We always knew those electromagnetic emanations would amount to no good, and now here they go ruining any shred of privacy we once thought to possess. Some folks from the Security and Cryptography Lab at Switzerland's EPFL have managed to eavesdrop on the electromagnetic radiation shot off by shoddy wired keyboards with every keystroke. They've found four different ways to listen in, including one previously-published general vulnerability, on eleven keyboard models ranging from 2001 to 2008, with PS/2, USB and laptop keyboards all falling to at least one of the four attacks. The attack works through walls, as far as 65 feet away, and analyzes a wide swath of electromagnetic spectrum to get its results. With wireless keyboards
already feeling the sting of hackers, it's probably fair to say that no one is safe, and that cave bunkers far, far away from civilization are pretty much our only hope now. Videos of the attacks are after the break.
[Thanks, Dave]
posted Oct 20th 2008 1:14PM
And the Cryptonomicon references are...GO!
"All your keyboards are belong to us!"
I came here for the Van Eck Phreaking / Randy Waterhouse / Golgotha references... I am glad to, once again, see Engadgeteers rise the the challenge.
/nods approvingly.
Time to wrap my keyboard in a faraday cage..
And your complete workstation...
Or apparently just plug your laptop into its DC power supply, or use a CRT monitor, or the PSU in a desktop, or generate some EM noise on the same band as the keyboard.
Note how they were very careful to isolate the keyboard from any potential source which would contaminate the signal. Therein lies how to secure the system; obscure it in noise and suddenly the keyboard presses are indistinguishable from noise.
Don't keyboards generate electromagnetic fields at a different frequency than CRTs, etc?
time to start carrying around a faraday cage and a very long wifi antenna.
Problem solved, covert all of your keyboard connections to fiber optic.
Spooky, but i feel like if they started adding encryption to the keyboard before it even transmitted the keypresses over the wire, it would eliminate this kind of attack.
-Taylor
More likely, something like a "secure" keyboard will be marketed to governments and companies trying to protect trade and national security secrets, probably at an exorbitant price per unit, compared to what your average Instructables reader/contributor could come up with stuff from the spare parts bin.
And part if not all of me thinks that this is the whole point of a lot of this type of "security" research. "Find an ultraobscure vulnerability, not for research, but to market a product."
There's a lot of value in security research, but it always seems so...dirty on both sides of the equation in the final analysis.
$$$$
encryption can be cracked... but how about transmitting data by cheap audio fiber optic wire
If I were to protect myself...
1. Plug in laptop to power supply and place near keyboard.
2. Put AC adaptor for modem near keyboard.
3. Put printer AC adaptor near keyboard.
4. Put AC-powered alarm clock near keyboard.
5. Put Playstation 2 adaptor near keyboard.
6. Put AC-powered piece of crap LCD TV near keyboard. (My LCD TV creates a helluva lot of noise).
7. All devices make many of a interference.
8. Interference preventing recognizing signalling from keyboard.
9. Profit?
These are the things I have in handy in my room so I use them.
New security requirements:
1) Type faster than 1 keystroke per second, or 2) Use a monitor to see what you are typing, or 3) Use a computer like you normally use a computer (Connected to power, with a monitor, with nearby speakers|telephone|cell phone|mouse)
As xocoatl mentioned, the best way would be to make fiber optic keyboards, which will probably happen with USB 3 as I have heard it will have fiber optics in it.
seems cool, but limited. they took every precaution to make sure there was no signal bleed from other sources, so what is the chance that anyone types on a keyboard with power but no power, audio, or video cables near it?
I was thinking the same thing. Wouldn't this pick up other sources as well? Even if it doesn't, what about in an office setting or coffee shop where there are multiple keyboards typing at once, it would just get a jumbled mess of letters and numbers, right?
Or in an office that has 400 different keyboards all typing different things at the same time
and a a rate of one keystroke per second..?
This doesn't mean that picking up on your typing is not possible with a monitor or PSU plugged in. This is merely an experiment. Refinement of the signals would more than be possible to do i'm sure.
I gathered that they removed all that equipment so that there was no way they could cheat this proof-of-concept video. For example, they unplugged it from the PC so that they couldn't have it secretly running and transmitting all the keystrokes wirelessly.
Hmm... a phased array of antennae would help distinguish signals from several sources. Seems speed the slow speed of the 'capturing' could be due to the large amount of data that needs to be ADC'ed and saved before being processed, and the processing itself. I'm sure that, with sufficient funds, typing from multiple sources at 'normal' typing speed should be quite achievable.
Seems easy to thwart this .. simply apply an RF choke on your wired kb. As simple as passing the cable through a small coil.
i doubt it. even laptop keyboards were vulnerable, and they don't have a cord at all.
