Stealing Data Via Electrical Outlet

Ponca City, We love you writes "NetworkWorld reports that security consultants Andrea Barisani and Daniele Bianco are preparing to unveil their methodology at the Black Hat USA conference for stealing information typed on a computer keyboard using nothing more than the power outlet to which the computer is connected. When you type on a standard computer keyboard, electrical signals run through the cable to the PC. Those cables aren't shielded, so the signal leaks via the ground wire in the cable and into the ground wire on the computer's power supply. The attacker connects a probe to a nearby power socket, detects the ground leakage, and converts the signal back into alphanumeric characters. So far, the attack has proven successful using outlets up to about 15 meters away. The cost of the equipment to carry out the power-line attack could be as little as $500 and while the researchers admit their hacking tools are rudimentary, they believe they could be improved upon with a little time, effort and backing. 'If our small research was able to accomplish acceptable results in a brief development time (approximately a week of work) and with cheap hardware,' they say, 'Consider what a dedicated team or government agency can accomplish with more expensive equipment and effort.'"

Done that

The SIGINT in the Netherlands did this kind of stuff well before the new millennium, including reading the screen (LCD or CRT) and audio by tapping into the ground or pointing a dish to the emitting circuit, one of the reasons why the whole building handling sensitive information must be encased, making it practically a faraday cage. Only disadvantage is that your cellphone doesn't work although the SIGINT saw that as an advantage.

tempest

[arabagast]

http://en.wikipedia.org/wiki/TEMPEST - the fact that these guidelines exist, means that this is in not new.

It's Tempest, and it is not classified

[Kupfernigk]

Oh dear. I too have signed the Official Secrets Act, and I can tell you that none of the basic stuff is classified at all. No need to make a big mystery of it. Indeed, when working on a restricted project in the early 1980s which involved detecting very small signals, we borrowed a full EMI secured trailer to use backwards (i.e. keep all the external RFI out, including that down all power lines.), and no security measures were applied to its use. Subsequently I worked on EMC for a while, and all the power line and data line securing technology has been in the public domain for ages, along with EMI gaskets for faraday cages, various means of applying conductive films, silver loaded epoxies, CRT enclosures and the rest. The stuff available from Japanese companies on the commercial market was far more advanced than the approved military technology we had been using, owing to the delay involved in the military approvals process.

Securing notebooks is of course much easier than securing PCs because the keyboard data doesn't go outside the system. The intro to the article appears confused. Any signal on the earth line has to be due to capacitative coupling between a keyboard and external ground owing to the well known law that the sum of all the currents in all circuit paths to any junction must be zero. If you want to improve security against ground line signalling when using a notebook, run it on battery using secured wireless networking, and use the built in keyboard and monitor.

Worse than a duplicate: A degrade-licate.

[Futurepower(R)]

I've read both Slashdot articles. They look similar to me. The older one is far superior.

Basically, if you have a keyboard of poor quality that has poor shielding and no noise reduction components, it is possible to read signals. The question is, which keyboards and computers are poorly designed and poorly shielded?

Read the complete story: This PDF, not referenced by Slashdot, tells the whole story: CanSecWest/core09 March 16-20, 2009 (PDF). Quote from page 41: "This doesn't work against USB keyboards because of differential signaling". Also, on page 12: "The [PS/2 keyboard] wires are very close to each other and poorly shielded".

Slashdot articles of especially poor quality: Are they paid advertisements? I've read Slashdot articles for years, and there is now a new phenomenon. A publication runs an article of very poor quality and Slashdot links to it, possibly to lead Slashdot readers to the publication so that they will read the ads. This article was submitted to Slashdot by a professional writer, Hugh Pickens, who is possibly acting as a public relations agent. He has written at least 413 Slashdot articles. Does someone at Slashdot accept money to publish his articles?

Quote from the OLDER article referenced by the OLDER Slashdot story:

'March 12, 2009, 02:46 PM - IDG News Service -

'Inverse Path researchers Andrea Barisani and Daniele Bianco say they get accurate results, picking out keyboard signals from keyboard ground cables.

'Their work only applies to older, PS/2 keyboards [PS/2 connector, not PlayStation], but the data they get is "pretty good," they say. On these keyboards, "the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna," Barisani said.

'That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. They believe they could pick up signals from a distance of up to 50 meters by simply plugging a keystroke-sniffing device into the power grid somewhere close to the PC they want to snoop on.

'Because PS/2 keyboards emanate radiation at a standard, very specific frequency, the researchers can pick up a keyboard's signal even on a crowded power grid. They tried out their experiment at a local university's physics department, and even with particle detectors, oscilloscopes and other computers on the network were still able to get good data.'

Re:usb keyboard?

[thogard]

A USB keyboard will still do a slow scan of row and column and the resistance will go up per keypress and that is what they are looking at. If you can identify the scan frequency, then you can look for current changes at the right times and reconstruct the matrix of key presses. Since most PCs use the same matrix, its trivial to convert the matrix with unknown start values into known start values once you find 0x39 (space bar) shifted some random way and frequently pressed.

Re:random noise generator?

[budgenator]

even usb uses a GND and the D+/D- (data wires) aren't isolated from the GND.
Plus most GND is typically a common ground (through the chassis and to the ground of the power cable).

and if you consider the fact that this was done by unfunded, tiny group in just a week....makes ya wonder what the NSA or any other BIGGER and better funded group would have up their sleeves.

looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.

Now you know why the NSA and the other spooky types keep their classified equipment running off a generator powered by an electrical motor rather than connecting directly to the power grid. When you absolutely have to keep something secret nothing beats Faraday cages, air-gaps and mechanical isolation from the power grid.