-
October 20th, 2008, 08:54 PM
#1
Wired Keyboards "Broadcast" Keystrokes
There was always a concern over wireless keyboards, though good designs have mitigated snooping on their wireless signals. But now it looks like wired keyboards (with poor shielding?) offer no guarantee of privacy.
Compromising Electromagnetic Emanations of Wired Keyboards - Security and Cryptography Laboratory - LASEC/EPFL
To determine if wired keyboards generate compromising emanations, we measured the electromagnetic radiations emitted when keys are pressed. To analyze compromising radiations, we generally use a receiver tuned on a specific frequency. However, this method may not be optimal: the signal does not contain the maximal entropy since a significant amount of information is lost.
Our approach was to acquire the signal directly from the antenna and to work on the whole captured electromagnetic spectrum.
If your eyeballs can't cope with the gray-on-gray color scheme of the site, just watch the videos.
-
October 20th, 2008, 09:17 PM
#2
This is really interesting and we've heard of it being done in the past with monitors... but it does seem to be rather lab-based at this point (especially based on the videos).
They removed all other sources of interference (monitor, power supply, and even laptop power supply).
They typed extremely slowly.
What happens in a real world situation where you have a monitor and power supply, or potentially multiple computers in a single room with other electronic devices? Can the decode program separate the keystrokes from the noise? If you have multiple keyboards can it distinguish them due to a unique pattern? If a person was typing at 60, 80, or 100wpm would they still be able to sniff the keystrokes?
Right now they've got my interest, but I'm really eager to see the report or real world demonstration footage, before I become really excited about this.
-
October 20th, 2008, 09:22 PM
#3
HTRegz brings up some good points. You guys remember the report that was talking about recording the audio from someone typing it, and analyzing it to determine keystrokes? What ever happened to that?
As far as looking at the electromagnetic spectrum, [much like the van eck devices]... I think there would be a ton of interference in a typical lab setting, where most of the keyboards are the same model.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
October 20th, 2008, 09:47 PM
#4
Originally Posted by westin
As far as looking at the electromagnetic spectrum, [much like the van eck devices]... I think there would be a ton of interference in a typical lab setting, where most of the keyboards are the same model.
I'd normally agree, except that the keyboard they are testing on appears to be rather old and doesn't look to match any other keyboards that they briefly pass by as they walk around.
-
October 21st, 2008, 02:52 PM
#5
What happens in a real world situation where you have a monitor and power supply, or potentially multiple computers in a single room with other electronic devices? Can the decode program separate the keystrokes from the noise? If you have multiple keyboards can it distinguish them due to a unique pattern? If a person was typing at 60, 80, or 100wpm would they still be able to sniff the keystrokes?
IMO, You all have valid points in regards to the electromagnetic spectrum - I agree.
However, the one thing i wanted to point out was that in the 'real world' situation, with various sources of radiation, especially a CRT monitor, but even small devices like a digital wristwatch all have an acumulative effect..... In the real world scenario, the radiation emitted from the keyboard is very small, and would simply be drowned out by all of the other devices, some of which give of a thousand times more electromagnetism.
In a room with a 400W Psu and typical full tower config, monitor and peripherals, printer on standby, radio, tv, nintendo ds being played in the next room - you would have to be right next to the keyboard/cord to detect the signal needed.
Furthermore, under controlled conditions as in the videos, the radiation from the keyboard it would be impossible to detect at a distance, it again would be drowned out from naturally occuring electromagnetism - From the iron in building structures, the the rodents that live in them.
CTO
"Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
- Albert Einstein
-
October 27th, 2008, 05:23 PM
#6
http://bss.sfsu.edu/fischer/ir%20360...gs/tempest.htm
IMO it really doesn't matter much. Big Brother cannot work. T.M.I and Humans are going to have to interpret the data.
And why would I bother analyzing your keyboards electronic output when all I have to do is remotely connect to port 445? As mentioned in another thread around here, tons of users have their computers connected directly to the WWW with no firewall. AND lots of them communicate with "secure" systems.
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
Similar Threads
-
By bkowen in forum Network Security Discussions
Replies: 6
Last Post: December 3rd, 2005, 02:29 AM
-
By staticsage in forum Newbie Security Questions
Replies: 6
Last Post: October 5th, 2005, 01:59 AM
-
By wildred in forum Wireless Security
Replies: 2
Last Post: June 28th, 2005, 02:09 PM
-
By 11001001 in forum Tech Humor
Replies: 0
Last Post: August 17th, 2004, 01:33 PM
-
By Tedob1 in forum Miscellaneous Security Discussions
Replies: 4
Last Post: June 11th, 2003, 09:29 PM
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|