Researchers Steal Passwords From Radio Waves
The next time you are taking money out at the ATM, be wary of anyone lurking nearby with an antenna sticking out of their pants. They might be stealing your PIN wirelessly. A pair of Ph.D. students at the Security and Cryptography Laboratory (LASEC) of Switzerland's Ecole publique Polytechnique Fédérale de Lausanne (EPFL), recently demonstrated a number of techniques for listening in on the electromagnetic emanations coming from wired keyboards and interpreting that information into the actual keystrokes pressed.
The two researchers, Martin Vuagnoux and Sylvain Pasini, tested four different versions of this technique on 11 different wired keyboards with PS/2 and USB connections, as well as with keyboards integrated into laptops. Using a combination of the four techniques, they were able to successfully "recover keystrokes from compromising electromagnetic emanation [from] up to 2 meters [away]," at least in part, if not fully. With a stronger antenna, they were even able to listen in to keystrokes through a wall from a computer in the next room.
All electronic devices give off electromagnetic radiation. Those FCC Class A and Class B labels you see on devices in the U.S. tell you that devices have passed certain tests to indicate the electromagnetic radiation they give off do not interfere with certain types of other devices. For instance, FCC Class B is a rating for residential and small office use that indicates that the rated device will not interfere with the over-the-air broadcast transmissions for radios and TVs. This is not to say, however, that these devices are perfectly shielded. Unless a manufacturer designs a device specifically to be used in a high-security area, such as in a military installation, chances are some "unintentional radiation" (in the form of radio waves) are bound to leak out of a device.
This means that not just the wired keyboards are leaking radio waves--so are all the various components and peripherals that make up a computer system. This can make for a very "noisy" environment. The researchers set up an antenna that captured a wide range of the relevant electromagnetic spectrum. The antenna then sent these signals to a combination of hardware and software that analyzed the spectrum and was able to sniff out and detect the keystrokes from the cacophony of radio noise. The researchers stated:
"We conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design). Hence they are not safe to transmit sensitive information. No doubt that our attacks can be significantly improved, since we used relatively inexpensive equipments."
Which means that not only is this relatively easy and inexpensive to do (as long as you know what you are doing), but who's to say that there aren't people or organizations out there now who aren't already doing this? Who needs a keylogger when you can steal passwords from the next room?
The two researchers, Martin Vuagnoux and Sylvain Pasini, tested four different versions of this technique on 11 different wired keyboards with PS/2 and USB connections, as well as with keyboards integrated into laptops. Using a combination of the four techniques, they were able to successfully "recover keystrokes from compromising electromagnetic emanation [from] up to 2 meters [away]," at least in part, if not fully. With a stronger antenna, they were even able to listen in to keystrokes through a wall from a computer in the next room.
All electronic devices give off electromagnetic radiation. Those FCC Class A and Class B labels you see on devices in the U.S. tell you that devices have passed certain tests to indicate the electromagnetic radiation they give off do not interfere with certain types of other devices. For instance, FCC Class B is a rating for residential and small office use that indicates that the rated device will not interfere with the over-the-air broadcast transmissions for radios and TVs. This is not to say, however, that these devices are perfectly shielded. Unless a manufacturer designs a device specifically to be used in a high-security area, such as in a military installation, chances are some "unintentional radiation" (in the form of radio waves) are bound to leak out of a device.
This means that not just the wired keyboards are leaking radio waves--so are all the various components and peripherals that make up a computer system. This can make for a very "noisy" environment. The researchers set up an antenna that captured a wide range of the relevant electromagnetic spectrum. The antenna then sent these signals to a combination of hardware and software that analyzed the spectrum and was able to sniff out and detect the keystrokes from the cacophony of radio noise. The researchers stated:
"We conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design). Hence they are not safe to transmit sensitive information. No doubt that our attacks can be significantly improved, since we used relatively inexpensive equipments."
Which means that not only is this relatively easy and inexpensive to do (as long as you know what you are doing), but who's to say that there aren't people or organizations out there now who aren't already doing this? Who needs a keylogger when you can steal passwords from the next room?
