Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Compromising Wired Keyboards

CmdrTaco posted about 6 years ago | from the not-a-lot-of-substance-here dept.

Input Devices 277

Flavien writes "A team from the Security and Cryptography Laboratory (LASEC) in Lausanne, Switzerland, found 4 different ways to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. They tested 11 different wired keyboard models bought between 2001 and 2008 (PS/2, USB and laptop). They are all vulnerable to at least one of the 4 attacks. While more information on these attacks will be published soon, a short description with 2 videos is available."

Sorry! There are no comments related to the filter you selected.

No comment.. (5, Funny)

Anonymous Coward | about 6 years ago | (#25439925)

I won't type what I think about that...

TEMPEST (5, Informative)

michaelhood (667393) | about 6 years ago | (#25439929)

This appears to be related to why TEMPEST [wikipedia.org] attacks work on monitors.

Re:TEMPEST (4, Insightful)

CRCulver (715279) | about 6 years ago | (#25440013)

Indeed. Already a decade ago I was hearing people claim that the best way to enter passphrases and the like would be an on-screen keyboard whose keyboard map changes after each letter is input, all ideally displayed with a TEMPEST-resistant font. Even back then people knew anything wired was snoopable.

Re:TEMPEST (3, Interesting)

FiveDozenWhales (1360717) | about 6 years ago | (#25440387)

Perhaps something like The Optimus Tactus [artlebedev.com] would be ideal?

Re:TEMPEST (1, Funny)

Anonymous Coward | about 6 years ago | (#25440941)

You know something, it would be a total bastard to get a virus for those kinds of keyboards.

Just imagine you're sitting there, working away, then BHAM, massive penis replaces all your key-set.

Or 5 goatse...s, goatsii? What would that be?

Re:TEMPEST (5, Interesting)

Harley_Ghostrider (1226170) | about 6 years ago | (#25440223)

I agree. I don't see the big "News Flash" on this. This was well known back in the mid 80's when I fixed computers for the military. They had to be Tempest certified before and after the fixes. It was common knowledge that EMF emissions would be able to be picked up and recorded some distance away from the host computer.

Re:TEMPEST (5, Insightful)

IceCreamGuy (904648) | about 6 years ago | (#25440963)

I don't see the big "News Flash" on this.

I think the big news flash on this is that they actually performed four different, real attacks on real, physical keyboards. Theory is one thing, someone actually saying "hey, we can really do this on the cheap now to 11 different keyboards sold at your local Best Buy; here's how..." is another. I don't think it's unreasonable to consider that "news for nerds."

Re:TEMPEST (3, Funny)

Hoplite3 (671379) | about 6 years ago | (#25440331)

The TEMPEST attack is nothing compared to the TEMPEST 2000 attack. Pew pew pew!

Dubious claim (5, Funny)

Drakkenmensch (1255800) | about 6 years ago | (#25439935)

Is this going to be another one of those hollow claims backed up by a viral video, like unlocking car doors with a tennis ball?

Easier way to open the car... (5, Funny)

MindKata (957167) | about 6 years ago | (#25439973)

"like unlocking car doors with a tennis ball".

Its much easier with a cricket ball. Just use it to break the window.

Re:Easier way to open the car... (5, Funny)

nacturation (646836) | about 6 years ago | (#25440843)

Its much easier with a cricket ball. Just use it to break the window.

That may be how the Brits do it, but using a bowling ball generally meets with smashing success.

Re:Dubious claim (-1, Redundant)

nawcom (941663) | about 6 years ago | (#25439981)

Is this going to be another one of those hollow claims backed up by a viral video, like unlocking car doors with a tennis ball?

step 1: wrap a string around a tennis ball and a brick so they are tightly snug; I suggest to use the "1337 h4x0r knot" for extra tightness.

step 2: throw the tennis ball-brick at the driver side car door window.

step 3: place your hand past where the window once was and move the locking switch on the door from its locked position to its unlocked position.

step 4: open the door.

