Ponca City, We love you writes "NetworkWorld reports that security consultants Andrea Barisani and Daniele Bianco are preparing to unveil their methodology at the Black Hat USA conference for stealing information typed on a computer keyboard using nothing more than the power outlet to which the computer is connected. When you type on a standard computer keyboard, electrical signals run through the cable to the PC. Those cables aren't shielded, so the signal leaks via the ground wire in the cable and into the ground wire on the computer's power supply. The attacker connects a probe to a nearby power socket, detects the ground leakage, and converts the signal back into alphanumeric characters. So far, the attack has proven successful using outlets up to about 15 meters away. The cost of the equipment to carry out the power-line attack could be as little as $500 and while the researchers admit their hacking tools are rudimentary, they believe they could be improved upon with a little time, effort and backing. 'If our small research was able to accomplish acceptable results in a brief development time (approximately a week of work) and with cheap hardware,' they say, 'Consider what a dedicated team or government agency can accomplish with more expensive equipment and effort.'"
what about usb keyboards? those wires are shielded. the compared the signal to a mouse signal so I'm assuming they're talking about ps2. still interesting(alarming) surveillance technology nonetheless
even usb uses a GND and the D+/D- (data wires) aren't isolated from the GND. Plus most GND is typically a common ground (through the chassis and to the ground of the power cable).
and if you consider the fact that this was done by unfunded, tiny group in just a week....makes ya wonder what the NSA or any other BIGGER and better funded group would have up their sleeves.
looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.
We musicians have our tricks and devices to get rid of power-line disturbances. I recommend looking for such a device in a big store for musicians and a guide on the net.
That's for anti-vibration. And racketballs cut in half work just as well. Or hanging a cement block from the ceiling with bungee cords. The second is used in at least one DIY scanning electron microscope design, it's pretty good. Eliminating power noise is an electrical circuit, often an AC->DC->AC circuit.
Many 'net junkies like to say things like "Information wants to be free!" as if there was something anthropic about information.
But information is the foundation of the Universe, so much so that quantum mechanics is routinely described with terms like "information loss" and even measured. It's almost like Douglas Adams was right all along, and the universe actually is a large supercomputer trying to find out the answer to life, the universe, and everything. Where are the hyper-intelligent mice?
I'll have to read this article , because i'm somehow about this. Normally , a power supply contains a rectifier , so this should mean the signal can't be carried back.
even usb uses a GND and the D+/D- (data wires) aren't isolated from the GND. Plus most GND is typically a common ground (through the chassis and to the ground of the power cable).
and if you consider the fact that this was done by unfunded, tiny group in just a week....makes ya wonder what the NSA or any other BIGGER and better funded group would have up their sleeves.
looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.
Now you know why the NSA and the other spooky types keep their classified equipment running off a generator powered by an electrical motor rather than connecting directly to the power grid. When you absolutely have to keep something secret nothing beats Faraday cages, air-gaps and mechanical isolation from the power grid.
by Anonymous Coward
on Sunday July 12, @04:33AM (#28666197)
Root is like crack. Don't smoke it. I did once and got hooked. I ran Mac OS Updates as root. ****, I even had sex with my girlfriend as root. Man, that caused some permissions problems. When I started the road to recovery (logging in as Zacks) my girlfriend was all like: "**** no! You can't get any cause you don't own me an I don't go groups. You don't have the power to read, write OR execute so get out of my FACE" So I was all HELL NO bitch. And she wuz like you do not have root (superuser) privlages so get out of my TruBlueEnvironment! So then I went chown and chmodded her ass to me. Dat be-otch be up in my hizzouse. What what. Holla!
A USB keyboard will still do a slow scan of row and column and the resistance will go up per keypress and that is what they are looking at. If you can identify the scan frequency, then you can look for current changes at the right times and reconstruct the matrix of key presses. Since most PCs use the same matrix, its trivial to convert the matrix with unknown start values into known start values once you find 0x39 (space bar) shifted some random way and frequently pressed.
