Researchers Sniff Keystrokes From Thin Air, Wires

narramissic writes "Two separate research teams have found that the electromagnetic radiation that is generated when a computer keyboard is tapped is actually pretty easy to capture and decode. Using an oscilloscope and an inexpensive wireless antenna, the Ecole Polytechnique team was able to pick up keystrokes from virtually any keyboard, including laptops — with 95 percent accuracy over a distance of up to 20 meters. Using similar techniques, Inverse Path researchers Andrea Barisani and Daniele Bianco picked out keyboard signals from keyboard ground cables. On PS/2 keyboards, 'the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna,' Barisani said. That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. Barisani and Bianco will present their findings at the CanSecWest hacking conference next week in Vancouver. The Ecole Polytechnique team has submitted their research for peer review and hopes to publish it very soon."

Guess what

Upgrade to USB. Try to sniff that.

Re:Guess what

[Jmanamj]

They could still do it through wireless. The keys emit a signal that can be picked up no matter what connection the keyboard has to the computer.

For all you paranoid conspiracy theorists out there that are busy shitting bricks, I will be developing a USB based jamming device that will saturate the area with dummy signals. Please send $100 via brown paper bag on doorstep courier.

Re:Guess what

[Chabo]

Real data thieves don't even bother with a keystroke sniffer: they know the sound of each key, so they only have to hear your password being typed to know it.

Re:Guess what

[fuzzyfuzzyfungus]

I can't hear you sonny, type louder!

Re:Guess what

[belmolis]

A surefire way to get around keyboard monitoring is not to use one. It is admittedly rather tedious, but if you have good cause to be concerned about security, you can use an on-screen keyboard. As far as I know, they can't obtain the necessary information by monitoring your mouse signals.

Martus, a package aimed at human rights workers who need to keep their activities secret from hostile governments, includes an on-screen keyboard.

Re:Guess what

[internerdj]

So listening to mp3s on my computer is a security protection rather than a security risk? Hold on. I have to go complain to IT.

Re:Guess what

[Culture20]

A surefire way to get around keyboard monitoring is not to use one. It is admittedly rather tedious, but if you have good cause to be concerned about security, you can use an on-screen keyboard.

Tempest.

In future ITSO announcements:
Your pass-group must contain one of each of the following:

1. 20 character passphrase
2. keyfob fingerprint reader
3. rentinal scan
4. one spoken word (which may not be any of: [cut dear don't everything eye God I my no off out take thumb told you])
5. MRI scan of you imagining your "happy place"

Re:Guess what

[MadnessASAP]

One second while I tune my antennas to your monitor frequency.

Re:Guess what

[Linker3000]

Keyboardless? Try this... http://www.theonion.com/content/video/apple_introduces_revolutionary

Re:Guess what

[amiga500]

Modern key-logging software captures the area under the mouse on each mouse click. The defeats those on-screen keyboards, and web-sites which force you to do the same. This of course requires software to be running on your hosts. There's existing technology which can reconstruct an image from a CRT using EFI, but LCD screens are a lot harder to pick up.

Re:Guess what

[beav007]

Here's a slightly different way to do it: a laser projected keyboard. No keypresses to hear, and unless you can crack the bluetooth encryption (yes, I know), it suffers none of the problems previously discussed.

Re:Guess what

[Meski]

And would probably be defeated by the onscreen keyboards that move after you enter each character, and rearrange the character layout. (I've only seen that done for numeric PINs, rearranging an alpha kb would be a UI pain)

Re:Guess what

[conureman]

Oh great, now I have to sound-proof my Faraday Cage.

needs another tag

This needs a Van Eck tag, for Stephenson's Cryptonomicon bit.

Re:needs another tag

[luder]

From wikipedia:

"Van Eck phreaking is the process of eavesdropping on the contents of a CRT display by detecting its electromagnetic emissions".

Also worth checking: open-source Van Eck phreaking implementation.

Much ado about nothing?

[Tumbleweed]

Sounds like a TEMPEST in a teapot to me.

Re:Much ado about nothing?

[Prof.Phreak]

Yes, and wasn't there a declassified NSA thing about just this late last year?

Re:Much ado about nothing?

[nicolas.kassis]

They were talking about listening to the noise the keys are making through a computers microphone. This is worse. This is saying that someone can sniff you keystrokes through power lines.

Good news, tinfoil hat crowd!

Tinfoil keyboards! Accessorize, baby!

Well, just in case...

[retroStick]

I will have to type "I know you're eavesdropping" every few sentences.

http://xkcd.com/525/

Fools....

Two separate research teams have found that the the electromagnetic radiation that is generated when a computer keyboard is tapped is actually pretty easy to capture and decode.

...We at the NSA have known this for years.

Re:Fools....

[westlake]

...We at the NSA have known this for years.

I can't imagine this story being news to Hertz or Marconi.

Re:Fools....

[thethibs]

Everybody has known this for years, except, it seems, the guys and girls at Polytechnique and their grant committee.

As a reminder

[geekoid]

Publishing is one of the first steps in peer review.

Thank you.

Mouse

[Dan+East]

This is exactly why I do all my typing with my mouse on an on-screen virtual keyboard. It's much faster too.

On a serious note, it is ironic that literally broadcasting a bluetooth signal over-the-air between a wireless keyboard and computer is apparently more secure than a hardwired keyboard.

Re:Mouse

[fuzzyfuzzyfungus]

The nice thing about standardized wireless links is that they are so painfully insecure that people have a hard(er) time maintaining a false sense of security about them, which leads to more care.

One might also note that the PS/2 port is electrically compatible with the old AT keyboard that debuted in 1984, on a system with a 6MHz 8086. Not exactly an era where the computational cost of encrypting local busses was even remotely sensible.

Re:Mouse

[snowgirl]

Bluetooth doesn't use WEP, does it? I thought WEP was only for wlans.

This is true... however the idea that the original WLAN encryption was stated to be "wired equivalent", and ended up actually being super weak... from this it kind of suggests that "wired equivalent" isn't a very strong transmission security in the first place.

The idea here is that only when transmissions are made explicitly for communication do many people even think about the security of those transmissions. I mean... who would think to encrypt keyboard input data from a wired keyboard to the computer? We only think of information as traveling along established lines, however we forget constantly that information is leaked...

A lesson for everyone here I think is to be aware that all transmission methods are insecure.

thin air: the new menace

[girlintraining]

I couldn't help but think of drugs when I read the headline: Researchers sniffing lines of keystrokes, complaining about how thin the air has gotten since when they were young. By god, back then the electrons were so thick they had to use thick 8 gauge wiring to make anything work. Why, these days, the electrons have been used and re-used so much that we can use 24ga wiring for communications. Hey, are you gonna finish that line of qwertyuiop?

Re:thin air: the new menace

[andrewd18]

Clearly we need to get rid of this "air" problem. If there's no medium to sniff the keystrokes from, our children will be safe. WON'T SOMEONE THINK OF THE CHILDREN?

Van Eck phreaking?

[gandhi_2]

I remember talk about this in the 80's. Van Eck Phreaking

Phreaking

[debrain]

Nifty wiki links:
Van Eck Phreaking
TEMPEST
Rainbow series

The solution is obvious...

[rickb928]

Change to Bluetooth. That'll fix 'em, by gum! Harrr! Can't fool ME that easily!

Wait... Oh, nevermind. The only solution is to shoot people with antennae. Damned criminals...

No, wait... No, wait... No, wait...

Hmm. This is interesting. Get back to you.

Re:The solution is obvious...

[arminw]

.....The only solution is to shoot people with antennae....

The solution is to allow nobody anywhere at anytime to have any secrets of any kind whatsoever. Jesus Christ speaks of the time in the future of the world when all secrets will be known by everyone.

Jesus Christ said in Luke 12:2 -- For there is nothing covered that shall not be revealed, nor anything hidden that shall not be known. 3 Therefore whatever you have spoken in darkness shall be heard in the light. And that which you have spoken in the ear in secret rooms shall be proclaimed on the housetops.

In today's world, where people have selfish ideas and motives, security and secrecy are necessary evils. In a world where everybody knows what everybody else is thinking at all times and all places, anybody with evil plans would find it hard to carry them out. Someday, our world will become such a place where it will be next to impossible for anybody to do any harm to anyone else without everybody immediately knowing such an intent.

Re:The solution is obvious...

[evilviper]

In a world where everybody knows what everybody else is thinking at all times and all places, anybody with evil plans would find it hard to carry them out.

What makes, eg. bidding/negotiations some form of "evil plans"? Such methods certainly require secrecy on the part of BOTH parties.

LOL, yeah

[Giant+Electronic+Bra]

You beat me to it. DOD has had a whole system (TEMPEST) for classifying this kind of EM emissions from secured systems at least since the mid 1980's. Nothing new about it at all. I recall working for a particular defense contractor where we had an entire 'black area' of the plant that was TEMPEST rated. Independent filtered power, EMF shielding everywhere, etc. It was pretty expensive to set up too.

Re:LOL, yeah

[Shadow+of+Eternity]

You could spend 2 billion dollars shielding something, or you could spend $144 an hour paying ~20 people minimum wage to sit on myspace, irc, and twitter all day and space them around your complex.

Re:LOL, yeah

[inKubus]

Yeah, the university I worked at did some government work and actually used a mechanically isolated power system. Basically they had a big motor (or several, actually) and it was directly connected to a generator (with a flywheel I think). This meant a totally independent power loop as inside the building, and the flywheel smoothed out any spikes. Obviously not highly efficient, but a good way to decouple for security and safety purposes.

I knew this day would come

[loconet]

I knew it. Many others have been discussing the potentials for this type of eavesdropping for many years. Ha! and they laughed at me when I started protecting my stuff...

This sort of snooping was used in the '70's.

In 1981, my supervisor in the Air Force, based on training he had as a forward air controller in Vietnam, told me how easy it was to electronically snoop in on the keystrokes generated by electric typewriters. This was in response to my question about what the "secure typewriter" was that we were standing there looking at. So the whole concept was proven, in use, and being counter-acted, years before the Van Eck phreaking article was even published.

So I'm quite baffled by this "research" being presented well over 30 years after that.

Re:This sort of snooping was used in the '70's.

[tepples]

[Military anecdote] So I'm quite baffled by this "research" being presented well over 30 years after that.

It can take decades for things to get declassified.

Re:Will they be allowed to present their stuff?

[mr_mischief]

There's significant legal use for keyboard sniffing. Parents watching children and employers watching employees on company computers are both legal in the US.

This is not news

[mbone]

Google "Tempest." Some of this has been released, some not, but this is decades old.

In other news

[UnknowingFool]

Stock prices for Alcoa shot up as stores reported a sudden shortage of aluminum foil. The Alcoa spokesman was at a loss to explain the sudden shortage.

8 gauge wire

[Savage-Rabbit]

By god, back then the electrons were so thick they had to use thick 8 gauge wiring to make anything work.

Some years ago I waked into a computer store to buy a hard drive. Along one of the walls was a series of glass displays containing a small selection of vintage computer equipment. One of the displays contained a gigantic object that looked like it would take two men to shift. It consisted of a really massive looking cast metal casing out of which protruded some disks, arms, some clumsy looking circuit boards and the thing was powered by a quite sizeable 220 volt electric motor of the type one is used to seeing attached to a really big fat lumber saw. I had to take a few steps back before I realised the thing was a (8 GB as it turned out) hard drive from the early 80s and not a piece of industrial machinery with it's panelling removed. I walked out of that place with a 20 Gb hard drive in my hand. Kind of makes one marvel over how far we have come in terms of miniaturisation.