Re:Dubious claim (0)

Anonymous Coward | about 6 years ago | (#25440053)

Is this going to be another one of those hollow claims backed up by a viral video, like unlocking car doors with a tennis ball?

step 1: wrap a string around a tennis ball and a brick so they are tightly snug; I suggest to use the "1337 h4x0r knot" for extra tightness.

step 2: throw the tennis ball-brick at the driver side car door window.

step 3: place your hand past where the window once was and move the locking switch on the door from its locked position to its unlocked position.

step 4: open the door.

You forgot

step 5: ???

step 6: Profit!

Re:Dubious claim (0, Redundant)

erayd (1131355) | about 6 years ago | (#25440137)

step 5: ??? step 6: profit!!!

Re:Dubious claim (1)

Kamokazi (1080091) | about 6 years ago | (#25440163)

Probably...something while technically possible, is not very feasible for practical use.

I really just posted to comment on your sig. I think there is a worse oxymoron: Military Intelligence

Hmm... (3, Funny)

pzs (857406) | about 6 years ago | (#25439943)

I might have to extend my tinfoil hat to some kind of head-mounted lead telephone box.

TEMPEST in a teapot - - - ANYONE? (0, Offtopic)

Anonymous Coward | about 6 years ago | (#25439955)

Hello? Is this thing on?

If it only works on Wired keyboards... (4, Funny)

The Ultimate Fartkno (756456) | about 6 years ago | (#25439961)

...why should I worry? I work for BoingBoing.

Time for a Faraday cage? (5, Interesting)

apathy maybe (922212) | about 6 years ago | (#25439967)

To determine if wired keyboards generate compromising emanations, we measured the electromagnetic radiations emitted when keys are pressed. To analyze compromising radiations, we generally use a receiver tuned on a specific frequency. However, this method may not be optimal: the signal does not contain the maximal entropy since a significant amount of information is lost.

Our approach was to acquire the signal directly from the antenna and to work on the whole captured electromagnetic spectrum.

Looks like a room or building size Faraday Cage [wikipedia.org] (a foil hat the size of your house!) might be the only defence...

Especially considering that you can also detect what is shown on monitors (again, by detecting the electromagnetic radiation), and so on screen "keyboards" operated with a mouse become not so useful.

It's not clear from the article whether they have have the keyboard before hand to be able to record which key-press outputs what radiation, or if they can use this (and by that I mean one of the four) technique on any old keyboard, including ones they haven't seen before.

Anyway, this shouldn't be too surprising to anyone, electronics emit electromagnetic radiation, which can be captured.

Re:Time for a Faraday cage? (4, Insightful)

bhima (46039) | about 6 years ago | (#25440069)

Being the only house on your block not radiating all sorts of data sounds like an excellent reason for the DHS to perform a no-knock raid with a legions of SWAT teams and an armored troop carrier or two.

Re:Time for a Faraday cage? (5, Funny)

Anonymous Coward | about 6 years ago | (#25440177)

Which is why you move to Pennsylvania and live among the Amish. Also, your crazy hacker beard will look a little less crazy.

Re:Time for a Faraday cage? (1)

mapkinase (958129) | about 6 years ago | (#25440653)

Thanks for advise. I guess it should work for Muslims w/ beards, like myself, too. /Once I tried a straw hat in a store.

Re:Time for a Faraday cage? (0)

Anonymous Coward | about 6 years ago | (#25440705)

your crazy hacker beard will look a little less crazy.

Alan Cox has released his beard under GPL so it is now that much easier.

Re:Time for a Faraday cage? (1)

Aphoxema (1088507) | about 6 years ago | (#25440313)

I know you're not serious, or I hope you aren't, but how would they know the difference between you intentionally blocking transmissions and just not having stuff turned on?

Re:Time for a Faraday cage? (1)

jimicus (737525) | about 6 years ago | (#25440459)

I know you're not serious, or I hope you aren't, but how would they know the difference between you intentionally blocking transmissions and just not having stuff turned on?

Probably because it's not just computers that emit electromagnetic radiation. Even the mains wiring will emit a certain amount.

Re:Time for a Faraday cage? (1)

Aphoxema (1088507) | about 6 years ago | (#25440529)

Oh, yeah... I'll just need a monkey playing solitaire on a computer that isn't shielded all the time.

Privacy is so damned expensive...

Re:Time for a Faraday cage? (4, Funny)

UnknowingFool (672806) | about 6 years ago | (#25440361)

The solution to this is simple. Have at least one computer outside the cage. If you have a teenage, even better. Cause nothing would drive those eavedroppers crazy than listening in on teenage conversations:

No way!
4sho!
LOLZ
idc. let's go w bff jill

Of course, this might be one of those cases where the solution is worse than the problem.

Re:Time for a Faraday cage? (1)

TheLink (130905) | about 6 years ago | (#25440965)

That's no problem, just use two AI bots chatting with each other instead of having a teenager.

The snoops would have to monitor for a significant time before they'd realize the difference.

If they're choosing to monitor your house for hours, they probably have something else on you.

Re:Time for a Faraday cage? (1)

apathy maybe (922212) | about 6 years ago | (#25440495)

Not to mention it would probably be more expensive to shield an entire house then merely one room within that house...

But, why is anyone monitoring what houses are radiating or not? Are there really government folks wandering around with electromagnetic radiation detection equipment?

I know I sometimes sound paranoid (hey, they are out to get me), but that sounds crazy.

Re:Time for a Faraday cage? (1)

MBGMorden (803437) | about 6 years ago | (#25440559)

Yeah, because SWAT is totally raiding all those people without TV's and computers . . .

Maybe time for a DVORAK keyboard (1)

thered2001 (1257950) | about 6 years ago | (#25440731)

That'll keep 'em busy! (Or at least keep the /. crowd busy debating whether it would help or not.)

Re:Maybe time for a DVORAK keyboard (0)

Anonymous Coward | about 6 years ago | (#25440935)

It wouldn't.

Re:Maybe time for a DVORAK keyboard (2, Insightful)

rhsanborn (773855) | about 6 years ago | (#25441045)

It shouldn't keep them busy for long. I haven't been able to get to the description yet, but I assume a Dvorak layout, or any other layout for that matter would look like a simple replacement cipher and wouldn't take long to crack.

Re:Time for a Faraday cage? (1)

Hoi Polloi (522990) | about 6 years ago | (#25441031)

They need a reason to do that?

Re:Time for a Faraday cage? (1)

deander2 (26173) | about 6 years ago | (#25440317)

damn... and i was hoping for security on my desk AND a working cell phone in my pocket. =P

Re:Time for a Faraday cage? (1)

FiveDozenWhales (1360717) | about 6 years ago | (#25440349)

Or a Faraday cage the size of a keyboard. From TFA, "We conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design)." E.G., these things COULD be shielded, but what fool would shell out an extra $25 for that?

Worlds slowest typist (1)

Xandar01 (612884) | about 6 years ago | (#25440925)

Seriously can the guy type faster than 3 words a minute? Can his decoding software only work up to a certain speed? I am betting most people enter there passwords in less than a second, not with second long pauses between each character.

Re:Time for a Faraday cage? (4, Interesting)

d3ac0n (715594) | about 6 years ago | (#25441071)

Looks like a room or building size Faraday Cage (a foil hat the size of your house!) might be the only defence...

This is actually easier to do than you might imagine. My old house was essentially a Faraday Cage. You could NOT get a wireless signal more then 1 foot outside it. Why? Aluminum Siding. Add in aluminum powder tinted windows (triple layer UV and thermal glass) and the only leakage was straight up through the roof.

So you could get an OK cell-phone signal on the second floor (2 bars), but almost nothing on the first floor. Walk out the front door, 4 bars. Same with WiFi. Full strength "g" signal anywhere inside, walk outside and the connection drops.

