than a hardwired keyboard.

Re:Mouse

[snowgirl]

This is exactly why I do all my typing with my mouse on an on-screen virtual keyboard. It's much faster too.

On a serious note, it is ironic that literally broadcasting a bluetooth signal over-the-air between a wireless keyboard and computer is apparently more secure than a hardwired keyboard.

Well, it makes sense... after all, WEP is "Wired Equivalent Protection"... It's only when we're actually paying attention that this information is floating out into space that people really seem to notice or care that there are security issues.

Re:Mouse

[fuzzyfuzzyfungus]

The nice thing about standardized wireless links is that they are so painfully insecure that people have a hard(er) time maintaining a false sense of security about them, which leads to more care.

One might also note that the PS/2 port is electrically compatible with the old AT keyboard that debuted in 1984, on a system with a 6MHz 8086. Not exactly an era where the computational cost of encrypting local busses was even remotely sensible.

Re:Mouse

A keyboard?

Re:Mouse

[PaganRitual]

This is exactly why I do all my typing with my mouse on an on-screen virtual keyboard. It's much faster too.

I was going to make a "Dad, is that you?" joke here, but my Dad's mouse movement is almost as bad as his typing speed.

Seriously though, how badly do you type to find that selecting characters via the mouse to be quicker?

Re:Mouse

[snowgirl]

Bluetooth doesn't use WEP, does it? I thought WEP was only for wlans.

This is true... however the idea that the original WLAN encryption was stated to be "wired equivalent", and ended up actually being super weak... from this it kind of suggests that "wired equivalent" isn't a very strong transmission security in the first place.

The idea here is that only when transmissions are made explicitly for communication do many people even think about the security of those transmissions. I mean... who would think to encrypt keyboard input data from a wired keyboard to the computer? We only think of information as traveling along established lines, however we forget constantly that information is leaked...

A lesson for everyone here I think is to be aware that all transmission methods are insecure.

Re:Mouse

[poot_rootbeer]

One might also note that the PS/2 port is electrically compatible with the old AT keyboard that debuted in 1984, on a system with a 6MHz 8086.

Additional things that one might note:
- the AT keyboard debuted in 1984 as part of the IBM PC/AT system, which was based on the 80286, though some 8086/8088-based PC- and XT- compatibles got BIOS updates that allowed the AT keyboard to be used on them
- with the advent of USB, fewer and fewer desktop PCs over the past decade have been including PS/2 ports, with inclusion on laptops now approaching zero

thin air: the new menace

[girlintraining]

I couldn't help but think of drugs when I read the headline: Researchers sniffing lines of keystrokes, complaining about how thin the air has gotten since when they were young. By god, back then the electrons were so thick they had to use thick 8 gauge wiring to make anything work. Why, these days, the electrons have been used and re-used so much that we can use 24ga wiring for communications. Hey, are you gonna finish that line of qwertyuiop?

Re:thin air: the new menace

[andrewd18]

Clearly we need to get rid of this "air" problem. If there's no medium to sniff the keystrokes from, our children will be safe. WON'T SOMEONE THINK OF THE CHILDREN?

Re:thin air: the new menace

[LandDolphin]

Wish i could mod you Funny. Sadly, you could probably be modded insightful.

Re:thin air: the new menace

[StarkRG]

Just build a faraday cage around your house.

It's not as hard as you might think, stucco is plaster on chicken wire wrapped around the house...

Will they be allowed to present their stuff?

[bogaboga]

I doubt these folks will be allowed to present their stuff. As a lay man, I cannot see a genuine use of this technology without breaking the law. I hope they will present.

When a product based on this technology is manufactured, the manufacturer could face a law suit on these grounds:

The defendant manufactured a product which on usage as intended by manufacturer, breaks the law. That's tough.

Re:Will they be allowed to present their stuff?

[mr_mischief]

There's significant legal use for keyboard sniffing. Parents watching children and employers watching employees on company computers are both legal in the US.

Re:Will they be allowed to present their stuff?

[MoralHazard]

How thin is the air, up there where you're at, that you somehow believe that they wouldn't be allowed to present? Why is that "tough"

Since when does the Canadian government ask whether there is a "genuine use of [a] technology without breaking the law" before they pre-emptively restrict free speech? I'm pretty sure that they don't--go wikipedia it, yourself, and come back and tell me if I'm wrong, OK?

So where did you get this idea that somebody could stop their presentation/publishing?

