Slashdot Mirror
Stealing Data Via Electrical Outlet
Ponca City, We love you writes "NetworkWorld reports that security consultants Andrea Barisani and Daniele Bianco are preparing to unveil their methodology at the Black Hat USA conference for stealing information typed on a computer keyboard using nothing more than the power outlet to which the computer is connected. When you type on a standard computer keyboard, electrical signals run through the cable to the PC. Those cables aren't shielded, so the signal leaks via the ground wire in the cable and into the ground wire on the computer's power supply. The attacker connects a probe to a nearby power socket, detects the ground leakage, and converts the signal back into alphanumeric characters. So far, the attack has proven successful using outlets up to about 15 meters away. The cost of the equipment to carry out the power-line attack could be as little as $500 and while the researchers admit their hacking tools are rudimentary, they believe they could be improved upon with a little time, effort and backing. 'If our small research was able to accomplish acceptable results in a brief development time (approximately a week of work) and with cheap hardware,' they say, 'Consider what a dedicated team or government agency can accomplish with more expensive equipment and effort.'"
what about usb keyboards? those wires are shielded. the compared the signal to a mouse signal so I'm assuming they're talking about ps2. still interesting(alarming) surveillance technology nonetheless
Powerline Ethernet
Nothing we use our computers for is safe from these pesky hackers.
Time to go back to Tables of Stone.
http://it.slashdot.org/article.pl?sid=09/03/12/2038213
even usb uses a GND and the D+/D- (data wires) aren't isolated from the GND.
Plus most GND is typically a common ground (through the chassis and to the ground of the power cable).
and if you consider the fact that this was done by unfunded, tiny group in just a week....makes ya wonder what the NSA or any other BIGGER and better funded group would have up their sleeves.
looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.
very clever how hey grab info using a laser pointer and measuring the vibrations. i'm afraid you might notice the big red dot on your computer though. sienfield flash backs.
If you mod me down, I will become more powerful than you can imagine....
More and more people are using them, there's no encryption and each keypress is broadcast direct.
What we want is a technique to convert power-line signals into keystrokes.
...before their site gets hacked by Anti-Sec?
Root is like crack. Don't smoke it. I did once and got hooked. I ran Mac OS Updates as root. ****, I even had sex with my girlfriend as root. Man, that caused some permissions problems. When I started the road to recovery (logging in as Zacks) my girlfriend was all like: "**** no! You can't get any cause you don't own me an I don't go groups. You don't have the power to read, write OR execute so get out of my FACE" So I was all HELL NO bitch. And she wuz like you do not have root (superuser) privlages so get out of my TruBlueEnvironment! So then I went chown and chmodded her ass to me. Dat be-otch be up in my hizzouse. What what. Holla!
The SIGINT in the Netherlands did this kind of stuff well before the new millennium, including reading the screen (LCD or CRT) and audio by tapping into the ground or pointing a dish to the emitting circuit, one of the reasons why the whole building handling sensitive information must be encased, making it practically a faraday cage. Only disadvantage is that your cellphone doesn't work although the SIGINT saw that as an advantage.
I'm guessing (hoping?) this doesn't work if you have an in-line UPS (that conditions power constantly) as that should hopefully futze (technical term, really) the signal up? I'd be curious to know about that. I'm also assuming this doesn't work for USB as well since most computers have multiple USB devices (hopefully transmitting/receiving enough to mask the keyboard signal).
What now? Flickr? Photobucket? Porntube? What will the neon hats do next?
Comment removed based on user account deletion
In this day and age you cannot be too careful !! Encrypt your data input !! YES !! While you type !! You can do this NOW !! and for the low low price of only $189,00. Act quickly as supplies are LIMITED !!
http://ratsass.org.net.bg/
Do it today and have that safe, summer's evening feeling all the time !! Because you never know what I'll do with your data !!!!!
http://en.wikipedia.org/wiki/TEMPEST - the fact that these guidelines exist, means that this is in not new.
Doolittle :
Bomb no.20 : To explode of course.