You really don't need to go that far. If you use a true sine wave UPS (where the incoming current charges the battery, and all power going to your devices is generated from the battery), I doubt you'll have lots of noise coming out of the line.
Yes, looks like a dupe and the important bit of info is that only PS/2 keyboards are really vulnerable. USB cables are shielded better. Can anyone confirm TFA is the same case?
I've read both Slashdot articles. They look similar to me. The older one is far superior.
Basically, if you have a keyboard of poor quality that has poor shielding and no noise reduction components, it is possible to read signals. The question is, which keyboards and computers are poorly designed and poorly shielded?
Read the complete story: This PDF, not referenced by Slashdot, tells the whole story: CanSecWest/core09 March 16-20, 2009 [cansecwest.com] (PDF). Quote from page 41: "This doesn't work against USB keyboards because of differential signaling". Also, on page 12: "The [PS/2 keyboard] wires are very close to each other and poorly shielded".
Slashdot articles of especially poor quality: Are they paid advertisements? I've read Slashdot articles for years, and there is now a new phenomenon. A publication runs an article of very poor quality and Slashdot links to it, possibly to lead Slashdot readers to the publication so that they will read the ads. This article was submitted to Slashdot by a professional writer, Hugh Pickens [hughpickens.com], who is possibly acting as a public relations agent. He has written at least 413 Slashdot articles [hughpickens.com]. Does someone at Slashdot accept money to publish his articles?
Quote from the OLDER article referenced by the OLDER Slashdot story:
'March 12, 2009, 02:46 PM - IDG News Service -
'Inverse Path researchers Andrea Barisani and Daniele Bianco say they get accurate results, picking out keyboard signals from keyboard ground cables.
'Their work only applies to older, PS/2 keyboards [PS/2 connector, not PlayStation], but the data they get is "pretty good," they say. On these keyboards, "the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna," Barisani said.
'That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. They believe they could pick up signals from a distance of up to 50 meters by simply plugging a keystroke-sniffing device into the power grid somewhere close to the PC they want to snoop on.
'Because PS/2 keyboards emanate radiation at a standard, very specific frequency, the researchers can pick up a keyboard's signal even on a crowded power grid. They tried out their experiment at a local university's physics department, and even with particle detectors, oscilloscopes and other computers on the network were still able to get good data.'
very clever how hey grab info using a laser pointer and measuring the vibrations. i'm afraid you might notice the big red dot on your computer though. sienfield flash backs.
by Anonymous Coward
on Sunday July 12, @04:34AM (#28666201)
The SIGINT in the Netherlands did this kind of stuff well before the new millennium, including reading the screen (LCD or CRT) and audio by tapping into the ground or pointing a dish to the emitting circuit, one of the reasons why the whole building handling sensitive information must be encased, making it practically a faraday cage. Only disadvantage is that your cellphone doesn't work although the SIGINT saw that as an advantage.
Well, when you get down to it, any outside communications that isn't through a secure line is a possible liability. You don't want someone waltzing in and sending out sensitive information on a phone call. Granted, if they're determined they'll get that information one way or another, but that's where SIGINT ends and HUMINT begins.
Hell if I remember correctly my old motherboard had a setting to add random noise so the memory chips couldn't be read from their emissions. So yeah, it's an old and well known problem.
Old college roommate, former Air Force Intelligience type, one day decided to give me something to think about when I was trying to be more secure with my PC... "Don't you think when you push 'A' on your keyboard or push 'B' on your keyboard that something ever so slightly different happens in your power supply?"
I'm guessing (hoping?) this doesn't work if you have an in-line UPS (that conditions power constantly) as that should hopefully futze (technical term, really) the signal up? I'd be curious to know about that. I'm also assuming this doesn't work for USB as well since most computers have multiple USB devices (hopefully transmitting/receiving enough to mask the keyboard signal).
Similar techniques are at least 40 years old. One of the ways described in litterature makes use of the variation in current in the ac line.Others were simply picking up the rf and used a tv monitor with variable h and v frequencies to actually look at what was on the monitor. Still.. it's no big news . they are simply reproducing what's been known for ages.. computers are easy to intercept because they radiate massive amounts of RF.
Not only not new, but the codeword Tempest was declassified in the 80s - not the standards, just the codeword. The Government has been doing this for a LONG time
by Anonymous Coward
on Sunday July 12, @04:50AM (#28666247)
If the cops or feds really want to spy on you, you will have a hard time preventing it. My advice is not to attract their attention in the first place.
If you're someone like the mafia, you can't use electronic devices and you can't write anything down. Each of your clandestine conversations has to be in a different noisy location so they can't set up a directional microphone or bug. You also have to prevent them from getting a deaf person to lip read you. (I don't have direct experience with criminal gangs but anyone can observe that they usually aren't brought down by wiretaps. The big prosecutions of mafia bosses usually resulted from getting an underling to rat on his boss.) The point is that anyone worried about being spied on can and will take measures to prevent it.
Spying on someone is expensive. Spying on someone's key clicks is particularly expensive and probably won't produce great results. Someone tried an experiment of bugging an office by shining a laser on the window. The results were disappointing. The vast majority of the conversation was uninteresting. The experimenters decided that no useful information would have been gathered.
Tapping telephones and data links is relatively easy (compared with sniffing keystrokes). Stealing someone's laptop is usually also easy. Unless I'm taking measures against those kinds of spying, I'm not worried about having my keystrokes sniffed. If I were at danger of being spied on, I would be much more worried about being betrayed by a 'friend', associate, or employee.
The military has had line filters and other protocols to deal with this exact issue in place for at least 20 years now.
And no, that's not idle speculation, it was one of the things we had to deal with when I was in the military.
It's even referred to by one of those silly military project names.
Sorry, I'm not sure if I can post the name, so I won't.
(If someone else posts it, correctly or otherwise, I will neither confirm nor deny it's accuracy, so please don't ask.)
Oh dear. I too have signed the Official Secrets Act, and I can tell you that none of the basic stuff is classified at all. No need to make a big mystery of it. Indeed, when working on a restricted project in the early 1980s which involved detecting very small signals, we borrowed a full EMI secured trailer to use backwards (i.e. keep all the external RFI out, including that down all power lines.), and no security measures were applied to its use. Subsequently I worked on EMC for a while, and all the power line and data line securing technology has been in the public domain for ages, along with EMI gaskets for faraday cages, various means of applying conductive films, silver loaded epoxies, CRT enclosures and the rest. The stuff available from Japanese companies on the commercial market was far more advanced than the approved military technology we had been using, owing to the delay involved in the military approvals process.
Securing notebooks is of course much easier than securing PCs because the keyboard data doesn't go outside the system. The intro to the article appears confused. Any signal on the earth line has to be due to capacitative coupling between a keyboard and external ground owing to the well known law that the sum of all the currents in all circuit paths to any junction must be zero. If you want to improve security against ground line signalling when using a notebook, run it on battery using secured wireless networking, and use the built in keyboard and monitor.
Software to generate images (noise) on your CRT screen so that the generated interference will translate as sound you can listen to on a radio receiver
It works great to listen to music when you do not have a sound card!
I worked in a facility that was fully TEMPEST shielded in the 80's. Dual airlock doors with full metal seals to get in. The power line leakage problem was taken care of a motor/generator setup. Incoming power only went to an electic motor. The motor was connected by a shaft which spun a generator to supply power to the computer room. With only a mechanical connection no data would be leaking back.