  * You may be confused by certain past cases (such as the RIAA/MPAA watermarking contest) wherein researchers are threatened with lawsuits by other private parties on contractual or copyright-related grounds. Zero application, here--these researchers aren't involved with any 2nd parties who have the legal standing and desire to bring such a tort.

  * You may also be confused by the DMCA, or its counterparts in other countries, which criminalize the distribution of devices or methods that circumvent copyright protection mechanisms, like DVD's CSS encryption. Again, zero application, because this has nothing to do with copyright law.

  * Is it possible that you were thinking of how governments will classify research that has national security implications, such as work on nuclear weapons or cryptography, muzzling the researchers with threats of criminal prosecution? Again, not an issue here--Faraday's law of induction isn't what you'd call a national secret.

So... Seriously: Am I missing something, here? Why DO you think these researchers would be stopped from presenting? And who do you think would do it, and how?

Re:Will they be allowed to present their stuff?

[Logic+Worshiper]

There are plenty of key logger applications which can legally be used on a computer one owns and allows others to use. This is different, this is used to intercept data a person enters on their own computer, not on your computer, and there aren't legal uses for that, expect finding ways to prevent it.

Re:Will they be allowed to present their stuff?

[Logic+Worshiper]

National secrets are being typed on PS/2 keyboards though, so the last thing could be used. Granted, it's a stretch, and not something I support.

Van Eck phreaking?

[gandhi_2]

I remember talk about this in the 80's. Van Eck Phreaking

Re:Van Eck phreaking?

if(dislikesApple()||!isDemocrat()){$mod--;}

if (user.writesInPseudocode()) user.setDork(true)

Re:Van Eck phreaking?

[belleb]

Actually I think it was done in the late 70's at one of the shows. Computer Fair or something. Someone was in the cheap tents outside and capturing what people were keyboarding. Jim Warren, I think, reported on it the Intellegent Machines Journal or was the Computer Fair paper?

Re:Van Eck phreaking?

[gknoy]

This is different, though, from Van Eck Phreaking. VEP is based on the idea of intercepting video from the person's monitor, whereas this is basically a remote keylogger. Both capture information via electromagnetic radiation, but it sounds like this has a higher signal to noise ratio.

Phreaking

[debrain]

Nifty wiki links:
Van Eck Phreaking
TEMPEST
Rainbow series

What about multiple keyboards?

[damn_registrars]

I didn't see anything about them picking this up from multiple keyboards. It isn't that often that you encounter one person on one computer, really. I suspect it could be quite a bit more difficult to figure out the typing of 4 users sitting around you at the airport with laptops (to say nothing of the probable response in an airport elicited by someone using an oscilloscope).

Re:What about multiple keyboards?

[Chandon+Seldon]

More keyboards makes the situation moderately more complicated, but snooping doesn't require anything especially more difficult. It's probably even possible to separate out the keystrokes based on which keyboard they came from entirely based on the characteristics of the signals.

The solution is obvious...

[rickb928]

Change to Bluetooth. That'll fix 'em, by gum! Harrr! Can't fool ME that easily!

Wait... Oh, nevermind. The only solution is to shoot people with antennae. Damned criminals...

No, wait... No, wait... No, wait...

Hmm. This is interesting. Get back to you.

Re:The solution is obvious...

[arminw]

.....The only solution is to shoot people with antennae....

The solution is to allow nobody anywhere at anytime to have any secrets of any kind whatsoever. Jesus Christ speaks of the time in the future of the world when all secrets will be known by everyone.

Jesus Christ said in Luke 12:2 -- For there is nothing covered that shall not be revealed, nor anything hidden that shall not be known. 3 Therefore whatever you have spoken in darkness shall be heard in the light. And that which you have spoken in the ear in secret rooms shall be proclaimed on the housetops.

In today's world, where people have selfish ideas and motives, security and secrecy are necessary evils. In a world where everybody knows what everybody else is thinking at all times and all places, anybody with evil plans would find it hard to carry them out. Someday, our world will become such a place where it will be next to impossible for anybody to do any harm to anyone else without everybody immediately knowing such an intent.

Re:The solution is obvious...

[sexconker]

Someday?

Not until the develop precognition and get Tom Cruise on the job.

Why would anyone plotting something evil use electronic communication if they fear getting caught?

The old tricks are still the best.

Re:The solution is obvious...

