Researchers have devised two novel ways to eavesdrop on people as they enter passwords, emails, and other sensitive information into computers, even when they're not connected to the internet or other networks. Exploiting vibrational patterns and electromagnetic pulses that emanate with every character entered, the Italian …
I read about bouncing lasers off windows some 15-20 years ago. Identifying key-click patterns came not long after.
Also sometime or another I read about recognising typing rhythms - E & T are the most commonly hit keys, so people tend to hit them harder and faster.
Don't thinkk I'll lose much sleep over these
The laser microphone trick is old news - published at least ten years ago, maybe more. So far, the IT world hasn't come crashing down around our ears - possibly because so many people have sound-insulating double glazing. Although there are valid reasons why secure installations don't have windows. It's just that the overwhelming majority of PCs can be cracked in easier ways, without having a van parked outside your building, attracting attention.
The stuff about minute electrical currents - yeah, well. I think I'll wait until the "can" in the article has been translated into "here's a video of it being done".
Until then, I'll keep my PS2 keyboards (and mouse) plugged in. I'm not planning on moving away from my window either.
USB keyboards not immune
... Its just that these blokes have not identified a hack. In principle hacking USB is not really different to PS2.
Getting PS2 keystrokes should be relatively easy since the PS2 keyboard sends a clocked data stream. That should be relatively easy to pick up so long as there are few other noise sources nearly. Of course, like with any RF or magnetic signals, it would also be almost trivial to design a jammer that just spits out a stronger RF signal sending out "Mary Has A Little Lamb...", perhaps there is a maket opportunity for selling jammer keayboards or dongles to the tinfoil-hat brigade.
"Imagine what a determined government agency can do."
...Waste millions of dollars on failed contracts and public enquires?
@USB keyboards not immune
More likely USB is immune because it uses differential signaliing and any bounce it creates on the power supply is identical for a '1' or a '0'. PS2 is single ended.
This is why ...
... I only ever type in my password in the bathroom, with all the taps running.
They're not talking about detecting RF in the second method, that's from the other linked article, but about presumably some kind of cross talk due to the way the device is powered from the PC. Hence USB is immune.
Nerds at play
Not hard to defeat
For electrical signals, just stick a low pass filter on your power input - like you should anyway - a decent surge arrestor would probably do. Audio? I invest in the protection of Van Halen and AC/DC - or just use an on-screen keyboard for the critical stuff.
I rather like the poetic flow of this headline, like a fragment from some odd ballad:
"Boffins sniff keystrokes with lasers, oscilloscopes - they must love the smell of those keys.
Genius weaklings with new styles of phreaking will see all your data set free..."
Want to know what sometime is typing?
All you need are sharks with frikken' laser beams attached to their heads. This time, ill-tempered mutated sea-bass just won't do.
Is it me?
Line of sight?
Ever heard of a camera?
If the first method requires line of sight...
...then I posit there is a simpler way to capture what is being typed. Watch them type it.
...why don't you go back to staring out the window.
A storm^Wtempest in a tea cup
Hasn't the EM technique been known for many years? I can certainly remember seeing demos of it, and I think there was even a TV programme demonstrating some of the techniques, although I think that was more biased towards seeing what was on a screen. However, all electronic equipment radiates, which is what the TEMPEST standard was intended to address for sensitive military and intelligence operations.
I bet you can get a USB keyboard to play, but you'd need to analyse what the microprocessor in the keyboard was doing rather than what was on the cable, so it's a bit harder.
Haha! i use a revolutionary technique: no passwords, firewall or anti-virus. All of my sensitive info is lost in the terabytes of spam and virus activity coming from my infected bot-net computer!
Gotcha, you bastards!
A governement employee with access to your data
My system is secure
I only ever type my password in the dark, with the radio turned up full and the monitor off. Unfortunately, I can't touch type, so it's been about four years since I managed to log in.
Is it? Who ( genuinely into tech /hacking,older than say 15 ) didn ' t know that this was possible? In fact I' m fairly certain phrack covered thi s topic about 5 years ago. .. Ah well, fun anyway ...