If the cops or feds really want to spy on you, you will have a hard time preventing it. My advice is not to attract their attention in the first place.
If you're someone like the mafia, you can't use electronic devices and you can't write anything down. Each of your clandestine conversations has to be in a different noisy location so they can't set up a directional microphone or bug. You also have to prevent them from getting a deaf person to lip read you. (I don't have direct experience with criminal gangs but anyone can observe that they usually aren't brought down by wiretaps. The big prosecutions of mafia bosses usually resulted from getting an underling to rat on his boss.) The point is that anyone worried about being spied on can and will take measures to prevent it.
Spying on someone is expensive. Spying on someone's key clicks is particularly expensive and probably won't produce great results. Someone tried an experiment of bugging an office by shining a laser on the window. The results were disappointing. The vast majority of the conversation was uninteresting. The experimenters decided that no useful information would have been gathered.
Tapping telephones and data links is relatively easy (compared with sniffing keystrokes). Stealing someone's laptop is usually also easy. Unless I'm taking measures against those kinds of spying, I'm not worried about having my keystrokes sniffed. If I were at danger of being spied on, I would be much more worried about being betrayed by a 'friend', associate, or employee.
Many 'net junkies like to say things like "Information wants to be free!" as if there was something anthropic about information.
But information is the foundation of the Universe, so much so that quantum mechanics is routinely described with terms like "information loss" and even measured. It's almost like Douglas Adams was right all along, and the universe actually is a large supercomputer trying to find out the answer to life, the universe, and everything. Where are the hyper-intelligent mice?
But if the universe is information, then the laws of the universe apply to information itself. Laws, such as: Every action has an equal and opposite reaction.
While things like shields and noise generators serve to obfuscate what goes on in a computer, they don't actually solve the basic issue that power *is* being consumed, radio waves *are* being generated, heat is being generated, and that these properties will *always* be detectable by various means so long as they are, in fact, being generated.
The only possible way around this might be some form of reversible computing but the basic programming model will require so many architectural changes to enact that it's realistically an entirely new form of computing.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
not sure, but i think there was a similar article posted here a few weeks ago, maybe i saw it on digg, not sure but have read this earlier
So even my keyboard needs a tinfoil hat right now!
The military has had line filters and other protocols to deal with this exact issue in place for at least 20 years now.
And no, that's not idle speculation, it was one of the things we had to deal with when I was in the military.
It's even referred to by one of those silly military project names.
Sorry, I'm not sure if I can post the name, so I won't.
(If someone else posts it, correctly or otherwise, I will neither confirm nor deny it's accuracy, so please don't ask.)
There is going to be a lot more induced signal onto the earth of a PC than just keyboard signals. PC's use switch mode power supplies, these are very very noisy electrically. Let's not even start with the multitude of other sources of induced EMF in a modern PC. I just don't believe these guys. Sorry. (Electrical Engineer of some 25 years).
Would a Hum-X filter it out?
http://www.ebtechaudio.com/humxdes.html (~$70 from Guitar Center or similar stores) -- basically a small filter to help eliminate noise on ground lines (quite useful for fixing A/V problems involving differences in ground, i.e.: when you have a projector on a different circuit than your audio equipment).
Surely half the job has been done by the increased use of wireless keyboards? I know they're generally short-range transmitters, but wouldn't it be relatively easy to reverse-engineer the wireless communication of various company's wireless devices to create a universal listening device?
, 'Consider what a dedicated team or government agency have already accomplished with more expensive equipment and effort.'"
FTFY.
Stealing power is where it's at. They should come up with a way to steal power instead.
I record my sleeptalking
No, that's not right, there's no 'g' in bankrupt.
you can't "steal" data.
you can compromise the data, hack it, crack it, breach the computer, etc, but its not theft.
Please don't promote this butchery of the english language being perpetrated by luddites and imbeciles so paranoid they feel the need to apply a double standard in which the bill of rights does not apply on the internet.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Some/all of APC's surge suppressors contain in-line EMI filters.
