×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Stealing Data Via Electrical Outlet

timothy posted more than 4 years ago | from the accidentally-forget-to-label-some-220v-outlets dept.

Security 208

Ponca City, We love you writes "NetworkWorld reports that security consultants Andrea Barisani and Daniele Bianco are preparing to unveil their methodology at the Black Hat USA conference for stealing information typed on a computer keyboard using nothing more than the power outlet to which the computer is connected. When you type on a standard computer keyboard, electrical signals run through the cable to the PC. Those cables aren't shielded, so the signal leaks via the ground wire in the cable and into the ground wire on the computer's power supply. The attacker connects a probe to a nearby power socket, detects the ground leakage, and converts the signal back into alphanumeric characters. So far, the attack has proven successful using outlets up to about 15 meters away. The cost of the equipment to carry out the power-line attack could be as little as $500 and while the researchers admit their hacking tools are rudimentary, they believe they could be improved upon with a little time, effort and backing. 'If our small research was able to accomplish acceptable results in a brief development time (approximately a week of work) and with cheap hardware,' they say, 'Consider what a dedicated team or government agency can accomplish with more expensive equipment and effort.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

208 comments

usb keyboard? (5, Interesting)

screamphilling (1173499) | more than 4 years ago | (#28666103)

what about usb keyboards? those wires are shielded. the compared the signal to a mouse signal so I'm assuming they're talking about ps2. still interesting(alarming) surveillance technology nonetheless

Re:usb keyboard? (3, Funny)

siloko (1133863) | more than 4 years ago | (#28666143)

which is one of the reasons why I purposely get my password wrong, constatnly. Hold on who is this siloko person!?

random noise generator? (5, Interesting)

MoFoQ (584566) | more than 4 years ago | (#28666145)

even usb uses a GND and the D+/D- (data wires) aren't isolated from the GND.
Plus most GND is typically a common ground (through the chassis and to the ground of the power cable).

and if you consider the fact that this was done by unfunded, tiny group in just a week....makes ya wonder what the NSA or any other BIGGER and better funded group would have up their sleeves.

looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.

Re:random noise generator? (4, Funny)

commodoresloat (172735) | more than 4 years ago | (#28666151)

looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.

Too much work. Just do what I do -- don't ever type anything worth reading.

Re:random noise generator? (4, Funny)

MoFoQ (584566) | more than 4 years ago | (#28666179)

or hook up an old ipod running death metal to the gnd

Re:random noise generator? (4, Funny)

mcrbids (148650) | more than 4 years ago | (#28666215)

Too much work. Just do what I do -- don't ever type anything worth reading.

I am posting at Slashdot - kinda like preaching to the converted, isn't it?

Re:random noise generator? (1)

OolimPhon (1120895) | more than 4 years ago | (#28666209)

looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.

Vacuum cleaner? Microwave? Air conditioning?

Re:random noise generator? (1)

siloko (1133863) | more than 4 years ago | (#28666225)

Vacuum cleaner? Speak for yourself! My vacuum cleaner hose doubles as a microphone and a more melodic password obfuscator has rarely been heard!

Re:random noise generator? (5, Funny)

arctanx (1187415) | more than 4 years ago | (#28666227)

looks like I have to come up with a random noise generator to hook up to the ground of my power outlets.

Try not to get stabbed by any local amateur radio operators.

Re:random noise generator? (2, Interesting)

Hurricane78 (562437) | more than 4 years ago | (#28666679)

We musicians have our tricks and devices to get rid of power-line disturbances. I recommend looking for such a device in a big store for musicians and a guide on the net.

Newton's law? (1)

mcrbids (148650) | more than 4 years ago | (#28666249)

Many 'net junkies like to say things like "Information wants to be free!" as if there was something anthropic about information.

But information is the foundation of the Universe, so much so that quantum mechanics is routinely described with terms like "information loss" and even measured. It's almost like Douglas Adams was right all along, and the universe actually is a large supercomputer trying to find out the answer to life, the universe, and everything. Where are the hyper-intelligent mice?

But if the universe is information, then the laws of the universe apply to information itself. Laws, such as: Every action has an equal and opposite reaction.

While things like shields and noise generators serve to obfuscate what goes on in a computer, they don't actually solve the basic issue that power *is* being consumed, radio waves *are* being generated, heat is being generated, and that these properties will *always* be detectable by various means so long as they are, in fact, being generated.