I worked in a facility that was fully TEMPEST shielded in the 80's. Dual airlock doors with full metal seals to get in. The power line leakage problem was taken care of a motor/generator setup. Incoming power only went to an electic motor. The motor was connected by a shaft which spun a generator to supply power to the computer room. With only a mechanical connection no data would be leaking back.
So that's basically a mechanically implemented low-pass filter, right? I would think that it would be easier and cheaper to implement electronic low-pass filters at each wall outlet. Especially if you're worried about someone plugging a sniffer into one of the facility's interior power outlets.
So that's basically a mechanically implemented low-pass filter, right? I would think that it would be easier and cheaper to implement electronic low-pass filters at each wall outlet. Especially if you're worried about someone plugging a sniffer into one of the facility's interior power outlets.
But it wouldn't be cheaper, and it would definitely be less secure. With a mechanical low-pass filter, you have one central node you have to maintain. You have a big capital outlay, but once built, the motor-generat
So that's basically a mechanically implemented low-pass filter, right? I would think that it would be easier and cheaper to implement electronic low-pass filters at each wall outlet. Especially if you're worried about someone plugging a sniffer into one of the facility's interior power outlets.
But it wouldn't be cheaper, and it would definitely be less secure. With a mechanical low-pass filter, you have one central node you have to maintain. You have a big capital outlay, but once built, the motor-generator combo is very, very reliable, and needs little maintenance. It is practically impossible for a lone attacker to compromise it. With electronic low-pass filters at each outlet, you have hundreds (if not thousands) of nodes to monitor and maintain (consider the ongoing expense of that), and it becomes very easy for a single person to compromise one of those nodes using just a screwdriver.
Good security is never just a matter of money. It's a matter of understanding how attackers behave, knowing how people and equipment can be compromised, and then spending money wisely, even if not frugally.
But the mechanical barrier is so big and expensive that you can only afford to have them at major barriers. That still leaves all the devices on the "trusted" side of the barrier as running on what's essentially a big, trusted data bus.
If someone can sneak a sniffer into the secure area and plug it into an unmonitored electrical outlet that's electrically near a secure system, then you have a problem.
So I guess the question is, do you trust all the people on the inside? And do you adequately scrutinize a
Wouldn't a voltage fluctuations inside simply become resistive fluctuations in the motor, causing the motor speed to fluctuate, and thus cause fluctuations on the supply power?
If there's a flywheel in there (and the sheer mass of the rotor assemblies will act as one) then the fluctuations will be so small that it'll be just about impossible to see anything, even with top quality equipment attached at the perfect point (on the outside, of course).
The other possibility is to just put a lot of other disparate busy traffic on in the inside too. Sure you'll be seeing fluctuations, but you'll never figure out what they mean; for all you know, that glitch you've just measured isn't a pa
This "Story" is a bogus rehashing of old, old methods. Old as in 60 to 80 years old. The NSA has been grabbing serial teletype signals off adjacent signal and power wires for at least that long.
It's old and in this case quantitatively bogus. The keyboard signals are milliamps. The leakage to chassis ground will be at least 40dB down, or under a microamp. The leakage from there to earth ground will be at least another 20dB down so we're down in the nanoamp range. By comparison the background ground currents from the PC's switching power supply and other devices will be several thousand times greater. If there's a light dimmer on the same circuit the noise will be nearly a million times greater. You can't combat that kind of background noise.
Same problem with the keyboard vibrations-laser scheme. They got the idea from a 1930's detective story where the secretary put her gold cigarette case under the phone receiver so her typing could be heard on the other end. Old!
But that only had a chance of working because each typewriter key row has a specific length of lever and spring, plus the typefaces are arrayed in a curve, so each one strikes the paper from a different angle, giving the listener an opportunity to guess the letter from the combination of X info from the length of the lever and spring, and Y info from the typeface strike angle.