[evilviper]

In a world where everybody knows what everybody else is thinking at all times and all places, anybody with evil plans would find it hard to carry them out.

What makes, eg. bidding/negotiations some form of "evil plans"? Such methods certainly require secrecy on the part of BOTH parties.

Re:The solution is obvious...

[evilviper]

In our present world animals have to kill other animals in order to live. This will no longer be the case for the days that the Prophet is writing about. Everybody will be a vegetarian and the competitive struggle for existence will cease.

And the angel of the lord came unto me, snatching me up from my place of slumber. And took me on high, and higher still until we moved to the spaces betwixt the air itself. And he brought me into a vast farmlands of our own midwest. And as we descended, cries of impending doom rose from the soil. One thousand, nay a million voices full of fear. And terror possessed me then.

And I begged, "Angel of the Lord, what are these tortured screams?" And the angel said unto me, "These are the cries of the carrots, the cries of the carrots! You see, Reverend Maynard, tomorrow is harvest day and to them it is the holocaust." And I sprang from my slumber drenched in sweat like the tears of one million terrified brothers and roared, "Hear me now, I have seen the light! They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers!" Can I get an amen? Can I get a hallelujah? Thank you Jesus.

LOL, yeah

[Giant+Electronic+Bra]

You beat me to it. DOD has had a whole system (TEMPEST) for classifying this kind of EM emissions from secured systems at least since the mid 1980's. Nothing new about it at all. I recall working for a particular defense contractor where we had an entire 'black area' of the plant that was TEMPEST rated. Independent filtered power, EMF shielding everywhere, etc. It was pretty expensive to set up too.

Re:LOL, yeah

[Shadow+of+Eternity]

You could spend 2 billion dollars shielding something, or you could spend $144 an hour paying ~20 people minimum wage to sit on myspace, irc, and twitter all day and space them around your complex.

Re:LOL, yeah

[inKubus]

Yeah, the university I worked at did some government work and actually used a mechanically isolated power system. Basically they had a big motor (or several, actually) and it was directly connected to a generator (with a flywheel I think). This meant a totally independent power loop as inside the building, and the flywheel smoothed out any spikes. Obviously not highly efficient, but a good way to decouple for security and safety purposes.

Re:LOL, yeah

[blueg3]

You should most certainly *not* consider "cover signals" as adequate against EM-leak eavesdropping.

Re:LOL, yeah

[IndustrialComplex]

You could spend 2 billion dollars shielding something, or you could spend $144 an hour paying ~20 people minimum wage to sit on myspace, irc, and twitter all day and space them around your complex.

With all the TVs, cars, airplanes, cell phones, motorcycles, powerlines, CB radios.... etc. Do you really think an extra 20 signals is going to slow anyone down?

BTW, would you get those 20 people to follow all of your TEMPEST devices around to provide noise? Strap them to the roof of your hmmwv? Stuff em behind the pilot?

Re:LOL, yeah

[davolfman]

Would a spark-gap transmitter as a wideband jammer work though?

Re:LOL, yeah

[nametaken]

My work does this... and I'm pretty sure it's working.

Re:LOL, yeah

[Shadow+of+Eternity]

Point.Maybe if we brought workers over from lilliput...

Re:LOL, yeah

[x2A]

or a thousand of those water head tipping birdy thingies that homer uses to press Y (tripling his productivity)

I knew this day would come

[loconet]

I knew it. Many others have been discussing the potentials for this type of eavesdropping for many years. Ha! and they laughed at me when I started protecting my stuff...

This sort of snooping was used in the '70's.

In 1981, my supervisor in the Air Force, based on training he had as a forward air controller in Vietnam, told me how easy it was to electronically snoop in on the keystrokes generated by electric typewriters. This was in response to my question about what the "secure typewriter" was that we were standing there looking at. So the whole concept was proven, in use, and being counter-acted, years before the Van Eck phreaking article was even published.

So I'm quite baffled by this "research" being presented well over 30 years after that.

Re:This sort of snooping was used in the '70's.

[tepples]

[Military anecdote] So I'm quite baffled by this "research" being presented well over 30 years after that.

It can take decades for things to get declassified.

Re:This sort of snooping was used in the '70's.

[Raghead]

None of this was classified.

This is not news

[mbone]

Google "Tempest." Some of this has been released, some not, but this is decades old.

In other news

[UnknowingFool]

Stock prices for Alcoa shot up as stores reported a sudden shortage of aluminum foil. The Alcoa spokesman was at a loss to explain the sudden shortage.

