Researchers have managed to log keystrokes from afar by detecting the slight electromagnetic radiation emitted when a key is pressed, according to research.
ylvain Pasini and Martin Vuagnoux, doctorate students with the Security and Cryptography Laboratory at the Ecole Polytechnique F?d?rale de Lausanne in Switzerland, released on Monday a preview of their experiments on the vulnerabilities of wired keyboards that can kill the security of any computer or ATM.
Computer keyboards are often used to transmit sensitive information such as username/password (e.g. to log into computers, to do e-banking money transfer, etc.).
Wired keyboards emit electromagnetic waves, because they contain eletronic components. These eletromagnetic radiation could reveal sensitive information such as keystrokes. Although researchers have already tagged keyboards as risky, until now there was not any experiment or evidence proving or refuting the practical feasibility to remotely eavesdrop keystrokes, especially on modern keyboards.
To determine if wired keyboards generate compromising emanations, Pasini and Vuagnoux measured the electromagnetic radiations emitted when keys are pressed. To analyze compromising radiations, they generally used a receiver tuned on a specific frequency. However, that method might not be optimal: the signal did not contain the maximal entropy since a significant amount of information is lost.
Their approach was to acquire the signal directly from the antenna and to work on the whole captured electromagnetic spectrum.
The results were surprising. They found 4 different ways to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. The researchers tested 11 different wired keyboard models bought between 2001 and 2008 (PS/2, USB and laptop), and siad that they were all vulnerable to at least one of our 4 attacks.
The research concludes that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design). Hence they are not safe to transmit sensitive information.
Pasini and Vuagnoux said that they would publish more information on these attacks soon at a conference.
Videos showing the experiments are available here