Comments on: Keystrokes can be recovered remotely

Researchers find they can recover usernames and passwords remotely by listening to the electromagnetic waves broadcast by the keyboard itself.

[hoopla]

Their talk about not using "wired" keyboards - so do wireless USB keyboards encrypt the data they send or have lower powered signals from the receiver to the machine? For bluetooth ones, are they that difficult to crack? I wouldn't think so.

[a85]

Both were cracked longggg ago

[CmdrRickHunter]

Their wordings are interesting.

"Recovered up to 20m away" good to know what the worst case was.

Of course, they did cheat a lot. They were careful to give a lot of space between characters, and their removal of the computer "to prevent potential communication channels" also means they were in the least noisy situation possible.

[ehfla]

This is nothing new....they were doing the same studies in the 1980s, and getting the same results.

[rcrusoe]

Sounds like an excellent reason to use a password manager. Since your passwords aren't typed, there is nothing for the bad guys to read.

I use 1Password on my Mac to manage my 30 or so passwords. I can either navigate to a website and then tell the software to log me in, or I can select a 1Password bookmark and it will take me to the site and log me in automatically. If anyone is "listening" the only thing they can get is the password I use to launch the software (my "one password") and that doesn't do them any good without physical access to my computer.

I understand there are similar programs, like Keepass, for Windows users.

Now ATMs are another problem entirely.

[mavink]

As noted at http://securityandthe.net/2008/10/22/wireless-wiretapping-for-wired-keyboards/ there are also attacks that can be used to monitor your screen contents remotely, for example by viewing reflections on a bottle on your desk. There is a reason many federal buildings have special coatings on all street-facing windows!

[otis3000]

my tax dollars paid for a government acronym that included "...emanating spurious transmissions?" spurious? really? i want my money back.

[bvogler]

Old news, I frist heard about this in 1979 we I worked at the Pentagon.

[i_made_this]

Really, the article should be titled (the un-newsworthy) "The Typing of Passwords Is Dead" as it applies equally to wired as wireless. If a hardware hacker really wants to hack someone's keystrokes, all he or his assignee needs is sixty seconds of physical access and the target's keyboard is toast. And then the (+/- 20 meter) wireless hack described here. Between the two, we learn that - on the long shot your keyboard is actually of the slightest interest to bad guys (a very remote scenario in which I suggest you probably have far worse problems to think about than your keyboard!) - wisdom dictates you stop "typing your passwords" - it's that simple. Or am I missing something?