Stealing Data Via Electrical Outlet 208
Posted
by
timothy
from the accidentally-forget-to-label-some-220v-outlets dept.
from the accidentally-forget-to-label-some-220v-outlets dept.
Ponca City, We love you writes "NetworkWorld reports that security consultants Andrea Barisani and Daniele Bianco are preparing to unveil their methodology at the Black Hat USA conference for stealing information typed on a computer keyboard using nothing more than the power outlet to which the computer is connected. When you type on a standard computer keyboard, electrical signals run through the cable to the PC. Those cables aren't shielded, so the signal leaks via the ground wire in the cable and into the ground wire on the computer's power supply. The attacker connects a probe to a nearby power socket, detects the ground leakage, and converts the signal back into alphanumeric characters. So far, the attack has proven successful using outlets up to about 15 meters away. The cost of the equipment to carry out the power-line attack could be as little as $500 and while the researchers admit their hacking tools are rudimentary, they believe they could be improved upon with a little time, effort and backing. 'If our small research was able to accomplish acceptable results in a brief development time (approximately a week of work) and with cheap hardware,' they say, 'Consider what a dedicated team or government agency can accomplish with more expensive equipment and effort.'"
Dupe? (Score:2, Informative)
http://it.slashdot.org/article.pl?sid=09/03/12/2038213 [slashdot.org]
Re:Dupe? (Score:2, Informative)
Yes, looks like a dupe and the important bit of info is that only PS/2 keyboards are really vulnerable. USB cables are shielded better. Can anyone confirm TFA is the same case?
Done that (Score:5, Informative)
The SIGINT in the Netherlands did this kind of stuff well before the new millennium, including reading the screen (LCD or CRT) and audio by tapping into the ground or pointing a dish to the emitting circuit, one of the reasons why the whole building handling sensitive information must be encased, making it practically a faraday cage. Only disadvantage is that your cellphone doesn't work although the SIGINT saw that as an advantage.
Re:laser pointer (Score:2, Informative)
tempest (Score:5, Informative)
http://en.wikipedia.org/wiki/TEMPEST [wikipedia.org] - the fact that these guidelines exist, means that this is in not new.
Re:tempest (Score:2, Informative)
Similar techniques are at least 40 years old. .. it's no big news . they are simply reproducing what's been known .. computers are easy to intercept because they radiate massive
One of the ways described in litterature makes use of the variation
in current in the ac line.Others were simply picking up the rf and used a
tv monitor with variable h and v frequencies to actually look at what was on the
monitor.
Still
for ages
amounts of RF.
Utility Meter (Score:1, Informative)
I suspect the best way (at a law enforcement level) to listen to the electrical contents of a house or business would be to add an appropriate circuit to the "smart" power meters already in place.
These meters can already offer other services to the home in some cases, like localized BPL, and demand shut-down of air conditioners and such.
How much harder would it be to add a relay for surveillance of home electronics? With a warrant, of course.
Re:random noise generator? (Score:1, Informative)
The original academic spur for TEMPEST was also done with cheap hardware available from non-specialty stores. That's why TEMPEST is so important--anyone with a bit of technical know-how and $40 in their pocket can eavesdrop effectively.
It's Tempest, and it is not classified (Score:5, Informative)
Securing notebooks is of course much easier than securing PCs because the keyboard data doesn't go outside the system. The intro to the article appears confused. Any signal on the earth line has to be due to capacitative coupling between a keyboard and external ground owing to the well known law that the sum of all the currents in all circuit paths to any junction must be zero. If you want to improve security against ground line signalling when using a notebook, run it on battery using secured wireless networking, and use the built in keyboard and monitor.
Re:Newton's law? (Score:3, Informative)
In this case, there is an easier way, and it's called optical links, which don't radiate RF when you send photons through them.
Worse than a duplicate: A degrade-licate. (Score:5, Informative)
Basically, if you have a keyboard of poor quality that has poor shielding and no noise reduction components, it is possible to read signals. The question is, which keyboards and computers are poorly designed and poorly shielded?
Read the complete story: This PDF, not referenced by Slashdot, tells the whole story: CanSecWest/core09 March 16-20, 2009 [cansecwest.com] (PDF). Quote from page 41: "This doesn't work against USB keyboards because of differential signaling". Also, on page 12: "The [PS/2 keyboard] wires are very close to each other and poorly shielded".
Slashdot articles of especially poor quality: Are they paid advertisements? I've read Slashdot articles for years, and there is now a new phenomenon. A publication runs an article of very poor quality and Slashdot links to it, possibly to lead Slashdot readers to the publication so that they will read the ads. This article was submitted to Slashdot by a professional writer, Hugh Pickens [hughpickens.com], who is possibly acting as a public relations agent. He has written at least 413 Slashdot articles [hughpickens.com]. Does someone at Slashdot accept money to publish his articles?
Quote from the OLDER article referenced by the OLDER Slashdot story:
'March 12, 2009, 02:46 PM - IDG News Service -
'Inverse Path researchers Andrea Barisani and Daniele Bianco say they get accurate results, picking out keyboard signals from keyboard ground cables.
'Their work only applies to older, PS/2 keyboards [PS/2 connector, not PlayStation], but the data they get is "pretty good," they say. On these keyboards, "the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna," Barisani said.
'That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. They believe they could pick up signals from a distance of up to 50 meters by simply plugging a keystroke-sniffing device into the power grid somewhere close to the PC they want to snoop on.
'Because PS/2 keyboards emanate radiation at a standard, very specific frequency, the researchers can pick up a keyboard's signal even on a crowded power grid. They tried out their experiment at a local university's physics department, and even with particle detectors, oscilloscopes and other computers on the network were still able to get good data.'
Re:usb keyboard? (Score:4, Informative)
A USB keyboard will still do a slow scan of row and column and the resistance will go up per keypress and that is what they are looking at. If you can identify the scan frequency, then you can look for current changes at the right times and reconstruct the matrix of key presses. Since most PCs use the same matrix, its trivial to convert the matrix with unknown start values into known start values once you find 0x39 (space bar) shifted some random way and frequently pressed.
Re:random noise generator? (Score:4, Informative)
even usb uses a GND and the D+/D- (data wires) aren't isolated from the GND.
Plus most GND is typically a common ground (through the chassis and to the ground of the power cable).
and if you consider the fact that this was done by unfunded, tiny group in just a week....makes ya wonder what the NSA or any other BIGGER and better funded group would have up their sleeves.
looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.
Now you know why the NSA and the other spooky types keep their classified equipment running off a generator powered by an electrical motor rather than connecting directly to the power grid. When you absolutely have to keep something secret nothing beats Faraday cages, air-gaps and mechanical isolation from the power grid.
Re:tempest (Score:3, Informative)
Not only not new, but the codeword Tempest was declassified in the 80s - not the standards, just the codeword. The Government has been doing this for a LONG time
Re:no gnd? (Score:2, Informative)
Getting rid of the ground prong at the plug won't remove the circuit ground. The neutral prong is still ground in this sense. The ground prong is intended to be connected to the metal chassis, so that if a wire comes loose inside of an appliance and contacts the chassis, it will be shorted to ground instead of causing the chassis to go live.
The reason that there is an additional ground prong and the case isn't just connected to the neutral prong is that it's easier to mess up the wiring of line and neutral at the socket, or use an adapter that's not properly polarized, etc. It's harder to plug the ground prong into anything that's not ground.
If you cut off the ground prong, you're just removing this protection; the circuit ground is still on the neutral connector, so you're not protecting yourself from this attack.