[vimeo http://vimeo.com/2007855%5D
Every time you press a key on your keyboard, a small burst of electromagnetic radiation is let out. This radiation can be captured and decoded. Though it only affects some models, this is pretty serious. They tested 11 different keyboards and they were all vulnerable to at least one of the four methods of attack. Tests have shown that the data can be read through walls and up to 65 feet away. That is pretty scary stuff. Someone could be setting up in the apartment or office right next to yours to listen to every keystroke you type. Check out the second video after the break.
[vimeo http://vimeo.com/2008343%5D
They don’t give a list of what keyboards were affected. Their paper is currently being finished, and should be published soon. The possibility of this attack was suggested to us a couple years ago when we covered old school Van Eck phreaking.
[via Engadget]
I’m sure the results are accurate. Anyone remember TEMPEST? You can view someone’s SCREEN remotely if you know what you’re doing. However, it is clearly much more difficult in real-world environments (especially with the PC and monitor) as there would be heck of a lot more noise.
I’m not surprised at the results, as most keyboards these days are designed cheaply. In fact, it’s probably the biggest component on the computer which isn’t shielded (if you’ve ever opened up a brand-name computer or laptop, there is a heck of a lot of shielding material in it). Add the fact that you don’t have low power requirements, and there’s loads of switching currents and radiated EMI coming out of the keyboard.
It’s true that most of the detectable emissions don’t come from EMI; they most likely come from an intermediate processing step somewhere along the line.
We rely a hell of a lot more on security through obfuscation than we’d think. The truth is, even the most paranoid probably have forgotten to cover up some security hole.
Wouldn’t it be great if society just worked on an honor system?
Good thing it doesn’t seem too hard to create interference for that method. I guess I won’t have to worry then, seeing as I can barely use my cell phone around my electronics.
This simply shows the proof of concept that Linus talks about from one of his early gigs as a network admin (orrr Bastard operator from hell type jorb): nothing is ever secure, for certain, beyond a doubt, ever, so there is no point in having passwords on an in-house network; everything that an “attacker” is interested in will be extracted by that individual if they really want it badly enough… that and the fact that anything recorded can be mass produced pretty easily… and a number of other things. You are using technology? Be prepared to get used back! :-)
First: Erm, a laptop is a pretty expensive power supply. Surely they could find a way to power a PS/2 keyboard that didn’t compromise their credibility? Like a battery, for instance?
Second: the loop could be written to print “[*] keystroke $n acquired” if the timeout was interrupted, and “A total of $n traces were acquired.” when the timeout is reached. The timeout would only have to kick in when the first trace was acquired. So there’s no “evidence” of it being faked in the display of the decoder.
It’s certainly possible, and doing this across a park or in a room full of keyboards would be a challenge, but not something insurmountable. It would take a lot of refinement to get it to that kind of quality, but I can see why certain groups might want to pursue this; both developing this technology, and designing technology to defend against it.
I highly doubt this is real. The only possible way I could imagine reading the EMI from the keyboard cable would be to have absolutely everything else with an electrical signal in it turned off. I would think that a computer power supply with a capacitor filtered rectifier would add a hell of a lot of noise. Not only does it have 60Hz noise but then there are all the current harmonics it creates with the power factor distortion.
Still I dont write it off. Maybe if you had the receiver perfectly filtered with a non shielded cable with wire and antenna perfectly parallel and minimal electrical noise…
@drew: it’s true, you often get an “even hum” on power supplies, typically 60 (or 50) hz from line noise. however, there is also tons of higher frequency noise, which you can’t hear, at the switching frequency and harmonics and also at 100+ MHz from switching edges themselves, as well as other sources, which are not trivial to filter out.
Maybe I should go down to Keytronics and ask if this is possible, hahah.
(I lives near Spokane, where Keytronics, a huge supplier in the Keyboard IC market, is based.)
Once a key is pressed, the circuit traces would be an antenna, however non-resonant, for the clock (20 to 30KHZ). In that case, position might be derived from signal phase or amplitude variations at the receiving antenna.
I have a device design for other purposes that could be adapted and far more effective for this purpose. That design wouldn’t depend on phase or amplitude changes (if that is what’s happening here). It would also work regardless of clock frequency and would not easily be shut out. I’m going to need to wake that one back up! :)
After looking closer to the video I manage to find the program they used to decode the keystrokes:
http://optics.eee.nottingham.ac.uk/tek/source/tek/utils/tgetwf/
Actually it seems that they are using their own modified version but the printf banners are identical :)
if (count > 1) printf(“A total of %d traces were acquired.\n”,count);
printf(“%ld points acquired from source ‘%s’\n”,(long)(buf_size / 2), channel);
You can bet on that :)
Test message
Sorry me noob…
Hello. And Bye.
http://www.youtube.com/watch?v=-JC9wPGvYM8
some of them are not bad but… internet is crazy
Hi all,
I’m about to start writing a research paper on Tempest attacks and peoples attitudes towards them as potential attacks.
It would help me greatly if you could complete a questionnaire for me, it very brief and will be kept completely anonymous.
If you are willing to help please email me at:
i9099809 at bournemouth.ac.uk and i’ll send you the questionnaire (.doc fomat)
Thanks
I just put my cell phone in the microwave and called it. It rang. pwnd.
Did anyone think about the possibility that the laptop is on and running the host side of a program like remote desktop allowing the actual keystrokes to be transmitted in real time to the other “test” computer and processed via a simple script? If that was the case…he could have walked out of one building…across the parking lot…into another building and into a Faraday sealed monitoring room and everything shown in the video would still look the same. I am just saying.
Cool!
Hello, I just became part of this forum and I love the contribution of this community.
I would like to make a contribution of my own by posting a site I created informing users about computer repair. Online Computer Services
Also, this is worth taking a look at – Online Computer Services
There is lots of information regarding computer repair techniques and what one should do when prompted with certain instances.
FUN and informative facts about today’s hot social media sites.
Townguy – Social Media Information
Who knows where to ascertain a detach cardsharing server?
I bought a dreambox the other date, Setup CCcam. I’ve heard that Digital Vortex Cardsharing to be the get the better of situation on the reticle to perceive cardsharing resources.
They’ve got the emu toolbox, instal gbox-cccam.
With cardsharing being free, all needed is a free server.
Who knows where to espy a easy cardsharing server?
I bought a dreambox the other day, Setup CCcam. I’ve heard that Digital Vortex Cardsharing to be the get the better of situation on the net to perceive cardsharing resources.
They’ve got the emu toolbox, instal gbox-cccam.
With cardsharing being free, all needed is a free server.
Tamagotchi and the knock-off brands of digital pets. I remember people playing with these things obsessively in middle school. They were popular around 1998.
.