The only possible way around this might be some form of reversible computing [wikipedia.org] but the basic programming model will require so many architectural changes to enact that it's realistically an entirely new form of computing.

Re:Newton's law? (0)

Anonymous Coward | more than 4 years ago | (#28666621)

Unfortunately, Newton's Law only applies to just that - Newtonian Mechanics.

Re:random noise generator? (1)

kdemetter (965669) | more than 4 years ago | (#28666275)

I'll have to read this article , because i'm somehow about this.
Normally , a power supply contains a rectifier , so this should mean the signal can't be carried back.

I'll have to do some tests on this.

Re:random noise generator? (1)

MichaelSmith (789609) | more than 4 years ago | (#28666383)

Normally , a power supply contains a rectifier , so this should mean the signal can't be carried back.

Current going into a diode will tell you the impedance coming out of the diode.

Re:random noise generator? (1)

wall0159 (881759) | more than 4 years ago | (#28666469)

"looks like I have to come up with a random noise generator to hook up to the ground of my power outlets."

There would already be a lot of noise in the signal which they must be able to filter already. You'd probably be better off connecting something that mimicked a series of keyboards with keystrokes that were plausible. This would not be random at all, and your keyboard would then be one keyboard hiding among many keyboards, rather than a single keyboard hiding within (approximately white) noise -- which could actually be quite conspicuous.

Re:random noise generator? (1)

veganboyjosh (896761) | more than 4 years ago | (#28666891)

What about a device that loops and delays the signals coming from the keyboard, and runs those down the line. With the current keystrokes as well as those from 30 seconds ago, and those from 3 minutes ago, etc, that might be too much similar signal to get something coherent out of.

Similar to a looping/distortion pedal for a guitar/instrument.

Re:random noise generator? (1, Informative)

Anonymous Coward | more than 4 years ago | (#28666593)

The original academic spur for TEMPEST was also done with cheap hardware available from non-specialty stores. That's why TEMPEST is so important--anyone with a bit of technical know-how and $40 in their pocket can eavesdrop effectively.

Re:random noise generator? (0)

Anonymous Coward | more than 4 years ago | (#28666663)

A + RANDOM NOISE = A

Given you have enough data samples. If you like, what you need is false signals mixed in with real signals.

Or just use a laptop, and only charge it when it is switched off ...

There's probably some grumbling going on (1)

HangingChad (677530) | more than 4 years ago | (#28666841)

...makes ya wonder what the NSA or any other BIGGER and better funded group would have up their sleeves.

There are probably some NSA designers out there reminding everyone that it was inevitable someone would figure it out and luckily they still had 500 more ways to get the same data.

Years ago at Hanford they were doing some experiments monitoring the power going into a house. Discovered they could tell exactly what was going on in every room at any given moment just by watching minor fluctuations in the power signal. I can't remember if it was utility sponsored research or DoE funded. It was discontinued over privacy concerns...or so they said at the time. I'm sure the NSA wouldn't share those concerns. With the right equipment I'm wondering if you couldn't key log every computer in the house for entire neighborhoods?

The day I have to run a Wild Weasel mission to mask keystrokes on my wall outlets is the day I'm going to get really serious about moving off grid.

Root is like crack (4, Funny)

Anonymous Coward | more than 4 years ago | (#28666197)

Root is like crack. Don't smoke it. I did once and got hooked. I ran Mac OS Updates as root. ****, I even had sex with my girlfriend as root. Man, that caused some permissions problems. When I started the road to recovery (logging in as Zacks) my girlfriend was all like: "**** no! You can't get any cause you don't own me an I don't go groups. You don't have the power to read, write OR execute so get out of my FACE" So I was all HELL NO bitch. And she wuz like you do not have root (superuser) privlages so get out of my TruBlueEnvironment! So then I went chown and chmodded her ass to me. Dat be-otch be up in my hizzouse. What what. Holla!

Re:usb keyboard? (1)

carvell (764574) | more than 4 years ago | (#28666231)

Very, very often, the individual cables (0v, 5v, D+, D-) within the cable aren't shielded from each other, there's just a shield round the whole lot.

This attack talks about data getting from the data lines to the ground line, which would still happen with most USB cables, certainly the vast majority of keyboards I'd reckon.

More likley to knock the noise out is the fact that the data is transmitted as D+ and D- in USB. If the D+ leaks onto the 0v wire, the D- can also leak, which just cancels the D+ out, so nothing is seen.