My current home has asbestos siding (bleah!) that does nothing to attenuate the Wifi signal, so I actually had to encrypt my wireless for the first time ever when I moved. I can pick up my wireless signal about 2 doors away now, and it's the same wireless device I used in my old house, located in a roughly similar spot (close to the center of the house, in the basement, on a shelf near the basement rafters)

If I could I'd re-side in Aluminum again, but the costs to re-side an asbestos tile sided house are astronomical, and many places simply won't do it.

Regardless, if you really want to attenuate any wireless signals going into or out of your home, slap on some aluminum siding. You'll kill those pesky wireless signals, AND make your house look really nice at the same time.

all i did (1)

Bizzeh (851225) | about 6 years ago | (#25440089)

all i did was point a hidden camera at the keyboard.

You can never have too mutch Faraday cages. (1)

jack2000 (1178961) | about 6 years ago | (#25440103)

Simple, next gen of high sec keyboards will have metal mesh in the cable and plug, and also either be made of metal or have metal casing.

Cryptonomicomics (4, Insightful)

argent (18001) | about 6 years ago | (#25440125)

Oh no, we will have to learn to type code by tapping on a single key and read the results in the flickering of the hard drive light.

When they can manage the same trick in a noisy office environment with dozens of keyboards and monitors in use, then I'll worry.

Re:Cryptonomicomics (2, Interesting)

Sockatume (732728) | about 6 years ago | (#25440561)

On that subject, I recall that certain brands of modem lit the activity indicator by flashing it on for a zero and off for a one. The LED was quick enough to allow an attacker to read off all the data from across the room.

Re:Cryptonomicomics (5, Insightful)

argent (18001) | about 6 years ago | (#25440635)

Most modems back in the '80s just ran either RD, TD, or (RD|TD) through the LED. It was cheap and easy and gave you a good activity signal. Nobody cared about people sniffing the data through the LED, and really hardly anyone is ever going to be in a situation where they're even potentially exposed. And for virtually all the rest, this is hardly the low hanging fruit... if you can get close enough to read the LED, you're close enough to see what the target is doing any number of easier ways.

Re:Cryptonomicomics (2, Funny)

mikael (484) | about 6 years ago | (#25440901)

Or you could always get a second keyboard and a monkey. Combined together, they should generate enough random data to disguise what you are typing.

Not too bad (1)

Fnord666 (889225) | about 6 years ago | (#25440139)

Now all you have to do is talk your target into removing all possible sources of interfering EM from their computer (like the power supply, the screen, etc.) and to pause between each character that they type.

laptops only? (3, Insightful)

ikirudennis (1138621) | about 6 years ago | (#25440155)

These videos indicate that the powersupply interferes with the signal, so they only test on laptops running on battery. Does this mean that it doesn't work on desktop computers?

Re:laptops only? (1)

rishistar (662278) | about 6 years ago | (#25440205)

It may be the process of the battery being charged while its plugged in that inteferes with signals - it certainly can affect recording audio via a mic input in a laptop.

Re:laptops only? (0)

Anonymous Coward | about 6 years ago | (#25440435)

I believe they remove any an all common links (like AC power) to prevent any interferece from being propagated to the listening equipment.

Re:laptops only? (0)

Anonymous Coward | about 6 years ago | (#25440273)

That, or the power supply provides ground, which could shield the keyboard's cable (if it has one)?

Re:laptops only? (4, Informative)

tsvk (624784) | about 6 years ago | (#25440307)

I understood that the disconnecting of the charger was because of that the "victim" laptop computer and the "attacker" desktop computer were connected to the same electrical mains network of the building.

By disconnecting the laptop charger it was proven that the keyboard signal was truly intercepted from over-the-air electromagnetic radiation, as the laptop was "independent" and not connected to anything. There was not any chance that the signal could have leaked or transmitted any other way.

Re:laptops only? (-1)

Anonymous Coward | about 6 years ago | (#25440413)

i for one have seen the ethernet wire! ;)

Re:laptops only? (2, Informative)

mollymoo (202721) | about 6 years ago | (#25440325)

These videos indicate that the powersupply interferes with the signal, so they only test on laptops running on battery. Does this mean that it doesn't work on desktop computers?

I think they only removed the power supply and monitor because sniffing monitor and power supply emissions are known attacks. They wanted to demonstrate that it really was the keyboard they were sniffing. I guess we'll have to wait for the paper to see how well it works when the other emissions you get from a complete system are present.

Re:laptops only? (1)

anagama (611277) | about 6 years ago | (#25441083)

Well, in that case it would have been nice if they ran the attack with a complete running setup and tried to type at least 30 wpm. After watching the videos, I had the impression that the impression that the decoding software and/or hardware was simply not sensitive enough to capture real data -- this doesn't rule out future refinement, but it makes the current demo less impressive.

Re:laptops only? (1)

citizenr (871508) | about 6 years ago | (#25440741)

on battery AND with no screen

Encryption (1)

j00r0m4nc3r (959816) | about 6 years ago | (#25440193)

Couldn't this easily be mitigated with an encrypted keyboard link?

Re:Encryption (1)

Aphoxema (1088507) | about 6 years ago | (#25440383)

Or just have a monkey type stuff out on another keyboard all the time.

TsaqggaRahdfjhadfY Tafhnae4na76O aRangsdEa4636AanyhryD T4gmbjjhnozbsHyaengjasdojgboI4asbjgsx5yS YsdgbajrnlynrOrayeryreU Byaery5hbeautrAuntrauahShaheTahkapdfhAgaeiyp45RfwdgDS

Re:Encryption (2, Funny)

fprintf (82740) | about 6 years ago | (#25440799)

Holy smokes. Either a coincidence or you have been snooping my network, but that is exactly the beginning of my AES key...

There is always a method of attack (1)

IndustrialComplex (975015) | about 6 years ago | (#25440203)

I like this method:

Setup a microphone (directional is preferred) and direct it at the keyboard you would like to monitor. Record the sound of the person typing their password a few times. Then send them an email and a response request. Record that sound and use it to determine the sound of each key. Because of wear, finger position, and angle of attack, each keypress sounds a little different than the rest.

Now, thanks to the email responses, you have a sample of what the keys should sound like.

Of course, a simple video camera is often much easier.

Re:There is always a method of attack (1)

moranar (632206) | about 6 years ago | (#25440793)

That assumes no typos and no editing.

Re:There is always a method of attack (1)

nacturation (646836) | about 6 years ago | (#25440907)

That assumes no typos and no editing.

Because of the silent backspace key?

Re:There is always a method of attack (1)

Yvan256 (722131) | about 6 years ago | (#25440859)

Or you could, you know, just ask the guy his password.

What, no good?

Features win over Security (again). (2, Insightful)

geekmux (1040042) | about 6 years ago | (#25440229)

Instead of trying to put 72 hot keys, along with a volume knob, EQ, and 17 LEDs emitting a dizzying array of light colors, how about just a keyboard?

Without all the extra crap, there just may be a chance to reduce the overall voltage required to drive a keyboard, and therefore reduce the eminations. Could go hand in hand with all this talk of going "Green" with PCs.

Of course, that will never happen, because we're far too fascinated with keyboard bling. After all, feature-creep isn't a problem, it's a lifestyle, right?

Re:Features win over Security (again). (2, Interesting)

Constantine XVI (880691) | about 6 years ago | (#25440363)

On the other hand, all the extra blinkenlights would create more interference, reducing the effectiveness of this attack.

Re:Features win over Security (again). (0)

Anonymous Coward | about 6 years ago | (#25440473)

IIRC, current induces EMI.

You would want a keyboard that still uses little power, but rather is powered from your 120 VAC house outlets (with chips that run at that voltage, rectified, of course!) This would reduce the current requirements for the keyboard, although spilled drinks might become just a little bit more dangerous...

Re:Features win over Security (again). (0)

Anonymous Coward | about 6 years ago | (#25441009)

"IIRC, current induces EMI."