-Taylor
Oh my god, the one keyboard they displayed, the black curved one, is the one I have. (I think o.O)
Never mind, I went back and watched and paused it super fast so it was like frame by frame. Also, it looks like they tested those flat Apple keyboards. Its at 2:47 and has a white USB cord.
I think all almost all wired consumer keyboards are vulnerable.
That's why I type on a wireless keyboard! No one can eavesdrop on logitech RF technology!! (Just kidding.)
lol!
Now, not even our tin foil hats can protect us!!!
But, I agree with Matt as well. This was done in a controlled environment. With cell phones giving us cancer, wifi signals coming a dime a dozen around us, GSM phones making our old monitors twitch, and add your own...i'm sure the results would be a LOT less than perfect in the real world.
errrr...I hope they'd be..hahahaha
@ josh
we where thinking the same thing at the same time. guess i need to refresh my screen before posting replies
Um... well so far this isn't scaring me, I never type that slow (and I don't know anyone that does), I have a LCD monitor, and I have a tower with a power supply. So I'm pretty darn safe. And it looks to my like anyone who types with there screen up on there laptop, or with it plugged in, is safe too.
Scary!!! Lucky my keyboard want on there.
This has been done before...Look up TEMPEST on Wikipedia. http://en.wikipedia.org/wiki/TEMPEST
There is even a standard to test to for protection against this sort of attack.
I was just about to post about tempest to. Saw this article (on Cnet or Slashdot) as well this morning. How soon people forget about old exploits.
Move along people, there's no news here, just a rehash of 30 year old security vulernabilities.
Good thing it can't detect typing on my iPhone!
/i keed, i keed!
too bad even you can't detect typing on your iphone
I wouldn't be surprised if the government would stand up and acquire (READ: copy) this kind of technology, and given their resources, manage to shrink all that paraphernalia into a simple laptop (or close to it, at least) and a small antenna. However, the software able to decode the keystrokes at a fast pace whilst filtering all the noise sources is miles away.
No wonder Switzerland wisely stays out of wars. This technology has been around since the 1960's. Tim above is correct. TEMPEST is real and it has been part of electronics certifications for some government projects for decades.
You guys can joke, and on most levels this isn't an issue. But for some uses this is a serious security concern that shouldn't be taken lightly - encrypted passwords mean nothing if you can read raw key data by just sitting outside a bank (government agency) in your car (van).
Would have been more impressive if they would have kept the others items plugged in to simulate a normal environment. Typing at a normal speed instead of extra-slow as well.
I saw my first "temptested PC" (a Mac actually) in 1991 in the Pentagon. You cannot believe the amount of shielding inside that machine. The mouse cord alone was 3/8" diameter metal cabling. I was asked to put in memory by a client who knew that I liked to tinker and who authorized me to break the seals. I opened it up and was dumbfounded. It was completely unrecognizable inside. Additionally, this machine was only used in a shielded SCIF. You could go that route, but there are so many other ways for your info to be leeched...and there is no way that I am about to say how. ;-)
Saying that you don't say something is almost as good as saying it... Except that people who say that they don't say something, usually don't have anything to say anyway.
This is why I only type with the faucet on full in the background.
I was waiting to watch them type Seatec Astronomy ;)
First off, they turned off and removed the equipment to prove they weren't getting the signals from other sources which is already old work that's been proven. There are a few methods to get info through either the display signal noise or power supply noise, and in fact laser printers are almost dead easy to do with the huge amount of noise they put out while printing.
Second, almost any electric device can be listened to and decoded into useful info. With the original research done years ago it was tested against monitors, keyboard, printers, mice, and whole computers.
Third, it seemed awfully convenient that program ran just long enough to print out exactly what they typed. I am not saying they can't do it (this is also already old hat), but it seems strange the way the system ran.
These are very interesting exploits. I wonder though, as many others have stated, what the feasibility of these attacks would be in a normal environment that is not set up to avoid experimentation errors (i.e. the real world lol). Keyboards are clearly located in areas with lots of other electronics around and turned on, and people today type much faster than the depicted situations. Wouldn't that have a major effect on acquiring the signals in order? Just a thought..
I would think that multiple devices being used at the same time would be the biggest problem. The signals would mingle and the data would be corrupted.
I think PS/2 would be more of a problem given that it's specifications give more leeway in how data is transmitted, the frequency range is something like 10kHz to 16.7kHz, imagine having 100 keyboards all blasting out signals that are essentially sweeping across that range, hell, even 2 would be a mess.
USB is more strict on a per device basis, but it is more prevalent in todays world, and I could see people having multiple devices at their desk alone, all blasting out signals that would "co-mingle".
pft... the miraculous device they use on prison break to get the cylla cards' data is way cooler :P
yeah.. that's what i was thinking !! haha