Is that enough to stop this hack?
A great deal of people here already know, but for the others:
http://www.erikyyy.de/tempest/
Software to generate images (noise) on your CRT screen so that the generated interference will translate as sound you can listen to on a radio receiver
It works great to listen to music when you do not have a sound card!
What if the power outlet does not have a ground wire? Or the cable from the computer to the outlet does not have one, would the hack then be possible?
I worked in a facility that was fully TEMPEST shielded in the 80's. Dual airlock doors with full metal seals to get in. The power line leakage problem was taken care of a motor/generator setup. Incoming power only went to an electic motor. The motor was connected by a shaft which spun a generator to supply power to the computer room. With only a mechanical connection no data would be leaking back.
Not only are there two different cases and two different conferences, even the methods are different.
In this one the idea is to monitor the ground cable at the power outlet. In the link you posted the idea is that ground cable works as an antenna and they monitor the microwaves sent by it.
This is /., we can't demand that people RTFA. But reading even through the summaries would be nice.
I suspect the best way (at a law enforcement level) to listen to the electrical contents of a house or business would be to add an appropriate circuit to the "smart" power meters already in place.
These meters can already offer other services to the home in some cases, like localized BPL, and demand shut-down of air conditioners and such.
How much harder would it be to add a relay for surveillance of home electronics? With a warrant, of course.
Securing notebooks is of course much easier than securing PCs because the keyboard data doesn't go outside the system. The intro to the article appears confused. Any signal on the earth line has to be due to capacitative coupling between a keyboard and external ground owing to the well known law that the sum of all the currents in all circuit paths to any junction must be zero. If you want to improve security against ground line signalling when using a notebook, run it on battery using secured wireless networking, and use the built in keyboard and monitor.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
So far as this being a practical way of eavesdropping - I don't buy it. There are lots more established methods of discovering what people are typing, plus this seems to completely overlook all the activity from the mouse. Governmant agencies? Nah, if money was an issue, they'd just kick the door down and take your PCs away. if they want to be stealthy they have far more resources to apply to the problem and far more reliable solutions.
A nice lab experiment, but no practical use.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
I've read both Slashdot articles. They look similar to me. The older one is far superior.
Basically, if you have a keyboard of poor quality that has poor shielding and no noise reduction components, it is possible to read signals. The question is, which keyboards and computers are poorly designed and poorly shielded?
Read the complete story: This PDF, not referenced by Slashdot, tells the whole story: CanSecWest/core09 March 16-20, 2009 (PDF). Quote from page 41: "This doesn't work against USB keyboards because of differential signaling". Also, on page 12: "The [PS/2 keyboard] wires are very close to each other and poorly shielded".
Slashdot articles of especially poor quality: Are they paid advertisements? I've read Slashdot articles for years, and there is now a new phenomenon. A publication runs an article of very poor quality and Slashdot links to it, possibly to lead Slashdot readers to the publication so that they will read the ads. This article was submitted to Slashdot by a professional writer, Hugh Pickens, who is possibly acting as a public relations agent. He has written at least 413 Slashdot articles. Does someone at Slashdot accept money to publish his articles?
Quote from the OLDER article referenced by the OLDER Slashdot story:
'March 12, 2009, 02:46 PM - IDG News Service -
'Inverse Path researchers Andrea Barisani and Daniele Bianco say they get accurate results, picking out keyboard signals from keyboard ground cables.
'Their work only applies to older, PS/2 keyboards [PS/2 connector, not PlayStation], but the data they get is "pretty good," they say. On these keyboards, "the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna," Barisani said.
'That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. They believe they could pick up signals from a distance of up to 50 meters by simply plugging a keystroke-sniffing device into the power grid somewhere close to the PC they want to snoop on.
'Because PS/2 keyboards emanate radiation at a standard, very specific frequency, the researchers can pick up a keyboard's signal even on a crowded power grid. They tried out their experiment at a local university's physics department, and even with particle detectors, oscilloscopes and other computers on the network were still able to get good data.'