But that is completely inapplicable to a modern keyboard, where THE KEYS ARE ALL IDENTICAL. No differing row and arc info at all. Maybe a teensy difference if the keyboard base is flimsy and has a slight change in resonance across the board. But unlikely.
usb keyboard? (Score:5, Interesting)
Re:usb keyboard? (Score:4, Funny)
Parent
random noise generator? (Score:5, Interesting)
even usb uses a GND and the D+/D- (data wires) aren't isolated from the GND.
Plus most GND is typically a common ground (through the chassis and to the ground of the power cable).
and if you consider the fact that this was done by unfunded, tiny group in just a week....makes ya wonder what the NSA or any other BIGGER and better funded group would have up their sleeves.
looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.
Parent
Re:random noise generator? (Score:5, Funny)
looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.
Too much work. Just do what I do -- don't ever type anything worth reading.
Parent
Re:random noise generator? (Score:5, Funny)
or hook up an old ipod running death metal to the gnd
Parent
Re:random noise generator? (Score:5, Funny)
That would be anything but random. You need white noise.
...and a sense of humor.
Parent
Re:random noise generator? (Score:5, Funny)
Too much work. Just do what I do -- don't ever type anything worth reading.
I am posting at Slashdot - kinda like preaching to the converted, isn't it?
Parent
Re: (Score:3, Funny)
Or do what I do, and always type stuff that will make eyes bleed when read.
Oh, BTW: Hairy blood dripping decomposing donkey sacks with sphincter spread.
Re: (Score:2)
looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.
Vacuum cleaner? Microwave? Air conditioning?
Re: (Score:2)
Re:random noise generator? (Score:5, Funny)
looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.
Try not to get stabbed by any local amateur radio operators.
Parent
Re: (Score:3, Interesting)
We musicians have our tricks and devices to get rid of power-line disturbances. I recommend looking for such a device in a big store for musicians and a guide on the net.
Re: (Score:3, Interesting)
Newton's law? (Score:2)
Many 'net junkies like to say things like "Information wants to be free!" as if there was something anthropic about information.
But information is the foundation of the Universe, so much so that quantum mechanics is routinely described with terms like "information loss" and even measured. It's almost like Douglas Adams was right all along, and the universe actually is a large supercomputer trying to find out the answer to life, the universe, and everything. Where are the hyper-intelligent mice?
But if the un
Re: (Score:3, Informative)
In this case, there is an easier way, and it's called optical links, which don't radiate RF when you send photons through them.
Re: (Score:3, Funny)
They leak photons if you bend them just right :-)
Re: (Score:2)
I'll have to read this article , because i'm somehow about this.
Normally , a power supply contains a rectifier , so this should mean the signal can't be carried back.
I'll have to do some tests on this.
Re:random noise generator? (Score:4, Informative)
even usb uses a GND and the D+/D- (data wires) aren't isolated from the GND.
Plus most GND is typically a common ground (through the chassis and to the ground of the power cable).
and if you consider the fact that this was done by unfunded, tiny group in just a week....makes ya wonder what the NSA or any other BIGGER and better funded group would have up their sleeves.
looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.
Now you know why the NSA and the other spooky types keep their classified equipment running off a generator powered by an electrical motor rather than connecting directly to the power grid. When you absolutely have to keep something secret nothing beats Faraday cages, air-gaps and mechanical isolation from the power grid.
Parent
Root is like crack (Score:4, Funny)
Parent
Re: (Score:3, Funny)
Re:usb keyboard? (Score:5, Funny)
another approach is to use wireless keyboards.
No ground fault attack is possible since I'm using batteries!
I've been fighting the man for so long I've got a million tricks like this up my sleeve.
Parent
Of course, that's not safe either. (Score:3, Insightful)
While I'm sure you were jesting (though someone is liable to believe you!), wireless keyboards aren't [hackaday.com] safe either [zdnet.com].