8 gauge wire

[Savage-Rabbit]

By god, back then the electrons were so thick they had to use thick 8 gauge wiring to make anything work.

Some years ago I waked into a computer store to buy a hard drive. Along one of the walls was a series of glass displays containing a small selection of vintage computer equipment. One of the displays contained a gigantic object that looked like it would take two men to shift. It consisted of a really massive looking cast metal casing out of which protruded some disks, arms, some clumsy looking circuit boards and the thing was powered by a quite sizeable 220 volt electric motor of the type one is used to seeing attached to a really big fat lumber saw. I had to take a few steps back before I realised the thing was a (8 GB as it turned out) hard drive from the early 80s and not a piece of industrial machinery with it's panelling removed. I walked out of that place with a 20 Gb hard drive in my hand. Kind of makes one marvel over how far we have come in terms of miniaturisation.

FYI: Google TEMPEST & EMI

[Zymergy]

There is nothing new here, now move along...
http://www.google.com/search?hl=en&q=TEMPEST+EMI

As with ALL security research

[Ungrounded+Lightning]

As a lay man, I cannot see a genuine use of this technology without breaking the law.

As with ALL security research there's ALWAYS one legal use: Using the info and techniques to find ways to defend yourself against bad guys who use the techniques against you and to test that your defenses are adequate.

Re:As with ALL security research

[harry666t]

...unless you're in Germany.

Re:As with ALL security research

[Ungrounded+Lightning]

...unless you're in Germany.

Just because it's legit doesn't mean it's legal. B-(

Re:As with ALL security research

[Raenex]

Or in the United States in violation of the DMCA.

New secure UI

[maetenloch]

Guess I'll have to use the caps lock LED as my secure interface except Doh! it puts out signals that can be sniffed as well.

CSI

[OfficialReverendStev]

So how long until we see this misused on CSI as a technique to somehow find the killer? "And then we'll use his online handle to get his IP address and trace that to his house..." Ugh.

Re:CSI

[sexconker]

Ugh? That's what actually happens.

Dear MySpace, I can't take it anymore.
Downstairs, third door on the left, I'm so sorry.

OMG SRSLY?
OMG
LIKE, RLY?
WTF OMG
CALLING TEH COPS
OMG
COPS CONTACTING ISP
OMG THIS IS RLY HAPPENING
OMG OMG

Emo MySpace loser found dead. Now to Carl with the weather.

Re:CSI

[OfficialReverendStev]

IP address != physical address. That's the problem. Also, you can find the ip address someone is using to access their myspace page? Really?

Re:CSI

[Man+Eating+Duck]

IP address != physical address. That's the problem. Also, you can find the ip address someone is using to access their myspace page? Really?

IP Geolocation can be so efficient that it's scary. This one gives my physical location to within 20 meters along with some other (correct) information. Also, Myspace can of course find the IP of one of their users. If the cops want to find me, they could get my IP from Myspace and then go to my service provider to get my real name and address.

Re:CSI

[OfficialReverendStev]

Sure, sure. It's possible in a long, drawn-out and circular way. I just get annoyed when it's portrayed as:

"Quick, where is he located?"

"Pinging his router now. He's at 123 Maple St."

I know it's done for brevity, but come on.

Re:CSI

[sexconker]

Your ISP knows where you live.

Getting an ISP from an IP is trivial - even cops can do it.

Getting an IP from a blog post is trivial as well.

Thats It...

[thaddeusthudpucker]

Thats it, I'm building a Faraday cage around my house. Try sniffing my emissions through THAT. Try hacking my wifi through THAT.

Re:Thats It...

[sexconker]

Uh, your power lines go through your faraday cage, yes? Sound goes through as well, I presume.

FUD

[sgt+scrub]

This is a plot by GUI users to spread fear uncertainty and doubt upon cli applications. May CLI live forever!

Re:FUD

[martin-boundary]

"Excuse me. Are you the CLIdean People's Front?"

Re:Much ado about nothing? -pretty much

[johnjones]

USN has been doing it for years so has the german MAD

remember security is an illusion

regards

John Jones

Use a Dvorak keyboard.

[Neanderthal+Ninny]

Change to an Dvorak keyboard or even an foreign language keyboard "challenge" this.
However the way I type, they will have fun with all of those backspaces...

I submitted this way back in October of last year!

