Researchers find ways to sniff keystrokes from thin air
That PC keyboard you're using may be giving away your passwords. Researchers say they've discovered new ways to read what you're typing by aiming special wireless or laser equipment at the keyboard or by simply plugging into a nearby electrical socket.
Two separate research teams, from the Ecole Polytechnique Federale de Lausanne and security consultancy Inverse Path have taken a close look at the electromagnetic radiation that is generated every time a computer keyboard is tapped. It turns out that this keystroke radiation is actually pretty easy to capture and decode -- if you're a computer hacker-type, that is.
[ Related reading: Free tool to capture Conficker scans and probes; Power grid is found susceptible to cyberattack ]
The Ecole Polytechnique team did its work over the air. Using an oscilloscope and an inexpensive wireless antenna, the team was able to pick up keystrokes from virtually any keyboard, including laptops. "We discovered four different ways to recover the keystroke of a keyboard," said Matin Vuagnoux, a Ph.D. student at the university. With the keyboard's cabling and nearby power wires acting as antennas for these electromagnetic signals, the researchers were able to read keystrokes with 95 percent accuracy over a distance of up to 20 meters (22 yards), in ideal conditions.
Laptops were the hardest to read, because the cable between the keyboard and the PC is so short, making for a tiny antenna. The researchers found a way to sniff USB keyboards, but older PS/2 keyboards, which have ground wires that connect right into the electric grid, were the best.
Even encrypted wireless keyboards are not safe from this attack. That's because they use a special algorithm to check which key is pressed, and when that algorithm is run, the keyboard gives off a distinctive electromagnetic signal, which can be picked up via wireless.
Vuagnoux and co-researcher Sylvain Pasini were able to pick up the signals using an antenna, an oscilloscope, an analog-digital converter and a PC, running some custom code they've created. Total cost: about US$5,000.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
news
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
And I type major cow dunk
And I type major cow dunk !!!!!!Hello .... its BULLSHIT !!!!!!
Old stuff...
I remember that over 30 years ago it was already known in military circles at least that it was possible to spy keyboard strikes from a distance due to their electromagnetic radiations.Researchers find ways to sniff keystrokes
As previously mentioned, this was an NSA/US Army program codenamed "TEMPEST". There is now some open-source information about it on the internet.