Re:usb keyboard? (Score:4, Informative)
A USB keyboard will still do a slow scan of row and column and the resistance will go up per keypress and that is what they are looking at. If you can identify the scan frequency, then you can look for current changes at the right times and reconstruct the matrix of key presses. Since most PCs use the same matrix, its trivial to convert the matrix with unknown start values into known start values once you find 0x39 (space bar) shifted some random way and frequently pressed.
Parent
Re: (Score:3, Interesting)
You really don't need to go that far. If you use a true sine wave UPS (where the incoming current charges the battery, and all power going to your devices is generated from the battery), I doubt you'll have lots of noise coming out of the line.
Dupe? (Score:2, Informative)
http://it.slashdot.org/article.pl?sid=09/03/12/2038213 [slashdot.org]
Re: (Score:2, Informative)
Yes, looks like a dupe and the important bit of info is that only PS/2 keyboards are really vulnerable. USB cables are shielded better. Can anyone confirm TFA is the same case?
Worse than a duplicate: A degrade-licate. (Score:5, Informative)
Basically, if you have a keyboard of poor quality that has poor shielding and no noise reduction components, it is possible to read signals. The question is, which keyboards and computers are poorly designed and poorly shielded?
Read the complete story: This PDF, not referenced by Slashdot, tells the whole story: CanSecWest/core09 March 16-20, 2009 [cansecwest.com] (PDF). Quote from page 41: "This doesn't work against USB keyboards because of differential signaling". Also, on page 12: "The [PS/2 keyboard] wires are very close to each other and poorly shielded".
Slashdot articles of especially poor quality: Are they paid advertisements? I've read Slashdot articles for years, and there is now a new phenomenon. A publication runs an article of very poor quality and Slashdot links to it, possibly to lead Slashdot readers to the publication so that they will read the ads. This article was submitted to Slashdot by a professional writer, Hugh Pickens [hughpickens.com], who is possibly acting as a public relations agent. He has written at least 413 Slashdot articles [hughpickens.com]. Does someone at Slashdot accept money to publish his articles?
Quote from the OLDER article referenced by the OLDER Slashdot story:
'March 12, 2009, 02:46 PM - IDG News Service -
'Inverse Path researchers Andrea Barisani and Daniele Bianco say they get accurate results, picking out keyboard signals from keyboard ground cables.
'Their work only applies to older, PS/2 keyboards [PS/2 connector, not PlayStation], but the data they get is "pretty good," they say. On these keyboards, "the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna," Barisani said.
'That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. They believe they could pick up signals from a distance of up to 50 meters by simply plugging a keystroke-sniffing device into the power grid somewhere close to the PC they want to snoop on.
'Because PS/2 keyboards emanate radiation at a standard, very specific frequency, the researchers can pick up a keyboard's signal even on a crowded power grid. They tried out their experiment at a local university's physics department, and even with particle detectors, oscilloscopes and other computers on the network were still able to get good data.'
Parent
laser pointer (Score:3, Insightful)
Re: (Score:2, Informative)
Done that (Score:5, Informative)
The SIGINT in the Netherlands did this kind of stuff well before the new millennium, including reading the screen (LCD or CRT) and audio by tapping into the ground or pointing a dish to the emitting circuit, one of the reasons why the whole building handling sensitive information must be encased, making it practically a faraday cage. Only disadvantage is that your cellphone doesn't work although the SIGINT saw that as an advantage.
Re: (Score:2)
Well, when you get down to it, any outside communications that isn't through a secure line is a possible liability. You don't want someone waltzing in and sending out sensitive information on a phone call. Granted, if they're determined they'll get that information one way or another, but that's where SIGINT ends and HUMINT begins.
Re:Done that (Score:4, Interesting)
Hell if I remember correctly my old motherboard had a setting to add random noise so the memory chips couldn't be read from their emissions. So yeah, it's an old and well known problem.
Parent
Re:Done that (Score:4, Insightful)
Parent
Heard about this six years ago (Score:3, Interesting)
Old college roommate, former Air Force Intelligience type, one day decided to give me something to think about when I was trying to be more secure with my PC... "Don't you think when you push 'A' on your keyboard or push 'B' on your keyboard that something ever so slightly different happens in your power supply?"
It's very old news amongst SIGINT types...
UPS? USB? (Score:2)
tempest (Score:5, Informative)
http://en.wikipedia.org/wiki/TEMPEST [wikipedia.org] - the fact that these guidelines exist, means that this is in not new.
Re: (Score:2, Informative)
Similar techniques are at least 40 years old. .. it's no big news . they are simply reproducing what's been known .. computers are easy to intercept because they radiate massive
One of the ways described in litterature makes use of the variation
in current in the ac line.Others were simply picking up the rf and used a
tv monitor with variable h and v frequencies to actually look at what was on the
monitor.
Still
for ages
amounts of RF.
Re: (Score:3, Informative)
Not only not new, but the codeword Tempest was declassified in the 80s - not the standards, just the codeword. The Government has been doing this for a LONG time
If 'they' really want to spy on you ... (Score:4, Insightful)
If the cops or feds really want to spy on you, you will have a hard time preventing it. My advice is not to attract their attention in the first place.
If you're someone like the mafia, you can't use electronic devices and you can't write anything down. Each of your clandestine conversations has to be in a different noisy location so they can't set up a directional microphone or bug. You also have to prevent them from getting a deaf person to lip read you. (I don't have direct experience with criminal gangs but anyone can observe that they usually aren't brought down by wiretaps. The big prosecutions of mafia bosses usually resulted from getting an underling to rat on his boss.) The point is that anyone worried about being spied on can and will take measures to prevent it.
Spying on someone is expensive. Spying on someone's key clicks is particularly expensive and probably won't produce great results. Someone tried an experiment of bugging an office by shining a laser on the window. The results were disappointing. The vast majority of the conversation was uninteresting. The experimenters decided that no useful information would have been gathered.
Tapping telephones and data links is relatively easy (compared with sniffing keystrokes). Stealing someone's laptop is usually also easy. Unless I'm taking measures against those kinds of spying, I'm not worried about having my keystrokes sniffed. If I were at danger of being spied on, I would be much more worried about being betrayed by a 'friend', associate, or employee.
Military has known about this for decades (Score:2)
And no, that's not idle speculation, it was one of the things we had to deal with when I was in the military.
It's even referred to by one of those silly military project names.
Sorry, I'm not sure if I can post the name, so I won't.
(If someone else posts it, correctly or otherwise, I will neither confirm nor deny it's accuracy, so please don't ask.)
It's Tempest, and it is not classified (Score:5, Informative)
Securing notebooks is of course much easier than securing PCs because the keyboard data doesn't go outside the system. The intro to the article appears confused. Any signal on the earth line has to be due to capacitative coupling between a keyboard and external ground owing to the well known law that the sum of all the currents in all circuit paths to any junction must be zero. If you want to improve security against ground line signalling when using a notebook, run it on battery using secured wireless networking, and use the built in keyboard and monitor.
Parent
Could accomplish? (Score:2)
, 'Consider what a dedicated team or government agency have already accomplished with more expensive equipment and effort.'"
FTFY.
Overrated (Score:2)
Listen to music from your computer with a radio (Score:3, Interesting)
A great deal of people here already know, but for the others:
http://www.erikyyy.de/tempest/ [erikyyy.de]
Software to generate images (noise) on your CRT screen so that the generated interference will translate as sound you can listen to on a radio receiver
It works great to listen to music when you do not have a sound card!
Mechanical Solution (Score:4, Interesting)
I worked in a facility that was fully TEMPEST shielded in the 80's. Dual airlock doors with full metal seals to get in. The power line leakage problem was taken care of a motor/generator setup. Incoming power only went to an electic motor. The motor was connected by a shaft which spun a generator to supply power to the computer room. With only a mechanical connection no data would be leaking back.
