Monday, October 20, 2008


Martin Vuagnoux and Sylvain Pasini

Computer keyboards are often used to transmit sensitive information such as username/password (e.g. to log into computers, to do e-banking money transfer, etc.). A vulnerability on these devices will definitely kill the security of any computer or ATM.

Wired keyboards emit electromagnetic waves, because they contain eletronic components. These eletromagnetic radiation could reveal sensitive information such as keystrokes. Although Kuhn already tagged keyboards as risky, we did not find any experiment or evidence proving or refuting the practical feasibility to remotely eavesdrop keystrokes, especially on modern keyboards.

To determine if wired keyboards generate compromising emanations, we measured the electromagnetic radiations emitted when keys are pressed. To analyze compromising radiations, we generally use a receiver tuned on a specific frequency. However, this method may not be optimal: the signal does not contain the maximal entropy since a significant amount of information is lost.

Our approach was to acquire the signal directly from the antenna and to work on the whole captured electromagnetic spectrum.

We found 4 different ways (including the Kuhn attack) to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. We tested 11 different wired keyboard models bought between 2001 and 2008 (PS/2, USB and laptop). They are all vulnerable to at least one of our 4 attacks.

We conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design). Hence they are not safe to transmit sensitive information. No doubt that our attacks can be significantly improved, since we used relatively unexpensive equipments.

More information on these attacks will be published soon, the paper is currently in a peer review process for a conference.

They have a very interesting video, it is very neat. Although everything is turn off, it might take longer for them to pick up keyboard keys if they turn everything on. But it was neat to show that it was able to pick up the keyboard from an adjacent room. I think government might have already have this kind of technology and possible pick up from a farther distance. I wonder if people might actually build these things just so they would pick up people keyboard and steal them. Kind of alot to go pick up someone keyboard password. Although if you pick the right person you might hit the jackpot. I like to see how far they can pick up remote keyboard, and what happens when there are a million keyboards being click.
Very Cool!


No comments: