Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Sniff Keystrokes From Thin Air, Wires

Posted by timothy on from the making-a-tempest-of-themselves dept.

narramissic writes "Two separate research teams have found that the electromagnetic radiation that is generated when a computer keyboard is tapped is actually pretty easy to capture and decode. Using an oscilloscope and an inexpensive wireless antenna, the Ecole Polytechnique team was able to pick up keystrokes from virtually any keyboard, including laptops — with 95 percent accuracy over a distance of up to 20 meters. Using similar techniques, Inverse Path researchers Andrea Barisani and Daniele Bianco picked out keyboard signals from keyboard ground cables. On PS/2 keyboards, 'the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna,' Barisani said. That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. Barisani and Bianco will present their findings at the CanSecWest hacking conference next week in Vancouver. The Ecole Polytechnique team has submitted their research for peer review and hopes to publish it very soon."

31 of 217 comments (clear)

  1. needs another tag by Anonymous Coward · · Score: 4, Insightful

    This needs a Van Eck tag, for Stephenson's Cryptonomicon bit.

    1. Re:needs another tag by luder · · Score: 4, Informative

      From wikipedia:

      "Van Eck phreaking is the process of eavesdropping on the contents of a CRT display by detecting its electromagnetic emissions".

      Also worth checking: open-source Van Eck phreaking implementation.

  2. Much ado about nothing? by Tumbleweed · · Score: 5, Funny

    Sounds like a TEMPEST in a teapot to me.

    1. Re:Much ado about nothing? by Prof.Phreak · · Score: 4, Interesting

      Yes, and wasn't there a declassified NSA thing about just this late last year?

      --

      "If anything can go wrong, it will." - Murphy

    2. Re:Much ado about nothing? by nicolas.kassis · · Score: 4, Informative

      They were talking about listening to the noise the keys are making through a computers microphone. This is worse. This is saying that someone can sniff you keystrokes through power lines.

  3. Good news, tinfoil hat crowd! by Anonymous Coward · · Score: 5, Funny

    Tinfoil keyboards! Accessorize, baby!

  4. As a reminder by geekoid · · Score: 4, Informative

    Publishing is one of the first steps in peer review.

    Thank you.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  5. Mouse by Dan+East · · Score: 4, Interesting

    This is exactly why I do all my typing with my mouse on an on-screen virtual keyboard. It's much faster too.

    On a serious note, it is ironic that literally broadcasting a bluetooth signal over-the-air between a wireless keyboard and computer is apparently more secure than a hardwired keyboard.

    --
    Better known as 318230.
    1. Re:Mouse by fuzzyfuzzyfungus · · Score: 4, Insightful

      The nice thing about standardized wireless links is that they are so painfully insecure that people have a hard(er) time maintaining a false sense of security about them, which leads to more care.

      One might also note that the PS/2 port is electrically compatible with the old AT keyboard that debuted in 1984, on a system with a 6MHz 8086. Not exactly an era where the computational cost of encrypting local busses was even remotely sensible.

  6. Re:Guess what by Jmanamj · · Score: 5, Insightful

    They could still do it through wireless. The keys emit a signal that can be picked up no matter what connection the keyboard has to the computer.

    For all you paranoid conspiracy theorists out there that are busy shitting bricks, I will be developing a USB based jamming device that will saturate the area with dummy signals. Please send $100 via brown paper bag on doorstep courier.

  7. thin air: the new menace by girlintraining · · Score: 5, Funny

    I couldn't help but think of drugs when I read the headline: Researchers sniffing lines of keystrokes, complaining about how thin the air has gotten since when they were young. By god, back then the electrons were so thick they had to use thick 8 gauge wiring to make anything work. Why, these days, the electrons have been used and re-used so much that we can use 24ga wiring for communications. Hey, are you gonna finish that line of qwertyuiop?

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:thin air: the new menace by andrewd18 · · Score: 4, Funny

      Clearly we need to get rid of this "air" problem. If there's no medium to sniff the keystrokes from, our children will be safe. WON'T SOMEONE THINK OF THE CHILDREN?

  8. Van Eck phreaking? by gandhi_2 · · Score: 5, Interesting

    I remember talk about this in the 80's. Van Eck Phreaking

    --
    THL phish sticks
  9. Re:Guess what by Chabo · · Score: 4, Funny

    Real data thieves don't even bother with a keystroke sniffer: they know the sound of each key, so they only have to hear your password being typed to know it.

    --
    Convert FLACs to a portable format with FlacSquisher
  10. Phreaking by debrain · · Score: 3, Informative

    Nifty wiki links:
    Van Eck Phreaking
    TEMPEST
    Rainbow series

  11. LOL, yeah by Giant+Electronic+Bra · · Score: 4, Informative

    You beat me to it. DOD has had a whole system (TEMPEST) for classifying this kind of EM emissions from secured systems at least since the mid 1980's. Nothing new about it at all. I recall working for a particular defense contractor where we had an entire 'black area' of the plant that was TEMPEST rated. Independent filtered power, EMF shielding everywhere, etc. It was pretty expensive to set up too.