Re:Mechanical Solution (Score:5, Interesting)
I worked in a facility that was fully TEMPEST shielded in the 80's. Dual airlock doors with full metal seals to get in. The power line leakage problem was taken care of a motor/generator setup. Incoming power only went to an electic motor. The motor was connected by a shaft which spun a generator to supply power to the computer room. With only a mechanical connection no data would be leaking back.
So that's basically a mechanically implemented low-pass filter, right? I would think that it would be easier and cheaper to implement electronic low-pass filters at each wall outlet. Especially if you're worried about someone plugging a sniffer into one of the facility's interior power outlets.
Parent
Re: (Score:3, Insightful)
But it wouldn't be cheaper, and it would definitely be less secure. With a mechanical low-pass filter, you have one central node you have to maintain. You have a big capital outlay, but once built, the motor-generat
Re: (Score:3, Insightful)
But it wouldn't be cheaper, and it would definitely be less secure. With a mechanical low-pass filter, you have one central node you have to maintain. You have a big capital outlay, but once built, the motor-generator combo is very, very reliable, and needs little maintenance. It is practically impossible for a lone attacker to compromise it. With electronic low-pass filters at each outlet, you have hundreds (if not thousands) of nodes to monitor and maintain (consider the ongoing expense of that), and it becomes very easy for a single person to compromise one of those nodes using just a screwdriver.
Good security is never just a matter of money. It's a matter of understanding how attackers behave, knowing how people and equipment can be compromised, and then spending money wisely, even if not frugally.
But the mechanical barrier is so big and expensive that you can only afford to have them at major barriers. That still leaves all the devices on the "trusted" side of the barrier as running on what's essentially a big, trusted data bus.
If someone can sneak a sniffer into the secure area and plug it into an unmonitored electrical outlet that's electrically near a secure system, then you have a problem.
So I guess the question is, do you trust all the people on the inside? And do you adequately scrutinize a
Re: (Score:3, Interesting)
Wouldn't a voltage fluctuations inside simply become resistive fluctuations in the motor, causing the motor speed to fluctuate, and thus cause fluctuations on the supply power?
If there's a flywheel in there (and the sheer mass of the rotor assemblies will act as one) then the fluctuations will be so small that it'll be just about impossible to see anything, even with top quality equipment attached at the perfect point (on the outside, of course).
The other possibility is to just put a lot of other disparate busy traffic on in the inside too. Sure you'll be seeing fluctuations, but you'll never figure out what they mean; for all you know, that glitch you've just measured isn't a pa
Bogus rehash of old methods (Score:3, Interesting)
This "Story" is a bogus rehashing of old, old methods. Old as in 60 to 80 years old. The NSA has been grabbing serial teletype signals off adjacent signal and power wires for at least that long.
It's old and in this case quantitatively bogus. The keyboard signals are milliamps. The leakage to chassis ground will be at least 40dB down, or under a microamp. The leakage from there to earth ground will be at least another 20dB down so we're down in the nanoamp range. By comparison the background ground currents from the PC's switching power supply and other devices will be several thousand times greater. If there's a light dimmer on the same circuit the noise will be nearly a million times greater. You can't combat that kind of background noise.
Same problem with the keyboard vibrations-laser scheme. They got the idea from a 1930's detective story where the secretary put her gold cigarette case under the phone receiver so her typing could be heard on the other end. Old!
But that only had a chance of working because each typewriter key row has a specific length of lever and spring, plus the typefaces are arrayed in a curve, so each one strikes the paper from a different angle, giving the listener an opportunity to guess the letter from the combination of X info from the length of the lever and spring, and Y info from the typeface strike angle.
But that is completely inapplicable to a modern keyboard, where THE KEYS ARE ALL IDENTICAL. No differing row and arc info at all. Maybe a teensy difference if the keyboard base is flimsy and has a slight change in resonance across the board. But unlikely.
I call bogus.