Forgot your password?
typodupeerror
Security IT

Researchers Sniff Keystrokes From Thin Air, Wires 217

Posted by timothy
from the making-a-tempest-of-themselves dept.
narramissic writes "Two separate research teams have found that the electromagnetic radiation that is generated when a computer keyboard is tapped is actually pretty easy to capture and decode. Using an oscilloscope and an inexpensive wireless antenna, the Ecole Polytechnique team was able to pick up keystrokes from virtually any keyboard, including laptops — with 95 percent accuracy over a distance of up to 20 meters. Using similar techniques, Inverse Path researchers Andrea Barisani and Daniele Bianco picked out keyboard signals from keyboard ground cables. On PS/2 keyboards, 'the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna,' Barisani said. That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. Barisani and Bianco will present their findings at the CanSecWest hacking conference next week in Vancouver. The Ecole Polytechnique team has submitted their research for peer review and hopes to publish it very soon."
This discussion has been archived. No new comments can be posted.

Researchers Sniff Keystrokes From Thin Air, Wires

Comments Filter:
  • Guess what (Score:2, Funny)

    by Anonymous Coward

    Upgrade to USB. Try to sniff that.

    • Re:Guess what (Score:5, Insightful)

      by Jmanamj (1077749) on Thursday March 12, 2009 @05:08PM (#27173195)

      They could still do it through wireless. The keys emit a signal that can be picked up no matter what connection the keyboard has to the computer.

      For all you paranoid conspiracy theorists out there that are busy shitting bricks, I will be developing a USB based jamming device that will saturate the area with dummy signals. Please send $100 via brown paper bag on doorstep courier.

      • by Chabo (880571) on Thursday March 12, 2009 @05:19PM (#27173371) Homepage Journal

        Real data thieves don't even bother with a keystroke sniffer: they know the sound of each key, so they only have to hear your password being typed to know it.

        • Re:Guess what (Score:5, Informative)

          by fuzzyfuzzyfungus (1223518) on Thursday March 12, 2009 @05:27PM (#27173509) Journal
          I can't hear you sonny, type louder! [acm.org]
        • Re:Guess what (Score:5, Informative)

          by belmolis (702863) <billposer@alum. m i t .edu> on Thursday March 12, 2009 @05:49PM (#27173835) Homepage

          A surefire way to get around keyboard monitoring is not to use one. It is admittedly rather tedious, but if you have good cause to be concerned about security, you can use an on-screen keyboard. As far as I know, they can't obtain the necessary information by monitoring your mouse signals.

          Martus [martus.org], a package aimed at human rights workers who need to keep their activities secret from hostile governments, includes an on-screen keyboard.

          • by Culture20 (968837) on Thursday March 12, 2009 @06:00PM (#27174005)

            A surefire way to get around keyboard monitoring is not to use one. It is admittedly rather tedious, but if you have good cause to be concerned about security, you can use an on-screen keyboard.

            Tempest.

            In future ITSO announcements:
            Your pass-group must contain one of each of the following:

            1. 20 character passphrase
            2. keyfob fingerprint reader
            3. rentinal scan
            4. one spoken word (which may not be any of: [cut dear don't everything eye God I my no off out take thumb told you])
            5. MRI scan of you imagining your "happy place"
          • Re:Guess what (Score:4, Interesting)

            by MadnessASAP (1052274) <madnessasap@gmail.com> on Thursday March 12, 2009 @06:08PM (#27174107)

            One second while I tune my antennas to your monitor frequency.

          • by Xtravar (725372)

            OR you can use speech recognition!!!!!

          • by Linker3000 (626634) on Thursday March 12, 2009 @06:26PM (#27174341) Journal
          • Re: (Score:2, Interesting)

            by amiga500 (935789)
            Modern key-logging software captures the area under the mouse on each mouse click. The defeats those on-screen keyboards, and web-sites which force you to do the same. This of course requires software to be running on your hosts. There's existing technology which can reconstruct an image from a CRT using EFI, but LCD screens are a lot harder to pick up.
            • by belmolis (702863)

              This only works if software is running on your host? Well, there are plenty of circumstances in which people can't install software on your system but could be monitoring EM from outside. In those circumstances, then, use of an on-screen keyboard is secure, isn't it?

