Last week Martin Vuagnoux and Sylvain Pasini, doctorate students with the Security and Cryptography Laboratory at the Ecole Polytechnique Fédérale de Lausanne in Switzerland, posted an interesting piece titled Compromising Electromagnetic Emanations of Wired Keyboards.
Vuagnous and Pasini tested 11 different wired mechanical keyboards (PS/2, USB and laptop) purchased between 2001 and 2008 and used four different attack methods on each. They claim they were able to fully or partially recover keystrokes electromagnetically at distances up to 20 meters including through walls. They've posted two videos at Dailymotion.com demonstrating how they were able to collect keystrokes. The first shows a Logitech keyboard with a PS/2 connector attached to a laptop. A one meter wire cable was used as an antenna and placed one meter away from the keyboard. The monitoring system was able to pickup the phrase "trust no one" when it was typed on the keyboard:
Vuagnous and Pasini conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design). Hence they are not safe to transmit sensitive information. No doubt that our attacks can be significantly improved, since we used relatively inexpensive equipments. They go on to say more information on these attacks will be published soon, with a paper currently in a peer review process for a conference.
It will be interesting to see if others can duplicate this work - these would make nice classroom experiments.
No comments:
Post a Comment