Interesting. I had always assumed that voltage induces EMI more because AM radio stations use linear amplifiers (i.e. those which change output voltage based on input voltage) and they appear to change output strength based on the input voltage of the signal.

Re:Features win over Security (again). (1)

Yvan256 (722131) | about 6 years ago | (#25440845)

Check out the Apple Aluminium keyboard. It only has a led for Caps Lock and the multimedia keys are the same as the function keys. I don't know if it helps but the whole top is aluminium, which could shield a bit of EMI.

Nothing new (5, Interesting)

thered2001 (1257950) | about 6 years ago | (#25440259)

I saw this demonstrated about 10 years ago while working for a military contractor during a demonstration to increase awareness of security risks. They were able to capture video and keyboard data through a wall adjacent to the PC being monitored. (I can't elaborate on who 'they' were...but I'm sure astute readers can guess correctly.)

Re:Nothing new (0)

Anonymous Coward | about 6 years ago | (#25440329)

tempest is old as mccain

Re:Nothing new (5, Informative)

Constantine XVI (880691) | about 6 years ago | (#25440433)

It's called van Eck phreaking, and it's been applied to monitors for a while now, but no-one's really talked about sniffing from the keyboard.

Painfully typical (1)

Aphoxema (1088507) | about 6 years ago | (#25440277)

This certainly doesn't surprise me, I've only taken apart one keyboard in my life that appeared to be properly shielded, something I wish was more popular. I actually managed to break a PS/2 port once through a static discharge that left my finger black, and this was back when USB keyboards were a really new thing.

Same with mice and a million USB peripherals, plastic isn't nearly enough, everything should have a proper faraday shield, yet even the most expensive stuff doesn't.

Re:Painfully typical (0)

Anonymous Coward | about 6 years ago | (#25440345)

... one keyboard in my life that appeared to be properly shielded
Which one?

Re:Painfully typical (1)

Aphoxema (1088507) | about 6 years ago | (#25440557)

Some ancient thing that weighed more than a... uhh... I don't got anything witty. It was heavy. Or something.

Re:Painfully typical (1)

Yvan256 (722131) | about 6 years ago | (#25440805)

The IBM Model M is ancient and heavy.

Then again, so am I.

Damn! (1)

ale_ryu (1102077) | about 6 years ago | (#25440291)

I'll have to encrypt mentally now.

Truecrypt refuses to deal with this.... (0, Redundant)

Anonymous Coward | about 6 years ago | (#25440297)

The developer of truecrypt (hard drive encryption software) has been made aware of these issues in the past and so far has refused to include any kind of graphical keyboard interface in the software. It is extremely frustrating when you have a problem like this staring you in the face and they refuse to deal with it.

Re:Truecrypt refuses to deal with this.... (1)

apathy maybe (922212) | about 6 years ago | (#25440437)

Yeah, and it isn't like the same issues don't come up with computer monitors...

Not to mention, MS Windows XP (at I seem to recall earlier versions) come with an on screen keyboard. Programs > Accessories > Accessibility > On Screen Keyboard.

So, if you use MS Windows (and TrueCrypt was written originally for MS Windows, and based on earlier code written for MS Windows), don't complain. And if you are using GNOME, I just found at least two programs available in Ubuntu repositories, I'm sure that there are plenty more.

I wrote a program back in high school which was basically an on screen keyboard, sure you would have to copy and paste what you "wrote", but it's still there. (It wasn't hard, any programmer could do it.)

OK, you're worried should surfers, I didn't do it, but it wouldn't be hard to obscure what is being "written", and still make it possible to copy and paste it (unlike "password" fields in HTML forms).

So basically, quit fucking complaining and thing about other options you muppet.

Re:Truecrypt refuses to deal with this.... (1, Insightful)

Anonymous Coward | about 6 years ago | (#25440573)

could that be because every major operating system comes with an onscreen keyboard if you're paranoid enough to want to use one?

Re:Truecrypt refuses to deal with this.... (1)

dieth (951868) | about 6 years ago | (#25440873)

Windows & Linux already have software keyboards, don't know why you would need one built into the interface.