Re:usb keyboard? (0)

Anonymous Coward | more than 4 years ago | (#28666267)

don't most people use a UPS?

I like this one
http://www.newegg.com/Product/Product.aspx?Item=N82E16842111279

Re:usb keyboard? (1)

mlts (1038732) | more than 4 years ago | (#28666431)

Naw, I recommend an AC motor connected to a generator via a short shaft linkage, perhaps some gearing to ensure it spins exactly at 3600 RPM in the US, and 3000 RPM in Europe (60hz and 50hz respectively). Yes, it wastes a good amount of power because it converts electricity to rotational movement and back again... but it is going to be difficult for one side to figure out what the other side is doing. Especially if the secure side then has an online UPS with a decent array of deep cycle batteries.

For even more security, there is always power over the air that Tesla worked on and there have been some advances in.

But, in reality, the only solid defense against this type of attack is to get TEMPEST rated equipment that is shielded from the power plug on with high quality mu metal wrapped around everything.

Re:usb keyboard? (1)

WillKemp (1338605) | more than 4 years ago | (#28666463)

Naw, I recommend an AC motor connected to a generator via a short shaft linkage, perhaps some gearing to ensure it spins exactly at 3600 RPM in the US, and 3000 RPM in Europe (60hz and 50hz respectively). Yes, it wastes a good amount of power because it converts electricity to rotational movement and back again...

A rotary converter. My dad used to have one of those - it was a beautifully made thing, all brass and varnished wood. Sadly it disappeared after he died. I wish i'd got hold of it.

Re:usb keyboard? (2, Interesting)

burisch_research (1095299) | more than 4 years ago | (#28666553)

In reality, you don't need to run most modern electronics equipment from AC. The first stage of ANY modern PC power supply (switched mode supply) is DC rectification - the incoming AC is passed through a diode rectifier, then smoothed with a big capacitor. So you don't need to worry too much about the speed of the motor. I've heard of people who have rewired their entire houses to use 200V DC. Yes, it's much more dangerous than AC, but what it does mean is that you can connect your incoming AC through a monster rectifier directly into a fat bank of series-connected batteries. When your mains goes down, you wouldn't even notice -- and there's no need for expensive inverters to turn your DC back into AC.

Re:usb keyboard? (1)

kasperd (592156) | more than 4 years ago | (#28666791)

I've heard of people who have rewired their entire houses to use 200V DC. [...] -- and there's no need for expensive inverters to turn your DC back into AC.

You can use that to drive light bulbs, but that is about it. Most equipment relies on the input being AC in order to transform it down to the voltage it needs. In order to make it work for any electronics more complicated than an old fashioned light bulb, you'd have to replace the power supply for each piece of equipment. It's much easier to just convert the DC power back into AC.

Re:usb keyboard? (2, Interesting)

burisch_research (1095299) | more than 4 years ago | (#28666915)

You miss the point of my message entirely. There are very very few pieces of equipment which actually need an AC source. If you supply your PC with DC power, it will work perfectly fine without any modifications. This is because the DC is chopped up into a very high frequency AC within the power supply. Yes, standard transformers require an AC input -- however these are few and far between these days. Switched mode PSUs use a much smaller transformer, with a synthetic AC input, and the first stage of a switched mode PSU will accept DC just as happily as AC. The only other equipment class which actually requires AC is synchronous motors, such as you would find in a hairdryer or electric drill.

Re:usb keyboard? (0)

Anonymous Coward | more than 4 years ago | (#28666671)

That's pretty wasteful.

It would be better to create something similar to a keyboards usage patterns.
Hell, you could probably use a keyboard as the base.

But instead of actually sending the requests, just remove the data line.
If that isn't workable, you could always go through the route of writing a driver that will simply drop the patterns from the modded keyboard.
Detecting things like this from the CPU is a much harder task. (In fact, i would be surprised if it was actually possible)

Or, y'know, on-screen keyboard for those times when you need extra privacy.
Fear that someone might hax your screen?
1) Create simple glyphs that only you understand, or
2) Create a simply encoding system, but if you have enemies with remote screen readers, this will fail badly.
I thought every geek created their own languages when they were 10? No? Just me then...

Re:usb keyboard? (1)

mrt_2394871 (1174545) | more than 4 years ago | (#28666281)

A shielded cable will cut down (somewhat) on coupling between the signal and power lines.

