Researchers find ways to sniff keystrokes from thin air
That PC keyboard you're using may be giving away your passwords. Researchers say they've discovered new ways to read what you're typing by aiming special wireless or laser equipment at the keyboard or by simply plugging into a nearby electrical socket.
Two separate research teams, from the Ecole Polytechnique Federale de Lausanne and security consultancy Inverse Path have taken a close look at the electromagnetic radiation that is generated every time a computer keyboard is tapped. It turns out that this keystroke radiation is actually pretty easy to capture and decode -- if you're a computer hacker-type, that is.
[ Related reading: Free tool to capture Conficker scans and probes; Power grid is found susceptible to cyberattack ]
The Ecole Polytechnique team did its work over the air. Using an oscilloscope and an inexpensive wireless antenna, the team was able to pick up keystrokes from virtually any keyboard, including laptops. "We discovered four different ways to recover the keystroke of a keyboard," said Matin Vuagnoux, a Ph.D. student at the university. With the keyboard's cabling and nearby power wires acting as antennas for these electromagnetic signals, the researchers were able to read keystrokes with 95 percent accuracy over a distance of up to 20 meters (22 yards), in ideal conditions.
Laptops were the hardest to read, because the cable between the keyboard and the PC is so short, making for a tiny antenna. The researchers found a way to sniff USB keyboards, but older PS/2 keyboards, which have ground wires that connect right into the electric grid, were the best.
Even encrypted wireless keyboards are not safe from this attack. That's because they use a special algorithm to check which key is pressed, and when that algorithm is run, the keyboard gives off a distinctive electromagnetic signal, which can be picked up via wireless.
Vuagnoux and co-researcher Sylvain Pasini were able to pick up the signals using an antenna, an oscilloscope, an analog-digital converter and a PC, running some custom code they've created. Total cost: about US$5,000.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
news
Powered by Twitter
Esther Schindler
Insisting on FOSS Doesn't Mean Annoying Others
James Gaskin
Learn How To Print Pages In Order with Ink Jet Printers
pasmith
More on the super secret Nexus One
Sandra Henry-Stocker
Unix How To: Using Basename Wisely
sjvn
MS says you don't have to check some files for viruses. Bad idea.
jfruh
Rumorville: TV subscription, Apple tablet
mikelgan
Cell phones don't create stress or interrupt much
Tom Henderson
OSes of the Decade: The Good, the Bad and the Ugly
claird
Not enough women in computing? Don't believe it--at least, not uncritically.
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Password management: How the pros store their passwords
- Five portable apps that run anywhere and everywhere
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
And I type major cow dunk
And I type major cow dunk !!!!!!Hello .... its BULLSHIT !!!!!!
Old stuff...
I remember that over 30 years ago it was already known in military circles at least that it was possible to spy keyboard strikes from a distance due to their electromagnetic radiations.Researchers find ways to sniff keystrokes
As previously mentioned, this was an NSA/US Army program codenamed "TEMPEST". There is now some open-source information about it on the internet.