              Also, granted that one can pick up mouse signals, don't they just indicate how much the mouse moved and the direction? If so, in order to translate that into key strokes, you need to know not only the layout of the on-screen keyboard, which y

              • Re: (Score:2, Insightful)

                by Meski (774546)
                And would probably be defeated by the onscreen keyboards that move after you enter each character, and rearrange the character layout. (I've only seen that done for numeric PINs, rearranging an alpha kb would be a UI pain)
          • A surefire way to get around keyboard monitoring is not to use one. It is admittedly rather tedious, but if you have good cause to be concerned about security, you can use an on-screen keyboard. As far as I know, they can't obtain the necessary information by monitoring your mouse signals.

            Instead 'they' only need to look at your screen (or set up a vid camera) to get you password. Screen keyboards are not any more secure.

            • by belmolis (702863)

              There are a great many circumstances in which you can be sure that no one else is in the room and that no video camera can see your screen but in which electromagnetic monitoring is possible. So, yes, there are ways of spying on someone using an on-screen keyboard, but in many circumstances it is far more secure than a regular keyboard.

          • Re: (Score:3, Interesting)

            by beav007 (746004)
            Here's a slightly different way to do it: a laser projected keyboard [virtual-la...yboard.com]. No keypresses to hear, and unless you can crack the bluetooth encryption (yes, I know), it suffers none of the problems previously discussed.
          • by StarkRG (888216)

            Except that if you use TFT screens they can be detected and decoded wirelessly...

        • by internerdj (1319281) on Thursday March 12, 2009 @05:55PM (#27173921)
          So listening to mp3s on my computer is a security protection rather than a security risk? Hold on. I have to go complain to IT.
        • Real data thieves ... only have to hear your password

          Damn, and here I thought I was safe because my voice is my password...

          Verify me.

      • by fractoid (1076465)

        For all you paranoid conspiracy theorists out there that are busy shitting bricks, I will be developing a USB based jamming device that will saturate the area with dummy signals. Please send $100 via brown paper bag on doorstep courier.

        I'm interested in buying one of your devices. There are... agencies... who would be very interested to know what I know.

        What? You want my address? WHY? No, I can't come and pick it up, THEY'll see me. Courier companies report to the NSA so I can't use one of them. None of my friends can be trusted, I know two of them are spies for Botswana independence movement... WHO ARE YOU? WHAT DO YOU WANT? Is this to do with case 44318? Oh god, that twinkie WAS a tracking device, wasn't it?

        ...cash is too traceable,

      • by AmiMoJo (196126)

        The parent jests, but this might actually work.

        With the USB protocol you could easily send thousands of fake reports per second and the PC would simply ignore them. Ideally this would be done by the keyboard controller, which if you want to DIY it could be replaced with an AVR microcontroller.

        The signal to noise ratio would then be pretty high, making it much harder to sniff genuine keystrokes since the only difference between the fake reports and the genuine ones could be as little as one bit (e.g. in the

    • by zonky (1153039)
      Any idea how this affects laptops running off battery - i.e not connected to ground.
  • needs another tag (Score:4, Insightful)

    by Anonymous Coward on Thursday March 12, 2009 @05:03PM (#27173089)

    This needs a Van Eck tag, for Stephenson's Cryptonomicon bit.

  • by Tumbleweed (3706) on Thursday March 12, 2009 @05:04PM (#27173115)

    Sounds like a TEMPEST in a teapot to me.

    • by geekmux (1040042)

      Sounds like a TEMPEST in a teapot to me.

      Sounds like a TEMPEST in a teapot to me.

      Nothing you say? Here's the part where I tell you I knew what you typed before it posted.

      • by Tumbleweed (3706)

        > Sounds like a TEMPEST in a teapot to me.

        > Sounds like a TEMPEST in a teapot to me.

        Nothing you say? Here's the part where I tell you I knew what you typed before it posted.

        No way, man, that's just because I surf in full duplex!

        8N1 fo life!

    • by Prof.Phreak (584152) on Thursday March 12, 2009 @05:17PM (#27173343) Homepage

      Yes, and wasn't there a declassified NSA thing about just this late last year?

    • LOL, yeah (Score:5, Informative)

      by Giant Electronic Bra (1229876) on Thursday March 12, 2009 @05:24PM (#27173461)

      You beat me to it. DOD has had a whole system (TEMPEST) for classifying this kind of EM emissions from secured systems at least since the mid 1980's. Nothing new about it at all. I recall working for a particular defense contractor where we had an entire 'black area' of the plant that was TEMPEST rated. Independent filtered power, EMF shielding everywhere, etc. It was pretty expensive to set up too.

