Wired Keyboards Remotely Hacked From 20 Meters Away
LASEC, the Security and Cryptography Laboratory, claimed to have found four different ways of remotely capturing keystrokes from wired keyboards from a distance of up to 20 meters away. The keystrokes can be captured through walls, making vulnerable the security of many computers and even possibly ATMs.
The approach used works on the theory that when a key is pressed on a wired keyboard, it produces electromagnetic emanations. This electromagnetic radiation can be acquired and captured with the use of an antenna, which can then be analyzed. Four different methods had been tested, including the Kuhn attack, although not much information on the other methods have yet been provided. It was claimed that the attacks could be significantly improved, as the equipment used in the experiment was relatively inexpensive.
Eleven different wired keyboard models were tested, including PS/2, USB and laptop keyboards, all of which were vulnerable to at least one of the four different methods used. Apparently the reason these keyboards generate the compromising emanations is mostly “because of the cost pressures in the design.” More information regarding these attacks will soon be published, although the paper is still undergoing peer review. For the time being however, there are two videos being hosted that demonstrate the attacks.
From the videos, it looked as if the antenna being used in one of the demonstrations was rather large and not very inconspicuous, nor did it seem as if the keystrokes could be captured at a high rate of speed. However, with banking machines using wired keyboards, it may be possible for a truck to park nearby an ATM and remotely capture private information entered into the ATM, such as a customer’s PIN. No longer it seem is just avoiding wireless keyboards enough to ensure security, as even wired keyboards now need protection, such as electromagnetic shielding.
- Panasonic Unveils Notebook Fuel Cell
- More Intel Price Slashing on Quad-Core and Dual-Core Chips
- Intel Demonstrates 'Moorestown' Mobile Platform
- NVIDIA Responds to Chip Failures
- Nvidia ‘Big Bang II’ Close to Release?
- IDC Reports Sluggish Growth in Worldwide PC Shipments
- Microsoft to Deliver Vista SP2 Before Windows 7
- Gateway Debuts New PCs Designed for Gaming and Digital Media
- Silverstone Releases Clear CMOS: The External CMOS Reset Switch
- Nvidia Announces Licensing of SLI by Big Players
- Dell to Showcase New Instant-On Desktop Systems
- New Vapor-Chamber Cooling Solution Coming to ATI Graphics Cards
- RAID 5 May Be Doomed in 2009
- Nvidia Big Bang II ForceWare Beta Release
- EVGA Details X58 SLI FTW Board
- BFG Geforce GTX 200 Series Bundled With Far Cry 2
- AMD Launches Radeon HD 4830 on Cheap
- Patches Released for Critical Security Issues for Microsoft Windows
OH WOW!
...this technology has been around for about 20 years couting from now.
it not only enables the keystroke capturing but also video capture from crt monitors [doesnt work on lcd tho, as those run on digital signalling... unless u use vga cable instead of dvi] anyway LASEC is the first non-military organization to develop this technology.
dang, now i feel more unsafe about using this keyboard..........
I'm the first
Don't care if you rate this comment negatively!
dang,I'm not....
Still,pretty amazing what they can do!
They didn't do the test on powered PC's and laptops...
Wanted to see if laptops where safe...
It's been proven that the sound of keyclicks can also be correlated to specific keys and used for snooping.
Interesting someone is reporting and testing this type of stuff after so long. The military has been on top of this for 40+ years. They call it EMSEC. (Emanations Security) Equipment that comes in contact with any Classified information goes through TEMPEST tests and/or has to meet certain regulations that remove the likelihood that these "compromising emanations" will be intercepted. For example: separating Classified and Unclassified equipment/cables/etc, and having these items in a controlled area.
I don't understand why they remove the monitor, cpu, and power supplies from the tests? That's a pretty large & bulky antenna to use "stealthily" (not 2 mention all of the other bulky equipment they're using.) I think that with all of the other ambient signals ALL over the place, it would still be pretty difficult to capture stuff from ATMs (which usually use milspec stuff anyways) or from business or home environments. Also, who the f types at that speed?
This is scary... I'm afraid, VERY AFRAID.
I wonder, considering the amounts of power a cpu needs to operate, how far would reach the electromagnetic radiation emited by cpu or by it's power traces?
That signal is in a ultra-short wavelength and is somehow related to all the machine does. it could reach far enough to get intercepted. not sure how hard it would be to decode.
I wonder if shielded cabling / devices will have the same effect? If not, this may be a way for companies to work around this issue?
lead walls...
I wonder also if the EMF from the monitor and computer (all the fans, power supply, etc) would cut the range to almost nothing... that would explain why they produced the videos with everything turned off except for a small, closed laptop.
ok, two things get to me:
*) the removal of NEEDED items (people don't go around swapping out their PC for a laptop all the time, or unplugging from the mains with no monitor to prevent interference).
*) the fact the programs to decode the sequences stopped running automagically.. How does it know you've stopped typing "password"?
Smells of "FAKE" to me..
Never heard of The Cage of Faraday? Simply to manufacture and quite sufficient.