If you balance the signal on the keyboard wires, and use twisted pair, that'll have a much greater shielding effect, particularly at the low frequencies (a few kHz) mentioned in TFA. USB signals are balanced IIRC, and twisting is recommended (required for high-speed cables). So a USB keyboard probably would help - a bit - but not primarily because of the shiny braided shield on the cable.

But I'm not sure that's the whole problem solved, since there's still a direct connection (in the form of the PC) between the keyboard and the power/ground line. It's far more likely that the unwanted signal will simply couple through the PC.

Re:usb keyboard? (1)

Wowsers (1151731) | more than 4 years ago | (#28666453)

What about wireless USB keyboards, we all know that they're safe because radio waves are not receivable by anyone else are they..!?

I bet the security story would be used by the likes of Intel and Microsoft to justify the (un)Trusted Computing platform wet deam of theirs.

Re:usb keyboard? (5, Funny)

Cylix (55374) | more than 4 years ago | (#28666789)

another approach is to use wireless keyboards.

No ground fault attack is possible since I'm using batteries!

I've been fighting the man for so long I've got a million tricks like this up my sleeve.

Think what data they could steal with... (0)

Anonymous Coward | more than 4 years ago | (#28666107)

Powerline Ethernet

Nothing we use our computers for is safe from these pesky hackers.
Time to go back to Tables of Stone.

Dupe? (2, Informative)

Anonymous Coward | more than 4 years ago | (#28666113)

Re:Dupe? (2, Informative)

Anonymous Coward | more than 4 years ago | (#28666121)

Yes, looks like a dupe and the important bit of info is that only PS/2 keyboards are really vulnerable. USB cables are shielded better. Can anyone confirm TFA is the same case?

Re:Dupe? (0)

Anonymous Coward | more than 4 years ago | (#28666279)

This is NOT a dupe.
For crying out loud, actually read the thing.

TWO completely different conferences.

Re:Dupe? (0)

Anonymous Coward | more than 4 years ago | (#28666655)

Who cares about conferences? The actual matter they talk about appears to be the same. Or are you the author of the submission trying to make more money by denying it is a dupe?

RTFS (0)

Anonymous Coward | more than 4 years ago | (#28666515)

Not only are there two different cases and two different conferences, even the methods are different.

In this one the idea is to monitor the ground cable at the power outlet. In the link you posted the idea is that ground cable works as an antenna and they monitor the microwaves sent by it.

This is /., we can't demand that people RTFA. But reading even through the summaries would be nice.

Worse than a duplicate: A degrade-licate. (4, Informative)

Futurepower(R) (558542) | more than 4 years ago | (#28666799)

I've read both Slashdot articles. They look similar to me. The older one is far superior.

Basically, if you have a keyboard of poor quality that has poor shielding and no noise reduction components, it is possible to read signals. The question is, which keyboards and computers are poorly designed and poorly shielded?

Read the complete story: This PDF, not referenced by Slashdot, tells the whole story: CanSecWest/core09 March 16-20, 2009 [cansecwest.com] (PDF). Quote from page 41: "This doesn't work against USB keyboards because of differential signaling". Also, on page 12: "The [PS/2 keyboard] wires are very close to each other and poorly shielded".

Slashdot articles of especially poor quality: Are they paid advertisements? I've read Slashdot articles for years, and there is now a new phenomenon. A publication runs an article of very poor quality and Slashdot links to it, possibly to lead Slashdot readers to the publication so that they will read the ads. This article was submitted to Slashdot by a professional writer, Hugh Pickens [hughpickens.com], who is possibly acting as a public relations agent. He has written at least 413 Slashdot articles [hughpickens.com]. Does someone at Slashdot accept money to publish his articles?

Quote from the OLDER article referenced by the OLDER Slashdot story:

'March 12, 2009, 02:46 PM - IDG News Service -

'Inverse Path researchers Andrea Barisani and Daniele Bianco say they get accurate results, picking out keyboard signals from keyboard ground cables.

'Their work only applies to older, PS/2 keyboards
[PS/2 connector, not PlayStation], but the data they get is "pretty good," they say. On these keyboards, "the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna," Barisani said.

'That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. They believe they could pick up signals from a distance of up to 50 meters by simply plugging a keystroke-sniffing device into the power grid somewhere close to the PC they want to snoop on.

'Because PS/2 keyboards emanate radiation at a standard, very specific frequency, the researchers can pick up a keyboard's signal even on a crowded power grid. They tried out their experiment at a local university's physics department, and even with particle detectors, oscilloscopes and other computers on the network were still able to get good data.'

laser pointer (2, Insightful)

timmarhy (659436) | more than 4 years ago | (#28666157)

very clever how hey grab info using a laser pointer and measuring the vibrations. i'm afraid you might notice the big red dot on your computer though. sienfield flash backs.

Re:laser pointer (1)

ytm (892332) | more than 4 years ago | (#28666185)

very clever how hey grab info using a laser pointer and measuring the vibrations. i'm afraid you might notice the big red dot on your computer though. sienfield flash backs.

You might not notice if they move from proof of concept with laser pointer to a real device. Are you able to see infrared?

Re:laser pointer (2, Informative)

Z80a (971949) | more than 4 years ago | (#28666205)

a lot of webcams can.

Re:laser pointer (1)

SoupIsGoodFood_42 (521389) | more than 4 years ago | (#28666541)

But most people have their webcams setup to face them, not the computer.

Re:laser pointer (1)

La Gris (531858) | more than 4 years ago | (#28666741)

Even if the wireless keyboards where encrypted. The reciever would still need to be connected to the computer with USB or the regular PS2 keyboard cables and transmit unencrypted USB HID or PS2 keyboard data.

What about wireless keyboards? (0)

Anonymous Coward | more than 4 years ago | (#28666161)

More and more people are using them, there's no encryption and each keypress is broadcast direct.

Panasonic BANKGRUPT (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#28666163)

No, that's not right. is it?

Panasonic bought by Chinese government

No, that's not right, is it?

Panasonic bailed out by Japanese taxpayers

No, that's not right, is it?

Carry on.

Re:Panasonic BANKGRUPT (0)

Anonymous Coward | more than 4 years ago | (#28666399)

No, that's not right, there's no 'g' in bankrupt.

converting powerline signals into keystrokes (1)

chiu.au (1196987) | more than 4 years ago | (#28666181)

What we want is a technique to convert power-line signals into keystrokes.

How long... (0)

Anonymous Coward | more than 4 years ago | (#28666189)

...before their site gets hacked by Anti-Sec?

Done that (5, Informative)

Anonymous Coward | more than 4 years ago | (#28666201)

The SIGINT in the Netherlands did this kind of stuff well before the new millennium, including reading the screen (LCD or CRT) and audio by tapping into the ground or pointing a dish to the emitting circuit, one of the reasons why the whole building handling sensitive information must be encased, making it practically a faraday cage. Only disadvantage is that your cellphone doesn't work although the SIGINT saw that as an advantage.

Re:Done that (0)

Anonymous Coward | more than 4 years ago | (#28666243)

It's not just the Netherlands. I lots of western (and eastern?) intelligence agencies have been able to read what is displayed on your screen from the emissions of your video cable for about a quarter mile (400m) since decades ago.

Re:Done that (1)

Kuroji (990107) | more than 4 years ago | (#28666269)

Well, when you get down to it, any outside communications that isn't through a secure line is a possible liability. You don't want someone waltzing in and sending out sensitive information on a phone call. Granted, if they're determined they'll get that information one way or another, but that's where SIGINT ends and HUMINT begins.

Re:Done that (3, Interesting)

Rakishi (759894) | more than 4 years ago | (#28666297)

Hell if I remember correctly my old motherboard had a setting to add random noise so the memory chips couldn't be read from their emissions. So yeah, it's an old and well known problem.

UPS? USB? (1)

seifried (12921) | more than 4 years ago | (#28666203)

I'm guessing (hoping?) this doesn't work if you have an in-line UPS (that conditions power constantly) as that should hopefully futze (technical term, really) the signal up? I'd be curious to know about that. I'm also assuming this doesn't work for USB as well since most computers have multiple USB devices (hopefully transmitting/receiving enough to mask the keyboard signal).

Be safe !! Encrypt your input !! (0)

Anonymous Coward | more than 4 years ago | (#28666241)

In this day and age you cannot be too careful !! Encrypt your data input !! YES !! While you type !! You can do this NOW !! and for the low low price of only $189,00. Act quickly as supplies are LIMITED !!

http://ratsass.org.net.bg/ [org.net.bg]

Do it today and have that safe, summer's evening feeling all the time !! Because you never know what I'll do with your data !!!!!

Re:UPS? USB? (0)

Anonymous Coward | more than 4 years ago | (#28666277)

I'm guessing (hoping?) this doesn't work if you have an in-line UPS (that conditions power constantly) as that should hopefully futze (technical term, really) the signal up?

Even a double-conversion UPS will likely have no effect because it is required by code to pass the grounding conductor through. This attack seems to be measuring current leakage to ground, which will normally travel along the entire circuit to the actual grounding point at the service junction; since it doesn't involve changes to the waveform along the power-carrying conductors, line conditioning would have no effect on it.

It may not be measurable from a separate circuit though, which would limit the number of usable locations within a building to mount an attack from.

Oh No ...Will Anti Sec Strike Again??? (1)

Bob_Who (926234) | more than 4 years ago | (#28666207)

What now? Flickr? Photobucket? Porntube? What will the neon hats do next?

tempest (4, Informative)

arabagast (462679) | more than 4 years ago | (#28666245)

http://en.wikipedia.org/wiki/TEMPEST [wikipedia.org] - the fact that these guidelines exist, means that this is in not new.

Re:tempest (2, Informative)

hebertrich (472331) | more than 4 years ago | (#28666295)

Similar techniques are at least 40 years old.
One of the ways described in litterature makes use of the variation
in current in the ac line.Others were simply picking up the rf and used a
tv monitor with variable h and v frequencies to actually look at what was on the
monitor.
Still .. it's no big news . they are simply reproducing what's been known
for ages .. computers are easy to intercept because they radiate massive
amounts of RF.

 

Re:tempest (0, Redundant)

MDMurphy (208495) | more than 4 years ago | (#28666505)

I worked in a facility that was fully TEMPEST shielded in the 80's. Dual airlock doors with full metal seals to get in. The power leakage problem was taken care of a motor/generator setup. Incoming power only went to an electic motor. The motor was connected a shaft which spun a generator to supply power to the computer room. With only a mechanical connection no data would be leaking back.

Re:tempest (1)

lewko (195646) | more than 4 years ago | (#28666545)

Sounds like a rotary UPS would achieve the same thing. I wonder about the Earth link though.

If 'they' really want to spy on you ... (4, Insightful)

Anonymous Coward | more than 4 years ago | (#28666247)

If the cops or feds really want to spy on you, you will have a hard time preventing it. My advice is not to attract their attention in the first place.

If you're someone like the mafia, you can't use electronic devices and you can't write anything down. Each of your clandestine conversations has to be in a different noisy location so they can't set up a directional microphone or bug. You also have to prevent them from getting a deaf person to lip read you. (I don't have direct experience with criminal gangs but anyone can observe that they usually aren't brought down by wiretaps. The big prosecutions of mafia bosses usually resulted from getting an underling to rat on his boss.) The point is that anyone worried about being spied on can and will take measures to prevent it.

Spying on someone is expensive. Spying on someone's key clicks is particularly expensive and probably won't produce great results. Someone tried an experiment of bugging an office by shining a laser on the window. The results were disappointing. The vast majority of the conversation was uninteresting. The experimenters decided that no useful information would have been gathered.

Tapping telephones and data links is relatively easy (compared with sniffing keystrokes). Stealing someone's laptop is usually also easy. Unless I'm taking measures against those kinds of spying, I'm not worried about having my keystrokes sniffed. If I were at danger of being spied on, I would be much more worried about being betrayed by a 'friend', associate, or employee.

wasnt this here earlier (1)

mehrotra.akash (1539473) | more than 4 years ago | (#28666257)

not sure, but i think there was a similar article posted here a few weeks ago, maybe i saw it on digg, not sure but have read this earlier

Yikes (0)

Anonymous Coward | more than 4 years ago | (#28666299)

So even my keyboard needs a tinfoil hat right now!

Military has known about this for decades (1)

meerling (1487879) | more than 4 years ago | (#28666313)

The military has had line filters and other protocols to deal with this exact issue in place for at least 20 years now.

And no, that's not idle speculation, it was one of the things we had to deal with when I was in the military.
It's even referred to by one of those silly military project names.
Sorry, I'm not sure if I can post the name, so I won't.
(If someone else posts it, correctly or otherwise, I will neither confirm nor deny it's accuracy, so please don't ask.)

