Keystrokes can be recovered remotely

Wired keyboards, like those found on desktop PCs, emit electromagnetic waves that can be read remotely, according two Swiss researchers.

Researchers Martin Vuagnoux and Sylvain Pasini of the Swiss Security and Cryptography Laboratory at LASEC/EPFL, were able to recover keystrokes from wired keyboards at a distance up to 20 meters (about 65 feet), even through walls, simply by reading the electromagnetic emanations of the peripheral device. The experiments focused on wired keyboards attached to a computer either by PS/2 or USB connections.

In two videos, Vuagnoux demonstrates the attacks.

In the first video, he shows how only the keyboard was monitored in the attack. He removed the monitor and the tower. He then attached a laptop, but powered it by battery to reduce other sources of electromagnetic emanation from the test site. Then Vuagnoux types in "Trust no one" on the wired keyboard. A minute later, a program reading the electromagnetic emanations displays the text string "trust no one" on the testing system.

In a second video, a battery-powered laptop with a wired keyboard attached via a PS/2 connection was placed in a second room several feet away and obscured by a wall. In the original room, the testing system, using a high powered antenna, was able to recover the password, in this case "password," and display the word.

Both authors conclude that "a vulnerability on these devices will definitely kill the security of any computer or ATM." They further recommend that wired keyboards should not be used to transmit users' names and passwords.

Sound arcane? The U.S. government doesn't think so. Preventing such a scenario is one of the goals behind a project called "Tempest," an acronym for Telecommunications Electronics Material Protected from Emanating Spurious Transmissions. While many think Tempest is an active eavesdropping operation, it's really a set of government standards designed to dampen electronic emissions escaping government offices. Hardware makers are using these standards to create equipment that doesn't emit strong electronic signals.

A full paper on these observations is under peer review and will be published soon, according to the authors.

[hoopla]

Their talk about not using "wired" keyboards - so do wireless USB keyboards encrypt the data they send or have lower powered signals from the receiver to the machine? For bluetooth ones, are they that difficult to crack? I wouldn't think so.

[a85]

Both were cracked longggg ago

[CmdrRickHunter]

Their wordings are interesting.

"Recovered up to 20m away" good to know what the worst case was.

Of course, they did cheat a lot. They were careful to give a lot of space between characters, and their removal of the computer "to prevent potential communication channels" also means they were in the least noisy situation possible.

[ehfla]

This is nothing new....they were doing the same studies in the 1980s, and getting the same results.

[rcrusoe]

Sounds like an excellent reason to use a password manager. Since your passwords aren't typed, there is nothing for the bad guys to read.

I use 1Password on my Mac to manage my 30 or so passwords. I can either navigate to a website and then tell the software to log me in, or I can select a 1Password bookmark and it will take me to the site and log me in automatically. If anyone is "listening" the only thing they can get is the password I use to launch the software (my "one password") and that doesn't do them any good without physical access to my computer.

I understand there are similar programs, like Keepass, for Windows users.

Now ATMs are another problem entirely.

[mavink]

As noted at http://securityandthe.net/2008/10/22/wireless-wiretapping-for-wired-keyboards/ there are also attacks that can be used to monitor your screen contents remotely, for example by viewing reflections on a bottle on your desk. There is a reason many federal buildings have special coatings on all street-facing windows!

[otis3000]

my tax dollars paid for a government acronym that included "...emanating spurious transmissions?" spurious? really? i want my money back.

[bvogler]

Old news, I frist heard about this in 1979 we I worked at the Pentagon.

[i_made_this]

Really, the article should be titled (the un-newsworthy) "The Typing of Passwords Is Dead" as it applies equally to wired as wireless. If a hardware hacker really wants to hack someone's keystrokes, all he or his assignee needs is sixty seconds of physical access and the target's keyboard is toast. And then the (+/- 20 meter) wireless hack described here. Between the two, we learn that - on the long shot your keyboard is actually of the slightest interest to bad guys (a very remote scenario in which I suggest you probably have far worse problems to think about than your keyboard!) - wisdom dictates you stop "typing your passwords" - it's that simple. Or am I missing something?