    --
    "Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
    1. Re:LOL, yeah by inKubus · · Score: 4, Interesting

      Yeah, the university I worked at did some government work and actually used a mechanically isolated power system. Basically they had a big motor (or several, actually) and it was directly connected to a generator (with a flywheel I think). This meant a totally independent power loop as inside the building, and the flywheel smoothed out any spikes. Obviously not highly efficient, but a good way to decouple for security and safety purposes.

      --
      Cool! Amazing Toys.
  12. Re:Guess what by fuzzyfuzzyfungus · · Score: 5, Informative

    I can't hear you sonny, type louder!

  13. I knew this day would come by loconet · · Score: 5, Funny

    I knew it. Many others have been discussing the potentials for this type of eavesdropping for many years. Ha! and they laughed at me when I started protecting my stuff...

    --
    [alk]
  14. In other news by UnknowingFool · · Score: 4, Funny

    Stock prices for Alcoa shot up as stores reported a sudden shortage of aluminum foil. The Alcoa spokesman was at a loss to explain the sudden shortage.

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
  15. 8 gauge wire by Savage-Rabbit · · Score: 3, Interesting

    By god, back then the electrons were so thick they had to use thick 8 gauge wiring to make anything work.

    Some years ago I waked into a computer store to buy a hard drive. Along one of the walls was a series of glass displays containing a small selection of vintage computer equipment. One of the displays contained a gigantic object that looked like it would take two men to shift. It consisted of a really massive looking cast metal casing out of which protruded some disks, arms, some clumsy looking circuit boards and the thing was powered by a quite sizeable 220 volt electric motor of the type one is used to seeing attached to a really big fat lumber saw. I had to take a few steps back before I realised the thing was a (8 GB as it turned out) hard drive from the early 80s and not a piece of industrial machinery with it's panelling removed. I walked out of that place with a 20 Gb hard drive in my hand. Kind of makes one marvel over how far we have come in terms of miniaturisation.

    --
    Only to idiots, are orders laws.
    -- Henning von Tresckow
  16. As with ALL security research by Ungrounded+Lightning · · Score: 3, Insightful

    As a lay man, I cannot see a genuine use of this technology without breaking the law.

    As with ALL security research there's ALWAYS one legal use: Using the info and techniques to find ways to defend yourself against bad guys who use the techniques against you and to test that your defenses are adequate.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    1. Re:As with ALL security research by harry666t · · Score: 3, Insightful

      ...unless you're in Germany.

  17. Re:Guess what by belmolis · · Score: 5, Informative

    A surefire way to get around keyboard monitoring is not to use one. It is admittedly rather tedious, but if you have good cause to be concerned about security, you can use an on-screen keyboard. As far as I know, they can't obtain the necessary information by monitoring your mouse signals.

    Martus, a package aimed at human rights workers who need to keep their activities secret from hostile governments, includes an on-screen keyboard.

  18. Re:Guess what by internerdj · · Score: 4, Funny

    So listening to mp3s on my computer is a security protection rather than a security risk? Hold on. I have to go complain to IT.

  19. FUD by sgt+scrub · · Score: 5, Funny

    This is a plot by GUI users to spread fear uncertainty and doubt upon cli applications. May CLI live forever!

    --
    Having to work for a living is the root of all evil.
  20. Re:Guess what by Culture20 · · Score: 4, Funny

    A surefire way to get around keyboard monitoring is not to use one. It is admittedly rather tedious, but if you have good cause to be concerned about security, you can use an on-screen keyboard.

    Tempest.

    In future ITSO announcements:
    Your pass-group must contain one of each of the following:

    1. 20 character passphrase
    2. keyfob fingerprint reader
    3. rentinal scan
    4. one spoken word (which may not be any of: [cut dear don't everything eye God I my no off out take thumb told you])
    5. MRI scan of you imagining your "happy place"
  21. Re:Guess what by MadnessASAP · · Score: 3, Interesting

    One second while I tune my antennas to your monitor frequency.

    --
    I may agree with what you say, but I will defend to the death your right to face the consequences of saying it.
  22. Re:Guess what by Linker3000 · · Score: 4, Funny

    Keyboardless? Try this... http://www.theonion.com/content/video/apple_introduces_revolutionary

    --
    AT&ROFLMAO
  23. "TEMPEST: A Signal Problem" by FranklinWebber · · Score: 3, Informative

    You are correct. See

    http://blog.wired.com/27bstroke6/2008/04/nsa-releases-se.html

    for a summary and see

    http://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf

    for the recently declassified document. The discovery of this problem is dated to 1943.

  24. Re:The solution is obvious... by evilviper · · Score: 3, Insightful

    In a world where everybody knows what everybody else is thinking at all times and all places, anybody with evil plans would find it hard to carry them out.

    What makes, eg. bidding/negotiations some form of "evil plans"? Such methods certainly require secrecy on the part of BOTH parties.

    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant