Slashdot Mirror
Stealing Data Via Electrical Outlet
Ponca City, We love you writes "NetworkWorld reports that security consultants Andrea Barisani and Daniele Bianco are preparing to unveil their methodology at the Black Hat USA conference for stealing information typed on a computer keyboard using nothing more than the power outlet to which the computer is connected. When you type on a standard computer keyboard, electrical signals run through the cable to the PC. Those cables aren't shielded, so the signal leaks via the ground wire in the cable and into the ground wire on the computer's power supply. The attacker connects a probe to a nearby power socket, detects the ground leakage, and converts the signal back into alphanumeric characters. So far, the attack has proven successful using outlets up to about 15 meters away. The cost of the equipment to carry out the power-line attack could be as little as $500 and while the researchers admit their hacking tools are rudimentary, they believe they could be improved upon with a little time, effort and backing. 'If our small research was able to accomplish acceptable results in a brief development time (approximately a week of work) and with cheap hardware,' they say, 'Consider what a dedicated team or government agency can accomplish with more expensive equipment and effort.'"
what about usb keyboards? those wires are shielded. the compared the signal to a mouse signal so I'm assuming they're talking about ps2. still interesting(alarming) surveillance technology nonetheless
http://it.slashdot.org/article.pl?sid=09/03/12/2038213
even usb uses a GND and the D+/D- (data wires) aren't isolated from the GND.
Plus most GND is typically a common ground (through the chassis and to the ground of the power cable).
and if you consider the fact that this was done by unfunded, tiny group in just a week....makes ya wonder what the NSA or any other BIGGER and better funded group would have up their sleeves.
looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.
very clever how hey grab info using a laser pointer and measuring the vibrations. i'm afraid you might notice the big red dot on your computer though. sienfield flash backs.
If you mod me down, I will become more powerful than you can imagine....
Root is like crack. Don't smoke it. I did once and got hooked. I ran Mac OS Updates as root. ****, I even had sex with my girlfriend as root. Man, that caused some permissions problems. When I started the road to recovery (logging in as Zacks) my girlfriend was all like: "**** no! You can't get any cause you don't own me an I don't go groups. You don't have the power to read, write OR execute so get out of my FACE" So I was all HELL NO bitch. And she wuz like you do not have root (superuser) privlages so get out of my TruBlueEnvironment! So then I went chown and chmodded her ass to me. Dat be-otch be up in my hizzouse. What what. Holla!
The SIGINT in the Netherlands did this kind of stuff well before the new millennium, including reading the screen (LCD or CRT) and audio by tapping into the ground or pointing a dish to the emitting circuit, one of the reasons why the whole building handling sensitive information must be encased, making it practically a faraday cage. Only disadvantage is that your cellphone doesn't work although the SIGINT saw that as an advantage.
Comment removed based on user account deletion
http://en.wikipedia.org/wiki/TEMPEST - the fact that these guidelines exist, means that this is in not new.
Doolittle :
Bomb no.20 : To explode of course.
If the cops or feds really want to spy on you, you will have a hard time preventing it. My advice is not to attract their attention in the first place.
If you're someone like the mafia, you can't use electronic devices and you can't write anything down. Each of your clandestine conversations has to be in a different noisy location so they can't set up a directional microphone or bug. You also have to prevent them from getting a deaf person to lip read you. (I don't have direct experience with criminal gangs but anyone can observe that they usually aren't brought down by wiretaps. The big prosecutions of mafia bosses usually resulted from getting an underling to rat on his boss.) The point is that anyone worried about being spied on can and will take measures to prevent it.
Spying on someone is expensive. Spying on someone's key clicks is particularly expensive and probably won't produce great results. Someone tried an experiment of bugging an office by shining a laser on the window. The results were disappointing. The vast majority of the conversation was uninteresting. The experimenters decided that no useful information would have been gathered.
Tapping telephones and data links is relatively easy (compared with sniffing keystrokes). Stealing someone's laptop is usually also easy. Unless I'm taking measures against those kinds of spying, I'm not worried about having my keystrokes sniffed. If I were at danger of being spied on, I would be much more worried about being betrayed by a 'friend', associate, or employee.
A great deal of people here already know, but for the others:
http://www.erikyyy.de/tempest/
Software to generate images (noise) on your CRT screen so that the generated interference will translate as sound you can listen to on a radio receiver
It works great to listen to music when you do not have a sound card!
I worked in a facility that was fully TEMPEST shielded in the 80's. Dual airlock doors with full metal seals to get in. The power line leakage problem was taken care of a motor/generator setup. Incoming power only went to an electic motor. The motor was connected by a shaft which spun a generator to supply power to the computer room. With only a mechanical connection no data would be leaking back.
Securing notebooks is of course much easier than securing PCs because the keyboard data doesn't go outside the system. The intro to the article appears confused. Any signal on the earth line has to be due to capacitative coupling between a keyboard and external ground owing to the well known law that the sum of all the currents in all circuit paths to any junction must be zero. If you want to improve security against ground line signalling when using a notebook, run it on battery using secured wireless networking, and use the built in keyboard and monitor.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
In this case, there is an easier way, and it's called optical links, which don't radiate RF when you send photons through them.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I've read both Slashdot articles. They look similar to me. The older one is far superior.
Basically, if you have a keyboard of poor quality that has poor shielding and no noise reduction components, it is possible to read signals. The question is, which keyboards and computers are poorly designed and poorly shielded?
Read the complete story: This PDF, not referenced by Slashdot, tells the whole story: CanSecWest/core09 March 16-20, 2009 (PDF). Quote from page 41: "This doesn't work against USB keyboards because of differential signaling". Also, on page 12: "The [PS/2 keyboard] wires are very close to each other and poorly shielded".
Slashdot articles of especially poor quality: Are they paid advertisements? I've read Slashdot articles for years, and there is now a new phenomenon. A publication runs an article of very poor quality and Slashdot links to it, possibly to lead Slashdot readers to the publication so that they will read the ads. This article was submitted to Slashdot by a professional writer, Hugh Pickens, who is possibly acting as a public relations agent. He has written at least 413 Slashdot articles. Does someone at Slashdot accept money to publish his articles?
Quote from the OLDER article referenced by the OLDER Slashdot story:
'March 12, 2009, 02:46 PM - IDG News Service -
'Inverse Path researchers Andrea Barisani and Daniele Bianco say they get accurate results, picking out keyboard signals from keyboard ground cables.
'Their work only applies to older, PS/2 keyboards [PS/2 connector, not PlayStation], but the data they get is "pretty good," they say. On these keyboards, "the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna," Barisani said.
'That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. They believe they could pick up signals from a distance of up to 50 meters by simply plugging a keystroke-sniffing device into the power grid somewhere close to the PC they want to snoop on.
'Because PS/2 keyboards emanate radiation at a standard, very specific frequency, the researchers can pick up a keyboard's signal even on a crowded power grid. They tried out their experiment at a local university's physics department, and even with particle detectors, oscilloscopes and other computers on the network were still able to get good data.'
They leak photons if you bend them just right :-)
This "Story" is a bogus rehashing of old, old methods. Old as in 60 to 80 years old. The NSA has been grabbing serial teletype signals off adjacent signal and power wires for at least that long.
It's old and in this case quantitatively bogus. The keyboard signals are milliamps. The leakage to chassis ground will be at least 40dB down, or under a microamp. The leakage from there to earth ground will be at least another 20dB down so we're down in the nanoamp range. By comparison the background ground currents from the PC's switching power supply and other devices will be several thousand times greater. If there's a light dimmer on the same circuit the noise will be nearly a million times greater. You can't combat that kind of background noise.
Same problem with the keyboard vibrations-laser scheme. They got the idea from a 1930's detective story where the secretary put her gold cigarette case under the phone receiver so her typing could be heard on the other end. Old!
But that only had a chance of working because each typewriter key row has a specific length of lever and spring, plus the typefaces are arrayed in a curve, so each one strikes the paper from a different angle, giving the listener an opportunity to guess the letter from the combination of X info from the length of the lever and spring, and Y info from the typeface strike angle.
But that is completely inapplicable to a modern keyboard, where THE KEYS ARE ALL IDENTICAL. No differing row and arc info at all. Maybe a teensy difference if the keyboard base is flimsy and has a slight change in resonance across the board. But unlikely.
I call bogus.
Old college roommate, former Air Force Intelligience type, one day decided to give me something to think about when I was trying to be more secure with my PC... "Don't you think when you push 'A' on your keyboard or push 'B' on your keyboard that something ever so slightly different happens in your power supply?"
It's very old news amongst SIGINT types...
Maxim: People cannot follow directions.
Increases in truth directly with the length of time spent explaining them
While I'm sure you were jesting (though someone is liable to believe you!), wireless keyboards aren't safe either.
He who has no
Getting rid of the ground prong at the plug won't remove the circuit ground. The neutral prong is still ground in this sense. The ground prong is intended to be connected to the metal chassis, so that if a wire comes loose inside of an appliance and contacts the chassis, it will be shorted to ground instead of causing the chassis to go live.
The reason that there is an additional ground prong and the case isn't just connected to the neutral prong is that it's easier to mess up the wiring of line and neutral at the socket, or use an adapter that's not properly polarized, etc. It's harder to plug the ground prong into anything that's not ground.
If you cut off the ground prong, you're just removing this protection; the circuit ground is still on the neutral connector, so you're not protecting yourself from this attack.