It's in principle picking up sounds, so make more "other" noise. For buildings where discussions are had which have to stay confidential it's not unusual to put ultrasonic transmitters on the glass which put out white noise - that makes reading it pointless.
Or they simply leave out the windows ..
Power grid pick-up?
PC power supplies are switch mode items that are heavily filtered before the power gets to the motherboard. I am very doubtful that sending keyboard keystroke data would cause any significant or detectable variation in current taken along the mains power lead. They say that the power grid pickup works at a distance of 15 metres so this sounds like an RF pickup method rather that a mains current consumption monitoring method.
mad as a tinfoil-hatter
I have placed my workstation inside a large tinfoil cube, which matches my hat.
I'm feeling vulnerable today
Mines the one with the on-screen keyboard and wireless mouse. How do the spooks reconcile wet dreams with sleepless nights?
No USB keyboard-capture dongles yet?
Geesh. If you have access to the PC, then simply reach behind the PC and insert the discreet little USB keyboard recorder gadget with 4GB of embedded storage into the keyboard circuit, and then drop by the following week to retrieve it.
Do they know if the keyboard is set to Dvorak?
That could be fun.
This is amazing
Its just like those guys that could sniff your password if you typed it at one character per second 30 feet away from their large dish antenna on a keyboard plugged into a laptop with the screen switched off and an external PSU.
It's really frightening what a boffin can do these days with nothing more than a research grant and a couple of joints.
@Do they know if the keyboard is set to Dvorak?
If they're just using frequency analysis and dictionary attack to map sounds to letters, then the keyboard layout doesn't matter (but typing in a foreign language would).
(And yes I know you were just trying to be funny....)
Easier Said than Done.
Just slap some equipment together and everything is at your fingertips. Yeah, right...
A bit late to the party...
This was known about in World War II.... see the discovery by Bell Lab here: http://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf
A lengthier discussion is included in this document: A History of U.S. Communications Security (Volumes I and II); the David G. Boak Lectures, National Security Agency (NSA), 1973 http://www.governmentattic.org/2docs/Hist_US_COMSEC_Boak_NSA_1973.pdf
So really, what is new about this... that they can do it cheaply? The NSA had a guy lecturing on this crap 35 years ago... if these brilliant researchers can only discover it now then god knows what the NSA is talking about today!
USB is not immune because it uses differential signalling.
The benefit of using differential signalling is that higher data rates can be achieves because noise is reduced by utilising the high common mode rejection ratio of a differential input amplifier on the receiver end of the cable, any radiated noise received in the cable is common to both positive and negative signal lines because of their close proximity and twisting.
That is, the differental signalling concept is used to increase the speed of transmission.
You're still going to get radiated emissions from the cable.
The detection techniques rely on two principles:
radiated noise in the form of RF
conducted noise back up the power cable.
I think you'll find you will still get high frequency noise superimposed on the power line, albeit very small in amplitude. Sure, the power supply contains inductors, and if in series with the power line will provide a high impedance path to high frequency signals, but it's a high impedance which results in attenuation, it's not infinite attenuation.
You'd need to start adding appropriately designed filters on the power lines to suppress the conducted emissions.
If you really want to prevent people spying on you using the techniques then you need to start adopting TEMPEST principles and taking to the extreme, everything would be house in a Faraday cage, a big metal box, ie..a room with no windows, metal doors with berillium copper finger strips space close together down the edges of the doors to provde 100% continuity of screening.
"everything would be house in a Faraday cage, a big metal box, ie..a room with no windows..."
Sounds like my old company...
I've already seen workmates complaining about the aircon not working, and that was when we were technically still in winter!
Poor buggers... Glad I left!
Go on then, do it.
The idea that you can sniff keystrokes by their sound is all well and good under lab conditions, but the real world is a very different place.
Firstly you would need line of site to the keyboard, hitting a surface is simply not good enough if there is more than one keyboard in the room.
Secondly it relies on people's typing technique being consistent, I'm sure this is fine for trained typists but real people are completely inconsistent in their technique - most of us don't even hit the same key with the same finger every time.
So yes I'm sure it's possible under very specific conditions, but it looks like a headline grabbing excercise to me and it's not something I'll be worrying about.