      • Re: (Score:3, Insightful)

        You could spend 2 billion dollars shielding something, or you could spend $144 an hour paying ~20 people minimum wage to sit on myspace, irc, and twitter all day and space them around your complex.

        • But then if you are required to comply with certain specifications by contract with DOD, it doesn't actually matter WHAT the rules are. You either comply or you get kicked off the contract.

          Besides, there is a lot more to that kind of thing than just EMSEC. Those black areas are highly secure, physically, electronically, etc. Nobody goes in or out with anything on them, no electronics of any kind go in or out, no network links, no phones, no nothing.

          There are of course various levels to these things, but you

          • There are of course various levels to these things, but you will NOT find classified data scattered around on systems outside a secured area.

            Perhaps a better way to put it, you shouldn't find red data on a black network.

            Honestly, it's hard to mess that up under almost all circumstances. It takes someone completely brain-dead, or malicious, to mix the two.

        • by blueg3 (192743)

          You should most certainly *not* consider "cover signals" as adequate against EM-leak eavesdropping.

        • You could spend 2 billion dollars shielding something, or you could spend $144 an hour paying ~20 people minimum wage to sit on myspace, irc, and twitter all day and space them around your complex.

          With all the TVs, cars, airplanes, cell phones, motorcycles, powerlines, CB radios.... etc. Do you really think an extra 20 signals is going to slow anyone down?

          BTW, would you get those 20 people to follow all of your TEMPEST devices around to provide noise? Strap them to the roof of your hmmwv? Stuff em behin

        • by nametaken (610866)

          My work does this... and I'm pretty sure it's working.

      • Re:LOL, yeah (Score:5, Interesting)

        by inKubus (199753) on Thursday March 12, 2009 @06:50PM (#27174747) Homepage Journal

        Yeah, the university I worked at did some government work and actually used a mechanically isolated power system. Basically they had a big motor (or several, actually) and it was directly connected to a generator (with a flywheel I think). This meant a totally independent power loop as inside the building, and the flywheel smoothed out any spikes. Obviously not highly efficient, but a good way to decouple for security and safety purposes.

  • by Anonymous Coward on Thursday March 12, 2009 @05:04PM (#27173117)
    Tinfoil keyboards! Accessorize, baby!
  • I will have to type "I know you're eavesdropping" every few sentences.

    http://xkcd.com/525/ [xkcd.com]

  • Fools.... (Score:2, Funny)

    by Anonymous Coward

    Two separate research teams have found that the the electromagnetic radiation that is generated when a computer keyboard is tapped is actually pretty easy to capture and decode.

    ...We at the NSA have known this for years.

    • Re: (Score:3, Insightful)

      by westlake (615356)
      ...We at the NSA have known this for years.

      I can't imagine this story being news to Hertz or Marconi.

    • Re: (Score:3, Funny)

      by thethibs (882667)

      Everybody has known this for years, except, it seems, the guys and girls at Polytechnique and their grant committee.

  • As a reminder (Score:5, Informative)

    by geekoid (135745) <dadinportland@ya ... m minus math_god> on Thursday March 12, 2009 @05:05PM (#27173151) Homepage Journal

    Publishing is one of the first steps in peer review.

    Thank you.

    • by welcher (850511)
      Actually, for a large number of papers, the formal peer review process (that begins when the article is sent off to a journal and before publishing) is the only time that the article gets closely read. The informal peer review process that i assume you are referring to (people reading the published paper) may never happen.
  • Mouse (Score:5, Interesting)

    by Dan East (318230) on Thursday March 12, 2009 @05:06PM (#27173161) Homepage Journal

    This is exactly why I do all my typing with my mouse on an on-screen virtual keyboard. It's much faster too.

    On a serious note, it is ironic that literally broadcasting a bluetooth signal over-the-air between a wireless keyboard and computer is apparently more secure than a hardwired keyboard.

    • by snowgirl (978879) *

      This is exactly why I do all my typing with my mouse on an on-screen virtual keyboard. It's much faster too.

      On a serious note, it is ironic that literally broadcasting a bluetooth signal over-the-air between a wireless keyboard and computer is apparently more secure than a hardwired keyboard.

      Well, it makes sense... after all, WEP is "Wired Equivalent Protection"... It's only when we're actually paying attention that this information is floating out into space that people really seem to notice or care that there are security issues.

    • Re:Mouse (Score:5, Insightful)

      by fuzzyfuzzyfungus (1223518) on Thursday March 12, 2009 @05:14PM (#27173307) Journal
      The nice thing about standardized wireless links is that they are so painfully insecure that people have a hard(er) time maintaining a false sense of security about them, which leads to more care.

      One might also note that the PS/2 port is electrically compatible with the old AT keyboard that debuted in 1984, on a system with a 6MHz 8086. Not exactly an era where the computational cost of encrypting local busses was even remotely sensible.
    • This is exactly why I do all my typing with my mouse on an on-screen virtual keyboard. It's much faster too.

      I was going to make a "Dad, is that you?" joke here, but my Dad's mouse movement is almost as bad as his typing speed.

      Seriously though, how badly do you type to find that selecting characters via the mouse to be quicker?

  • by girlintraining (1395911) on Thursday March 12, 2009 @05:10PM (#27173225)

    I couldn't help but think of drugs when I read the headline: Researchers sniffing lines of keystrokes, complaining about how thin the air has gotten since when they were young. By god, back then the electrons were so thick they had to use thick 8 gauge wiring to make anything work. Why, these days, the electrons have been used and re-used so much that we can use 24ga wiring for communications. Hey, are you gonna finish that line of qwertyuiop?

    • by andrewd18 (989408) on Thursday March 12, 2009 @05:17PM (#27173341)
      Clearly we need to get rid of this "air" problem. If there's no medium to sniff the keystrokes from, our children will be safe. WON'T SOMEONE THINK OF THE CHILDREN?
      • by StarkRG (888216)

        Just build a faraday cage around your house.

        It's not as hard as you might think, stucco is plaster on chicken wire wrapped around the house...

    • 8 gauge wire (Score:4, Interesting)

      by Savage-Rabbit (308260) on Thursday March 12, 2009 @05:43PM (#27173749)

      By god, back then the electrons were so thick they had to use thick 8 gauge wiring to make anything work.

      Some years ago I waked into a computer store to buy a hard drive. Along one of the walls was a series of glass displays containing a small selection of vintage computer equipment. One of the displays contained a gigantic object that looked like it would take two men to shift. It consisted of a really massive looking cast metal casing out of which protruded some disks, arms, some clumsy looking circuit boards and the thing was powered by a quite sizeable 220 volt electric motor of the type one is used to seeing attached to a really big fat lumber saw. I had to take a few steps back before I realised the thing was a (8 GB as it turned out) hard drive from the early 80s and not a piece of industrial machinery with it's panelling removed. I walked out of that place with a 20 Gb hard drive in my hand. Kind of makes one marvel over how far we have come in terms of miniaturisation.

  • I doubt these folks will be allowed to present their stuff. As a lay man, I cannot see a genuine use of this technology without breaking the law. I hope they will present.

    When a product based on this technology is manufactured, the manufacturer could face a law suit on these grounds:

    The defendant manufactured a product which on usage as intended by manufacturer, breaks the law. That's tough.

  • Van Eck phreaking? (Score:5, Interesting)

    by gandhi_2 (1108023) on Thursday March 12, 2009 @05:16PM (#27173327) Homepage
    I remember talk about this in the 80's. Van Eck Phreaking [wikipedia.org]
    • by gknoy (899301)

      This is different, though, from Van Eck Phreaking. VEP is based on the idea of intercepting video from the person's monitor, whereas this is basically a remote keylogger. Both capture information via electromagnetic radiation, but it sounds like this has a higher signal to noise ratio.

  • Phreaking (Score:4, Informative)

    by debrain (29228) on Thursday March 12, 2009 @05:21PM (#27173399) Journal

    Nifty wiki links:
    Van Eck Phreaking [wikipedia.org]
    TEMPEST [wikipedia.org]
    Rainbow series [wikipedia.org]

  • I didn't see anything about them picking this up from multiple keyboards. It isn't that often that you encounter one person on one computer, really. I suspect it could be quite a bit more difficult to figure out the typing of 4 users sitting around you at the airport with laptops (to say nothing of the probable response in an airport elicited by someone using an oscilloscope).
    • More keyboards makes the situation moderately more complicated, but snooping doesn't require anything especially more difficult. It's probably even possible to separate out the keystrokes based on which keyboard they came from entirely based on the characteristics of the signals.

  • by rickb928 (945187) on Thursday March 12, 2009 @05:22PM (#27173421) Homepage Journal

    Change to Bluetooth. That'll fix 'em, by gum! Harrr! Can't fool ME that easily!

    Wait... Oh, nevermind. The only solution is to shoot people with antennae. Damned criminals...