Windows XP&Higher: osk.exe

Linux:
http://www.bbc.co.uk/accessibility/linux/keyboard/keyboard_easy/screenkeys/on_screen_keyboard_gnome.shtml [bbc.co.uk]

I also believe TrueCrypt is opensource, so if you really want an OSK in the interface, write it yourself, or pay someone else too if you are incapable.

Speed (2, Interesting)

asCii88 (1017788) | about 6 years ago | (#25440335)

Has anybody noticed that he types really slow? I believe it might not work correctly if many keys are pressed in a short period of time.

'stuff that (really) matters' overlooked? (-1, Offtopic)

Anonymous Coward | about 6 years ago | (#25440389)

http://www.ireport.com/docs/DOC-118109

My Model M (01DEC92) is immune (0)

Anonymous Coward | about 6 years ago | (#25440393)

Its output is a stream of small stone tablets bearing glyphs.

But did they test with a Model M? (4, Funny)

sirwired (27582) | about 6 years ago | (#25440395)

As everyone should know, the IBM Model M is the One True Keyboard. Surely all of the steel plating inside that thing must be good for something! If all else fails, the relentless clicking while they listen to your bugged cube or house should drive them completely insane.

Even if it doesn't prevent snooping, you could still use the thing as a self-defense weapon when Mysterious Men From the Shadows come to capture you.

SirWired

Re:But did they test with a Model M? (5, Funny)

thered2001 (1257950) | about 6 years ago | (#25440461)

I'm not so sure...I would expect that the Model M probably produces a spark-gap kind of effect which can be picked up on AM radios a block away.

Posters (0)

Anonymous Coward | about 6 years ago | (#25440423)

What are the motivation posters on the wall on video #2? I mean, does anybody know if they are for real or the parody ones?

MI5 & Intelligence Agencies (2, Interesting)

Manip (656104) | about 6 years ago | (#25440483)

MI5 have had this for years. I mean at the range talked about in the article they can also get a good picture quality from your monitor too. This problem has been known about since the 1980s and is the reason why the security services use magnetic shielding either in an entire building or just in private rooms (such as those that exist in every British Embassy internationally).

EM leaks have no real solution at this stage except to shield like crazy. There is potential for some kind of white noise generator but different pieces of electronics would require one tuned to them and the levels required would make a blanket device expensive, or overly large.

I wouldn't worry about people listening in to your keyclicks at home just yet. Perhaps if you work a big corp and there is money on the line. Corporate espionage is big business arguably even bigger than legitimate government work.

Re:MI5 & Intelligence Agencies (0)

Anonymous Coward | about 6 years ago | (#25440899)

Longer than the 80s. I first encountered TEMPEST training in the Air Force in 1973, don't know how much before that it went.

Re:MI5 & Intelligence Agencies (2, Interesting)

Yvanhoe (564877) | about 6 years ago | (#25441043)

CRT monitors used to leak a lot of EM. Is it still working with LCD screens ? I doubt it

Shenanigans? (5, Interesting)

tdc_vga (787793) | about 6 years ago | (#25440579)

If you watch the video he sets the keyboard.eavesdropper into a listening/polling state waiting for keypress information. From there it's filtered and decoded --fine. Now the part that seemed odd to me is it exits as soon as it finds the 'e' in 'trust no one', why?

If the eavesdropper is in a polling state it should continue looking for more keypresses, unless something there are some smoke and mirrors going on. Also, if you listen there's no termination sent --no keypresses heard on camera.

Up to 20 meters? (1)

fortyonejb (1116789) | about 6 years ago | (#25440687)

The question is, how realistic is it that anyone can really get anything useful doing this? In an office there are so many of us typing away that it would be a total jumble. If you lived in an apartment complex, its quite likely their would be enough external interference that even in the next apartment they couldnt pick anything up. That leaves my house, and a 20 meter radius puts you on my property, good luck setting up your equipment without me noticing you on my front lawn. It sounds neat but highly unlikely that it can be an actual problem.