As with ALL security research

[Ungrounded+Lightning]

As a lay man, I cannot see a genuine use of this technology without breaking the law.

As with ALL security research there's ALWAYS one legal use: Using the info and techniques to find ways to defend yourself against bad guys who use the techniques against you and to test that your defenses are adequate.

Re:As with ALL security research

[harry666t]

...unless you're in Germany.

Re:Paranoid

[SIR_Taco]

Better get a tinfoil hat for your keyboard too.

FUD

[sgt+scrub]

This is a plot by GUI users to spread fear uncertainty and doubt upon cli applications. May CLI live forever!

Re:Much ado about nothing? -pretty much

[johnjones]

USN has been doing it for years so has the german MAD

remember security is an illusion

regards

John Jones

Use a Dvorak keyboard.

[Neanderthal+Ninny]

Change to an Dvorak keyboard or even an foreign language keyboard "challenge" this.
However the way I type, they will have fun with all of those backspaces...

Re:Will they be allowed to present their stuff?

[MoralHazard]

How thin is the air, up there where you're at, that you somehow believe that they wouldn't be allowed to present? Why is that "tough"

Since when does the Canadian government ask whether there is a "genuine use of [a] technology without breaking the law" before they pre-emptively restrict free speech? I'm pretty sure that they don't--go wikipedia it, yourself, and come back and tell me if I'm wrong, OK?

So where did you get this idea that somebody could stop their presentation/publishing?

  * You may be confused by certain past cases (such as the RIAA/MPAA watermarking contest) wherein researchers are threatened with lawsuits by other private parties on contractual or copyright-related grounds. Zero application, here--these researchers aren't involved with any 2nd parties who have the legal standing and desire to bring such a tort.

  * You may also be confused by the DMCA, or its counterparts in other countries, which criminalize the distribution of devices or methods that circumvent copyright protection mechanisms, like DVD's CSS encryption. Again, zero application, because this has nothing to do with copyright law.

  * Is it possible that you were thinking of how governments will classify research that has national security implications, such as work on nuclear weapons or cryptography, muzzling the researchers with threats of criminal prosecution? Again, not an issue here--Faraday's law of induction isn't what you'd call a national secret.

So... Seriously: Am I missing something, here? Why DO you think these researchers would be stopped from presenting? And who do you think would do it, and how?

Welcome to the 60s

[oren]

Look up "TEMPEST", e.g. in http://en.wikipedia.org/wiki/TEMPEST - this isn't merely "old news", this is "so ancient it dates before I was born", and I am old enough to have used punch cards.

This is why some computer rooms will never contain wireless peripherals or wireless networks or Internet connections; but will have an intimidating sign on the door, and combined biometric/keypad entry, and Faraday cages built into their walls, and a self destruct mechanism, and fences around them, and 24/7 armed guards, and a hot line to a fast-response team on a separate near-by base.

For everyone else, well, when you buy tinfoil rolls, remember to buy enough for your hat _and_ your peripherals cables :-)

"TEMPEST: A Signal Problem"

[FranklinWebber]

You are correct. See

http://blog.wired.com/27bstroke6/2008/04/nsa-releases-se.html

for a summary and see

http://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf

for the recently declassified document. The discovery of this problem is dated to 1943.

Worrying thought?

Would this work with ATM keypads?

And this is new?

[Nine+Mirrors+Turning]

How exactly can this be new or newsworthy?
I saw a demonstration 20 years ago almost to the day where guys from the swedish equivalent of NSA captured keystrokes from a Mac Plus at 300 meters distance (I was working in military research at the time).
As a consequence we built a room paneled entirly in copper, with copper chicken wire across the windows and baffled air vents.
Opto-couplers for the phone lines and stabilizers for the power and we were emission free. The whole TEMPEST package.