Posted by: David Schneier
Information Security Threats, Privacy
A pair of security researchers in Switzerland have found several new ways to eavesdrop on the keystrokes from a number of different keyboards from a distance of up to several meters. The methods are similar to other attacks in that they rely on collecting the electromagnetic emanations from the keyboards and then decode them to reproduce the keystrokes from the remote keyboard. In a pair of videos posted on the site of the Security and Cryptography Laboratory at the Ecole Polytechnique Federal de Lausanne, researchers Martin Vuagnoux and Sylvain Pasini show two separate attacks. Both attacks used a simple antenna to collect signals coming from a wired keyboard attached to a laptop, which had its power supply unplugged in order to avoid interference. One attack is done at a distance of about one meter and the other is done from an adjoining room, through a wall. In both cases, Vuagnoux and Pasini were able to accurately decode every keystroke of a short message typed on the remote keyboard.
We found 4 different ways (including the Kuhn attack) to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. We tested 11 different wired keyboard models bought between 2001 and 2008 (PS/2, USB and laptop). They are all vulnerable to at least one of our 4 attacks.
We conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design). Hence they are not safe to transmit sensitive information. No doubt that our attacks can be significantly improved, since we used relatively unexpensive (sic) equipments.
These kinds of attacks against displays have been common knowledge from decades, and other researchers, including Markus Kuhn and Ross Anderson, have identified keyboards as being possible targets, as well.Vuagnoux and Pasini plan to release a paper with their full findings later.