[Phizzle]

My original submission was "Security and Cryptography Laboratory at the Swiss Ecole Polytechnique Federale de Lausanne (EPFL) doctoral students demonstrated four successfull techniques for sniffing keystrokes off various keyboards, including laptops, by analysing the electromagnetic signals produced by every key press. Not entirely new concept, but these guys were able to get data from 20m away. Time for Tempest Grade keyboards?!"

Possibly

[Giant+Electronic+Bra]

But then if you are required to comply with certain specifications by contract with DOD, it doesn't actually matter WHAT the rules are. You either comply or you get kicked off the contract.

Besides, there is a lot more to that kind of thing than just EMSEC. Those black areas are highly secure, physically, electronically, etc. Nobody goes in or out with anything on them, no electronics of any kind go in or out, no network links, no phones, no nothing.

There are of course various levels to these things, but you will NOT find classified data scattered around on systems outside a secured area.

Re:Possibly

[IndustrialComplex]

There are of course various levels to these things, but you will NOT find classified data scattered around on systems outside a secured area.

Perhaps a better way to put it, you shouldn't find red data on a black network.

Honestly, it's hard to mess that up under almost all circumstances. It takes someone completely brain-dead, or malicious, to mix the two.

Welcome to the 60s

[oren]

Look up "TEMPEST", e.g. in http://en.wikipedia.org/wiki/TEMPEST - this isn't merely "old news", this is "so ancient it dates before I was born", and I am old enough to have used punch cards.

This is why some computer rooms will never contain wireless peripherals or wireless networks or Internet connections; but will have an intimidating sign on the door, and combined biometric/keypad entry, and Faraday cages built into their walls, and a self destruct mechanism, and fences around them, and 24/7 armed guards, and a hot line to a fast-response team on a separate near-by base.

For everyone else, well, when you buy tinfoil rolls, remember to buy enough for your hat _and_ your peripherals cables :-)

Re:Laptop keyboards

[Ninnle+Labs,+LLC]

So does this work with laptop keyboards as well?

Gee, I don't know...

the the Ecole Polytechnique team was able to pick up keystrokes from virtually any keyboard, including laptops

Clearly Apple is on top of this already...

[eegad]

Are there any lengths they won't go to in order to protect our privacy? http://www.youtube.com/watch?v=9BnLbv6QYcA

brief question

[extraqwert]

brief question: what is the safest way to login to my email account and check email, in the internet cafe? Assuming that the cafe is run by the mafia.

Re:brief question

[Ninnle+Labs,+LLC]

Leave that Starbucks and go to the Starbucks across the street that isn't run by the Mafia?

Re:brief question

[extraqwert]

By Internet cafe I mean Internet cafe with terminals. Not a BYOL like Starbucks. I should have said ``a safe way'', not ``the safest way''.

Re:brief question

[sexconker]

There is none.

You can have keyfobs and retina scanners and such, but the wise guy in the cafe will just nail you to a chair (through your kneecaps), and hook the nails to a car battery.

You'll talk. Everyone talks.

Re:brief question

[extraqwert]

OK, I had in mind a University library...

Re:brief question

[Areyoukiddingme]

Join the Mafia?

They're more respectable than the RIAA and MPAA any day... At least they sell tangible goods. (Well, the blow is. The hookers are a service.)

Re:brief question

[StarkRG]

Log off, go home, log in there.

If you want the absolute safest way: never log in, ever.

Re:brief question

[sexconker]

A university library that is an internet cafe that is run by the mafia?

Nice

[DaMattster]

LOL! Soon we'll have to have keyboards and mice with SSL connectivity. Hold on a second .... I have to update my mouse and keyboard cert. They just expired :D

Wouldn't a parallel cable make this much harder?

[mark_osmd]

Using a parallel keyboard cable would make it a lot harder to decode (that is if the main emitter is the cable).

Re:Simple solution

[sexconker]

Or a real keyboard with a mechanical typing machine, like in Die Hard.

Nothing new here

[woboyle]

This behavior of the keyboard cable acting as an antenna transmitting all the keystrokes that can be intercepted via radio is not new at all. I knew of work on Tempest certified terminals in the late 1970's where this was considered a major security issue and an area where some really innovative work was done to redress.

Egad!

[changa]

Time to wrap tin-foil around my keyboard.

"TEMPEST: A Signal Problem"

[FranklinWebber]

You are correct. See

http://blog.wired.com/27bstroke6/2008/04/nsa-releases-se.html

for a summary and see

http://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf

for the recently declassified document. The discovery of this problem is dated to 1943.