    No, wait... No, wait... No, wait...

    Hmm. This is interesting. Get back to you.

    • Re: (Score:3, Interesting)

      by arminw (717974)

      .....The only solution is to shoot people with antennae....

      The solution is to allow nobody anywhere at anytime to have any secrets of any kind whatsoever. Jesus Christ speaks of the time in the future of the world when all secrets will be known by everyone.

      Jesus Christ said in Luke 12:2 -- For there is nothing covered that shall not be revealed, nor anything hidden that shall not be known. 3 Therefore whatever you have spoken in darkness shall be heard in the light. And that which you have spoken in the ear

  • by loconet (415875) on Thursday March 12, 2009 @05:27PM (#27173511) Homepage

    I knew it. Many others have been discussing the potentials for this type of eavesdropping for many years. Ha! and they laughed at me when I started protecting [businessol.com] my stuff...

  • by Anonymous Coward

    In 1981, my supervisor in the Air Force, based on training he had as a forward air controller in Vietnam, told me how easy it was to electronically snoop in on the keystrokes generated by electric typewriters. This was in response to my question about what the "secure typewriter" was that we were standing there looking at. So the whole concept was proven, in use, and being counter-acted, years before the Van Eck phreaking article was even published.

    So I'm quite baffled by this "research" being presented wel

    • Re: (Score:3, Insightful)

      by tepples (727027)

      [Military anecdote] So I'm quite baffled by this "research" being presented well over 30 years after that.

      It can take decades for things to get declassified.

  • This is not news (Score:3, Informative)

    by mbone (558574) on Thursday March 12, 2009 @05:32PM (#27173591)

    Google "Tempest." Some of this has been released, some not, but this is decades old.

  • by UnknowingFool (672806) on Thursday March 12, 2009 @05:33PM (#27173619)
    Stock prices for Alcoa shot up as stores reported a sudden shortage of aluminum foil. The Alcoa spokesman was at a loss to explain the sudden shortage.
  • There is nothing new here, now move along...
    http://www.google.com/search?hl=en&q=TEMPEST+EMI [google.com]
  • FUD (Score:5, Funny)

    by sgt scrub (869860) <saintium@ y a hoo.com> on Thursday March 12, 2009 @05:56PM (#27173941)

    This is a plot by GUI users to spread fear uncertainty and doubt upon cli applications. May CLI live forever!

  • Change to an Dvorak keyboard or even an foreign language keyboard "challenge" this.
    However the way I type, they will have fun with all of those backspaces...

  • Welcome to the 60s (Score:3, Insightful)

    by oren (78897) on Thursday March 12, 2009 @06:25PM (#27174329)

    Look up "TEMPEST", e.g. in http://en.wikipedia.org/wiki/TEMPEST [wikipedia.org] - this isn't merely "old news", this is "so ancient it dates before I was born", and I am old enough to have used punch cards.

    This is why some computer rooms will never contain wireless peripherals or wireless networks or Internet connections; but will have an intimidating sign on the door, and combined biometric/keypad entry, and Faraday cages built into their walls, and a self destruct mechanism, and fences around them, and 24/7 armed guards, and a hot line to a fast-response team on a separate near-by base.

    For everyone else, well, when you buy tinfoil rolls, remember to buy enough for your hat _and_ your peripherals cables :-)

  • LOL! Soon we'll have to have keyboards and mice with SSL connectivity. Hold on a second .... I have to update my mouse and keyboard cert. They just expired :D
  • I remember my college professors doing this from the Quad during the open houses every year while I was in college. I went to Syracuse University from 94-98, and got a BS in Electrical Engineering. This is cool, don't get me wrong, but far from news; or maybe I'm just a geek. Hmm, well this is /., and I am trying to prove how uncool these guys are...
  • Worrying thought? (Score:2, Insightful)

    by Anonymous Coward

    Would this work with ATM keypads?

  • How exactly can this be new or newsworthy?
    I saw a demonstration 20 years ago almost to the day where guys from the swedish equivalent of NSA captured keystrokes from a Mac Plus at 300 meters distance (I was working in military research at the time).
    As a consequence we built a room paneled entirly in copper, with copper chicken wire across the windows and baffled air vents.
    Opto-couplers for the phone lines and stabilizers for the power and we were emission free. The whole TEMPEST package.

You can bring any calculator you like to the midterm, as long as it doesn't dim the lights when you turn it on. -- Hepler, Systems Design 182

Working...