There are probably some NSA designers out there reminding everyone that it was inevitable someone would figure it out and luckily they still had 500 more ways to get the same data.
Years ago at Hanford they were doing some experiments monitoring the power going into a house. Discovered they could tell exactly what was going on in every room at any given moment just by watching minor fluctuations in the power signal. I can't remember if it was utility sponsored research or DoE funded. It was discontinued over privacy concerns...or so they said at the time. I'm sure the NSA wouldn't share those concerns. With the right equipment I'm wondering if you couldn't key log every computer in the house for entire neighborhoods?
The day I have to run a Wild Weasel mission to mask keystrokes on my wall outlets is the day I'm going to get really serious about moving off grid.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
my apartment only has grounding wires in the kitchen, so i'm safe.
Snowden and Manning are heroes.
Inventors of the methodology were last seen being vigorously helped into vans by friends of their.
With a UPS battery in between, your line noise should be stabilized enough not to be read. As another advantage, if there is a power cut, your system stays on long enough for safety measures.
This "Story" is a bogus rehashing of old, old methods. Old as in 60 to 80 years old. The NSA has been grabbing serial teletype signals off adjacent signal and power wires for at least that long.
It's old and in this case quantitatively bogus. The keyboard signals are milliamps. The leakage to chassis ground will be at least 40dB down, or under a microamp. The leakage from there to earth ground will be at least another 20dB down so we're down in the nanoamp range. By comparison the background ground currents from the PC's switching power supply and other devices will be several thousand times greater. If there's a light dimmer on the same circuit the noise will be nearly a million times greater. You can't combat that kind of background noise.
Same problem with the keyboard vibrations-laser scheme. They got the idea from a 1930's detective story where the secretary put her gold cigarette case under the phone receiver so her typing could be heard on the other end. Old!
But that only had a chance of working because each typewriter key row has a specific length of lever and spring, plus the typefaces are arrayed in a curve, so each one strikes the paper from a different angle, giving the listener an opportunity to guess the letter from the combination of X info from the length of the lever and spring, and Y info from the typeface strike angle.
But that is completely inapplicable to a modern keyboard, where THE KEYS ARE ALL IDENTICAL. No differing row and arc info at all. Maybe a teensy difference if the keyboard base is flimsy and has a slight change in resonance across the board. But unlikely.
I call bogus.
I just cut 2 power cables off of old power supplies, I have spliced the cut ends together; pos to pos, neg to neg, grd to grd. It's one long cable terminating in a 3 prong power plug at each end!
It's so eloquent!!!
Now all I have to is plug one side into an outlet and plug the other side into another outlet that is about 5 feet away!!!
I'm sure It'll probably send those secret stealing feds into an endless loop.
I've got one side plugged in, just gotta get this other side plugged in and THEN WE'LL SEE WHO'S LAUGHING!!!
so one day this will be in a laptop form factor. You have a visitor who comes in, plugs his laptop into a power socket (our security policy doesn't prevent that; it only prevents network access), and bam he's sniffing keyboards from yards away.
Cool!
What about chopping the gnd pin in the plug? do computers really really need a gnd connection?
I mean, where i live (Peru) is hard to find power outlets with gnd, most common households simply lack it, or if the outlet has it, is not even wired. What most people here do is simply chop out the gnd pin or use an adapter, they do this with every electronic appliance. I have been doing this with all my computers and never ever had any problem related, even had some of them working for more than 15 years and no problems so far.
The biggest hassle you have to deal with are some small sparks when connecting some devices and thats it.
btw: There are no thing like electrical storms or even proper rain in Lima, so ymmv..
Old college roommate, former Air Force Intelligience type, one day decided to give me something to think about when I was trying to be more secure with my PC... "Don't you think when you push 'A' on your keyboard or push 'B' on your keyboard that something ever so slightly different happens in your power supply?"
It's very old news amongst SIGINT types...
Maxim: People cannot follow directions.
Increases in truth directly with the length of time spent explaining them
You'll be able to get them at Best Buy for $129.99.
Do you really need a random noise generator ?
Maybe it's just me, but my computers and all networking gear is connected to the main house power via UPS systems. Besides not wanting the random voltage spike or power failure to kill my system, it's designed to filter noise off the line to begin with, so I have serious doubts any noise generated from the computer will "leak" out past the UPS going the other way. . . .
"... ground cable works as an antenna and they monitor the microwaves sent by it"
You don't understand the technology. Microwaves are very high frequency. They are monitoring very low-frequency signals.
I wonder if having a isolation transformer, or UPS keeps this from happening.
While I'm sure you were jesting (though someone is liable to believe you!), wireless keyboards aren't safe either.
He who has no
Looks like time to start adding random noise to the ground line.
Next problem please.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Getting rid of the ground prong at the plug won't remove the circuit ground. The neutral prong is still ground in this sense. The ground prong is intended to be connected to the metal chassis, so that if a wire comes loose inside of an appliance and contacts the chassis, it will be shorted to ground instead of causing the chassis to go live.
The reason that there is an additional ground prong and the case isn't just connected to the neutral prong is that it's easier to mess up the wiring of line and neutral at the socket, or use an adapter that's not properly polarized, etc. It's harder to plug the ground prong into anything that's not ground.
If you cut off the ground prong, you're just removing this protection; the circuit ground is still on the neutral connector, so you're not protecting yourself from this attack.
There was a Slashdot story about this recently, though the equipment was a bit simpler, basically a piece of paper saying "List all your social networking sites and passwords along with your job application."
Black metal is white noise.
That's why I run my computer off a car battery!
Either way this is cool. Sure they could just get a key logger, whatever. It's not "OH NOEZ PARANOIA" it's "Whoa you can do that?".
I've noticed it with my guitar as well--if I scroll on my computer, the amp generates different noise. Dimming the lights also does this, but more drastically.
One reason this is possible is because there is no regulation, or very little, on PCs anymore. I doubt a modern power supply could pass a conducted immunity test if someone's life depended on it.
Hey, is this about X.10? That's been around for a pretty long time. Ambient noise doesn't help too much anymore either since you can use it as a carrier wave and then filter out the frequencies you want at a distance. So sometimes the noisier a city gets, (or an electrical line) the further the reach of that particular technology. As far as I know, that one is not yet on the shelves at Radio Shack. DC or AC current make a difference?
pwn their router.
You get all outbound and inbound information available to you. Heck, knowing what webpages someone is accessing is useful enough for most things.
That's 413 articles published by Slashdot, not just submissions.
This has been in use for a LONG time by the Military. Check out Tempest
I think someone has been watching too many hollywood films
"Consider what a dedicated team or government agency can accomplish with more expensive equipment and effort."
you mean "consider what they have already accomplished"
Just...use a laptop and unplug it. I guarantee they can't use this method then.
This really is no new discovery. More than 25 years ago, DOD-certified equipment used a form of active noise as a shield around systems used for classified documents. "Tempest-shielded" equipment was highly controlled, and companies responsible for misplacing a tempest shielded system were subject to some pretty severe penalties as well as the immediate revocation of their rights to build or maintain such equipment. We forget so much in the technology sphere, and it takes very little research to discover ways of accessing systems we thought we had "fixed" long ago.
I wonder if a standard UPS is enough isolation to mask the signal? I guess there are two types, the cheap ones which kick in when power fails, and the double conversion style, like Exide, which always convert AC to DC, then convert the DC back to AC. That let's them just add a little power during a brownout.
For all I know all of the major brands might be double conversion, but the Exide is the only one I've used which doesn't go to all battery power on low voltage.
Any properly designed UPS would certainly not allow ANY noise to be conducted to the wall power plug.
All UPS units convert AC do DC, and then back to AC. The better ones have extra hardware that adjusts for low input voltage conditions.
There is a big capacitor across the DC which would certainly act as a short for any keyboard signal.