I claim IP rights!

[Mr.+Conrad]

If they can figure out exactly what key you're pressing from up to 20 meters away, forget stealing passwords. They should build wireless keyboards.

(comment typed within 15 feet of my computer)

Touchsceen

[deanston]

Guess that keyboard-less touchscreen trend isn't so stupid after all.

I can see what you're typing by video taping the movement of your fingers from a distance anyhow.

MacBook Wheel

[Migity]

Luck for me I'm getting the MacBook Wheel

Re:Wow, welcome to 1985...

[blueg3]

Which in turn sounds a lot like Tempest, which dates back to the what, 40s?

Those who ignore history ...

[johnkzin]

Those who ignore history ... are doomed to post the same damn topics on /. every 6 months.

My apartment is a Farraday Cage

[casings]

So I don't have this problem.

It's also nice because I don't like to wear hats indoors.

wireless antennas

[eric-x]

aren't they great? i hate antennas with wires.

This is news?

[hador_nyc]

I remember my college professors doing this from the Quad during the open houses every year while I was in college. I went to Syracuse University from 94-98, and got a BS in Electrical Engineering. This is cool, don't get me wrong, but far from news; or maybe I'm just a geek. Hmm, well this is /., and I am trying to prove how uncool these guys are...

Worrying thought?

Would this work with ATM keypads?

Yes, very old hat, but...

[grikdog]

...this is why you use keyfiles. Generate them from /dev/urandom, esp. on Macs which use yarrow. Dunno about Ubuntu.

EPFL video of the experiment

[pace303]

The demonstration given by Martin Vuagnoux and Sylvain Pasini from the LASEC/EPFL has already been slashdotted (see http://hardware.slashdot.org/article.pl?sid=08/10/20/1248234&from=rss) in october 2008. You can see the videos of the experiment on http://lasecwww.epfl.ch/keyboard

And this is new?

[Nine+Mirrors+Turning]

How exactly can this be new or newsworthy?
I saw a demonstration 20 years ago almost to the day where guys from the swedish equivalent of NSA captured keystrokes from a Mac Plus at 300 meters distance (I was working in military research at the time).
As a consequence we built a room paneled entirly in copper, with copper chicken wire across the windows and baffled air vents.
Opto-couplers for the phone lines and stabilizers for the power and we were emission free. The whole TEMPEST package.

Re:And this is new?

[pace303]

The technology has significantly been improved since the the 80-90's. It is much more easier to capture a signal from an old device using high voltage. But this seems to be the first demonstration in the open litterature of this kind of vulnerability in modern keyboards (and wireless keyboards, considering the wireless communication as secure). Moreover, there is 4 different ways to recover the keystrokes and it concerns USB keyboards as well. So basically, yes I think it's new (or at least applied to modern keyboards)

Whatever

[frenchbedroom]

D skf q hskjrù Iurlqb oqxrsjv Kmd!! q$qx V(

Translation : I use a custom Dvorak layout. Sniff away :)

Re:Whatever

[DigitalSorceress]

except that you've basically just got a monoalphabetic substitution cypher... not exactly rocket science to figure out and automate.

How many computer keyboards in that ?

[pmarini]

given that being at the centre of a 20m circle means an area of over 1000 sqm, how many computers are there in such space, say in an office, and how can you make sure which precise keyboard are you "listening" to ??

Recursion

[PietjeJantje]

Slashdot writes about keyboard sniffer. IT world guy catches up half a year later, and writes article about, ehm, "new" keyboard sniffing techniques. Slashdot writes about guy writing about old news. What will happen in 6 months?

i'm safe

[misterhaan]

luckily, i type in dvorak, so they'll never be able to pull my ra;;,soh out of thin air!

So they can detect the keys -

[Pahalial]

But the key signals they're picking out of the air don't include the layout. For bonus paranoia points (and since fairly elementary pattern recognition can be applied to this issue), use a rotation of 3 or more keyboard layouts changing at random intervals with a very minor on-screen notification. Now they need to be rocking TEMPEST, which has a much shorter range than this technique according to TFA.

(Extra tinfoil points for reprogramming your keyboard's microcontroller to rotate the key codes away from the default for your model. Extra extra points for using a new schema whose usage pattern would be reasonably close to the expected.)

known for at least 20 years

[peter303]

Rather old news