It's Tempest, and it is not classified (4, Informative)

Kupfernigk (1190345) | more than 4 years ago | (#28666605)

Oh dear. I too have signed the Official Secrets Act, and I can tell you that none of the basic stuff is classified at all. No need to make a big mystery of it. Indeed, when working on a restricted project in the early 1980s which involved detecting very small signals, we borrowed a full EMI secured trailer to use backwards (i.e. keep all the external RFI out, including that down all power lines.), and no security measures were applied to its use. Subsequently I worked on EMC for a while, and all the power line and data line securing technology has been in the public domain for ages, along with EMI gaskets for faraday cages, various means of applying conductive films, silver loaded epoxies, CRT enclosures and the rest. The stuff available from Japanese companies on the commercial market was far more advanced than the approved military technology we had been using, owing to the delay involved in the military approvals process.

Securing notebooks is of course much easier than securing PCs because the keyboard data doesn't go outside the system. The intro to the article appears confused. Any signal on the earth line has to be due to capacitative coupling between a keyboard and external ground owing to the well known law that the sum of all the currents in all circuit paths to any junction must be zero. If you want to improve security against ground line signalling when using a notebook, run it on battery using secured wireless networking, and use the built in keyboard and monitor.

I think this is complete rubbish (1)

crusty_architect (642208) | more than 4 years ago | (#28666323)

There is going to be a lot more induced signal onto the earth of a PC than just keyboard signals. PC's use switch mode power supplies, these are very very noisy electrically. Let's not even start with the multitude of other sources of induced EMF in a modern PC. I just don't believe these guys. Sorry. (Electrical Engineer of some 25 years).

Re:I think this is complete rubbish (1)

arabagast (462679) | more than 4 years ago | (#28666473)

they seem to be filtering the signal quite a bit (obviosly), and a bandpass filter at a known frequency would take care of quite a lot of the random noise from the rest of the system.

Would a Hum-X fix that? (1)

TimTucker (982832) | more than 4 years ago | (#28666325)

Would a Hum-X filter it out?

http://www.ebtechaudio.com/humxdes.html (~$70 from Guitar Center or similar stores) -- basically a small filter to help eliminate noise on ground lines (quite useful for fixing A/V problems involving differences in ground, i.e.: when you have a projector on a different circuit than your audio equipment).

Wireless? (1)

piphil (1007691) | more than 4 years ago | (#28666365)

Surely half the job has been done by the increased use of wireless keyboards? I know they're generally short-range transmitters, but wouldn't it be relatively easy to reverse-engineer the wireless communication of various company's wireless devices to create a universal listening device?

Could accomplish? (1)

feepness (543479) | more than 4 years ago | (#28666369)

, 'Consider what a dedicated team or government agency have already accomplished with more expensive equipment and effort.'"

FTFY.

"stealing"? Please don't promote english abuse (1)

plasmacutter (901737) | more than 4 years ago | (#28666413)

you can't "steal" data.

you can compromise the data, hack it, crack it, breach the computer, etc, but its not theft.

Please don't promote this butchery of the english language being perpetrated by luddites and imbeciles so paranoid they feel the need to apply a double standard in which the bill of rights does not apply on the internet.

Re:"stealing"? Please don't promote english abuse (1)

petes_PoV (912422) | more than 4 years ago | (#28666659)

Although I agree, the term is so misused these days (particularly in reference to "theft" of copyrighted information) that it has been devalued. Because we are all brought up to consider stealing to be bad, the spin-doctors are tapping into our conditioning to elicit an emotional response that is rarely warranted.

In my mind, if you have something and I take it off you, that's stealing as you don't have it any more.
If you have something and I copy it, that may well be a crime, or immoral, but provided you still have the same use of it as before, I would never consider that "stealing".

It will be interesting to see how todays children view "stealing" as they grow up. Will it still be considered the heinous act it was when I was a child, or will they be so hardened to its misuse that reference to stealing will be the equivalent to telling them something is rude.

Re:"stealing"? Please don't promote english abuse (1)

dissy (172727) | more than 4 years ago | (#28666825)

Please don't promote this butchery of the english language being perpetrated by luddites and imbeciles so paranoid they feel the need to apply a double standard in which the bill of rights does not apply on the internet.

Sadly for this specific case, "Hey! He stole my idea!" was in use in English long before the Internet existed.

That old saying will be a lot harder to get people to stop saying/thinking than all the newer made up stuff where 'theft' means 4-5 different crimes, only one of which is actually theft.

Just us a filter? (1)

DoofusOfDeath (636671) | more than 4 years ago | (#28666421)

Some/all of APC's surge suppressors contain in-line EMI filters [google.com].

Is that enough to stop this hack?

Re:Just us a filter? (0)

Anonymous Coward | more than 4 years ago | (#28666443)

probably, if they did it right

Re:Just us a filter? (1)

Sponge Bath (413667) | more than 4 years ago | (#28666877)

That kind of EMI filtering reduces interfering signals (coming in and going out), but does not eliminate them. If the signal is low enough not to interfere with other equipment that is good enough. The conducted emissions testing required for FCC, EC, etc has limits (more strict at higher frequencies). If the measured signal is below the limit you pass, but the signal is still measurable.

Listen to music from your computer with a radio (3, Interesting)

biduxe (541904) | more than 4 years ago | (#28666429)

A great deal of people here already know, but for the others:
http://www.erikyyy.de/tempest/ [erikyyy.de]

Software to generate images (noise) on your CRT screen so that the generated interference will translate as sound you can listen to on a radio receiver

It works great to listen to music when you do not have a sound card!

No ground wire? (1)

ripdajacker (1167101) | more than 4 years ago | (#28666441)

What if the power outlet does not have a ground wire? Or the cable from the computer to the outlet does not have one, would the hack then be possible?

Mechanical Solution (3, Interesting)

MDMurphy (208495) | more than 4 years ago | (#28666513)

I worked in a facility that was fully TEMPEST shielded in the 80's. Dual airlock doors with full metal seals to get in. The power line leakage problem was taken care of a motor/generator setup. Incoming power only went to an electic motor. The motor was connected by a shaft which spun a generator to supply power to the computer room. With only a mechanical connection no data would be leaking back.

Re:Mechanical Solution (4, Interesting)

DoofusOfDeath (636671) | more than 4 years ago | (#28666635)

I worked in a facility that was fully TEMPEST shielded in the 80's. Dual airlock doors with full metal seals to get in. The power line leakage problem was taken care of a motor/generator setup. Incoming power only went to an electic motor. The motor was connected by a shaft which spun a generator to supply power to the computer room. With only a mechanical connection no data would be leaking back.

So that's basically a mechanically implemented low-pass filter, right? I would think that it would be easier and cheaper to implement electronic low-pass filters at each wall outlet. Especially if you're worried about someone plugging a sniffer into one of the facility's interior power outlets.

Re:Mechanical Solution (1)

JohnFluxx (413620) | more than 4 years ago | (#28666643)

Wouldn't a voltage fluctuations inside simply become resistive fluctuations in the motor, causing the motor speed to fluctuate, and thus cause fluctuations on the supply power?

Re:Mechanical Solution (1)

Mal-2 (675116) | more than 4 years ago | (#28666785)

Wouldn't a voltage fluctuations inside simply become resistive fluctuations in the motor, causing the motor speed to fluctuate, and thus cause fluctuations on the supply power?

Sure, but rotational inertia would smooth them away unless the signal was at 0.1bps or so...

Mal-2

Utility Meter (1, Informative)

Anonymous Coward | more than 4 years ago | (#28666523)

I suspect the best way (at a law enforcement level) to listen to the electrical contents of a house or business would be to add an appropriate circuit to the "smart" power meters already in place.

These meters can already offer other services to the home in some cases, like localized BPL, and demand shut-down of air conditioners and such.

How much harder would it be to add a relay for surveillance of home electronics? With a warrant, of course.

A reason to keep that old CRT (1)

petes_PoV (912422) | more than 4 years ago | (#28666637)

With all the sh.... they pump out from the EHT circuitry and SMPS, I would expect them to do a pretty good job of blowing away any microvolts that come from the keyboard.

So far as this being a practical way of eavesdropping - I don't buy it. There are lots more established methods of discovering what people are typing, plus this seems to completely overlook all the activity from the mouse. Governmant agencies? Nah, if money was an issue, they'd just kick the door down and take your PCs away. if they want to be stealthy they have far more resources to apply to the problem and far more reliable solutions.
A nice lab experiment, but no practical use.

UPS battery solves this (0)

Anonymous Coward | more than 4 years ago | (#28666945)

With a UPS battery in between, your line noise should be stabilized enough not to be read. As another advantage, if there is a power cut, your system stays on long enough for safety measures.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...