Re:Up to 20 meters? (2, Interesting)

fprintf (82740) | about 6 years ago | (#25440867)

Think of this as a proof of concept, with additional range yet to come. To you it might not be a big deal, but to others (e.g. the tinfoil hat crowd) it is likely a very small distance in time between the current 20 meter range and a 100 yards or more. And yet to others still, it is of concern now, for example apartment blocks, condos or dormitories where you may be less than 20 meters away from several other residents.

Re:Up to 20 meters? (1)

Cassini2 (956052) | about 6 years ago | (#25440875)

The question is, how realistic is it that anyone can really get anything useful doing this?

Set up a repeater unit outside of an executive's house, then do trades on the stock market. You could hide all the electronics in a small box, and make it look like a piece of phone or telco equipment. No one would touch it for 20 years.

The harder activity would be to disguise the trades so the SEC doesn't figure it out.

I bet someone has already tried something like this. There are too many security agencies in the world for it not to have been tried at least once ...

Oh well, how realistic might that be? (1)

Niedi (1335165) | about 6 years ago | (#25440711)

I'm wondering if this is really an issue.... I mean come on, they used a damn HUGE antenna for the setup with the wall inbetween, always disconnected the psu and typed really carefully and slowly. It would be interesting to see how much you can still recover with a more realistic setup, like a faster typer, plugged in psus, some other electronic equipment in the room and an antenna that can be put in/ontop one of these neat little dark vans.

Thinfoil as a poor man's solution? (0)

Anonymous Coward | about 6 years ago | (#25440745)

If I would wrap my keyboards cable with thin foil would that solve the problem?

Which other simple tricks could make it much more difficult to (try to) stop these type of attacks (to some level)?

Re:Thinfoil as a poor man's solution? (1)

fprintf (82740) | about 6 years ago | (#25440969)

You can wrap your keyboard in tinfoil, or the cable or even put a tinfoil hat on your head. You can bet once it is proven effective that the government will invent new laws to make it illegal to possess tinfoil shielded computer equipment. The premise will be that such tools are "proof" of criminally minded activities. Never mind your right to privacy or your innocence until proven guilty.

We used to have anti-radar detector laws in my State - the reasoning was that anyone who used a radar detector was defacto guilty of speeding because a radar detector serves no other legitimate purpose. Fortunately the voters had enough and the state legislators repealed the law (Connecticut) about the same time the speed limit went up to 65.

Apple Aluminium Keyboard (1)

Yvan256 (722131) | about 6 years ago | (#25440765)

This thing has an aluminium top (but a plastic back), would it be safer than a 100% plastic casing keyboard?

How about those new unibody MacBooks and MacBook Pros?

No, I didn't RTFA.

Does it work.. (2, Interesting)

inotocracy (762166) | about 6 years ago | (#25440795)

..when you operate the computer like a normal person? You know, powered on machine, typing at a normal rate..

Soft Iron in the Keyboard? (1)

DnemoniX (31461) | about 6 years ago | (#25440821)

Would it help if the keyboard was lined with oh I don't know...tinfoil perhaps? Or use a plastic with soft iron embedded into it? I mean I am just spit balling here, but this shouldn't be that hard to reduce emissions on.

Nice theory, but (0)

Anonymous Coward | about 6 years ago | (#25440825)

Are we supposed to believe this on the grounds of this "proof"? There are countless ways to cheat, including:

* The program is just a fake.
* The laptop's wifi.
* Some kind of transmitter in the keyboard itself.
* Dude running into the other room and feeding the program the same data.
* Advanced voice recognition ("I am going to type blah").
* "decode" is the da vinci virus.

fishy (1)

norpan (50740) | about 6 years ago | (#25441081)

The video looks fishy, how does the computer program know when to stop collecting keyboard input? The video shows someone going to the other keyboard and when coming back the program has quit.

And what about the electromagnetic interference of the whole computer running close to the antenna, and the keyboard of that computer?

Fishy

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?