Dude, someone hacked my keyboard

Swiss researchers have demonstrated keystrokes can be recorded wirelessly from wired keyboards by analysing the electromagnetic signals produced by every key press.

Martin Vuagnoux and Sylvain Pasini, researchers from the Lausanne Security and Cryptography Laboratory, published a report detailing their findings. The pair tested 11 common keyboards manufactured from 2001-2008 which were all vulnerable to at least one of their 4 attacks.

The researchers used a radio antenna to "fully or partially recover keystrokes" by spotting the electromagnetic radiation emitted when keys were pressed.

2 videos have been posted by the researchers that demonstrate the technique involved.

The pair concluded that wired computer keyboards sold in stores "are not safe to transmit sensitive information".

Report a problem with article
Previous Story

Microsoft celebrates antipiracy day

Next Story

Google-Yahoo ad deal may be over

29 Comments

Commenting is disabled on this article.

This is nowhere near new. People have known about this since the early x86 days and probably even earlier.

Next we'll hear the same tech can be used to read your screen from the front yard.

seamer said,
This is nowhere near new. People have known about this since the early x86 days and probably even earlier.

Next we'll hear the same tech can be used to read your screen from the front yard.

very true, or how about decodeing that flashing HDD light on a computer lol

quote]

very true, or how about decodeing that flashing HDD light on a computer lol[/quote]

Actually a technique has been used to transmit data in a similar fashion. I won't say where but the light or any light on the pc could be reconfigured (with extra internal hardware that your normal user won't see) to send data. Even a laser pointer setup that was connected to a serial port and a really long wire and aimed at a receiver far off to intercept key strokes.

However USB and PS2 inline keyloggers already exist and most users don't look behind their pc so instead of keylogging you could also just attach a small wireless transmitter or a combo of both to download the data later.....

eX

Cool video. I still prefer wired over wireless though. So I'm safe, even if they are sitting beside me trying. They'd have to physically take my keyboard, and that's not going to happen, not without a cinderblock shoe to the groin anyhow.

CrimsonBetrayal said,
Cool video. I still prefer wired over wireless though. So I'm safe, even if they are sitting beside me trying. They'd have to physically take my keyboard, and that's not going to happen, not without a cinderblock shoe to the groin anyhow.


You are "safe" ?!?!?! its WIRED keyboard they hacked man, so I guess its a good time for you to start using the On-Screen Keyboard to stay as "safe" as you think..

Steve Gibson was talking about this a year or so ago, how he would imagine something like this would be created, seeing how the encryption on these wireless keyboards suck.

warwagon said,
Steve Gibson was talking about this a year or so ago, how he would imagine something like this would be created, seeing how the encryption on these wireless keyboards suck.


ok, except this post is about WIRED keyboards...

Couldn't you just wrap some tinfoil around the cable and that will cover up enough of the EMI? Maybe even the bottom of the keyboard too.

What about a room filled with people typing away at their keyboards...(too much other noise to filter out anything)
Also could be hoax, we type "password" come on people...the prepared script could also display "password" with some goofy time delay stuff scripted in...

Or 80, considering that's how fast "slow" secreteries can type at. Ok, admittedly, the target won't always be typing at that speed, but considering I can type at around 70 WPM and I'm just an amateur with no sort of profressional training (just years and years of experience), you have to take those kinds of speeds into consideration.

Nevertheless, it's a great proof of concept which will definitely be researched more.

The Tjalian said,
Or 80, considering that's how fast "slow" secreteries can type at. Ok, admittedly, the target won't always be typing at that speed, but considering I can type at around 70 WPM and I'm just an amateur with no sort of profressional training (just years and years of experience), you have to take those kinds of speeds into consideration.

Nevertheless, it's a great proof of concept which will definitely be researched more.


Need to work on your spelling :P

Considering all the things they were removing to avoid 'interference' i dont think its going to be very practical in a real world situation. In a 'real' office there would be more than one keyboard in a room, mroe than one PC (with their own power supplies) ect.... im sure you would get a jumble of misidentified keystrokes, and keystrokes from all the different keyboards in the area.

If conditions were ideal, and there was only 1 keyboard/PC in the area... what about all the other source of interference like WiFi/Mobile Phones/Wireless (or wired) mice ect ect....

Good video though.

RobertH said,
Considering all the things they were removing to avoid 'interference' i dont think its going to be very practical in a real world situation. In a 'real' office there would be more than one keyboard in a room, mroe than one PC (with their own power supplies) ect.... im sure you would get a jumble of misidentified keystrokes, and keystrokes from all the different keyboards in the area.

If conditions were ideal, and there was only 1 keyboard/PC in the area... what about all the other source of interference like WiFi/Mobile Phones/Wireless (or wired) mice ect ect....

Good video though.

I'm pretty sure that the head people in most companies have their own offices. And really, who are you more interested in hacking, some software developer in a or the CEO in his own office?

So you're gonna get within 1 meter of the CEO in his office, through a wall, with additional interferance from a PC, monitor, fans and everything else?
NO
this is complete CRAP
it will NOT work in a real life scenario unless the person it is being done on is a complete mug.
I can't even believe they put this unbelievable crap on the internet really.

n_K said,
So you're gonna get within 1 meter of the CEO in his office, through a wall, with additional interferance from a PC, monitor, fans and everything else?
NO
this is complete CRAP
it will NOT work in a real life scenario unless the person it is being done on is a complete mug.
I can't even believe they put this unbelievable crap on the internet really.

some thing like this can be done with wired networks too. they did this to prove it could be done.

Alright, that was an impressive video! I just love that stuff and Im really impressed! Im not really concerned, but it shows that if someone really wants to, they will make it =)

Um... There are entire divisions of the US govt that handle routine SIGINT like this. And they have MUCH better equipment than these guys.

It's analogous to bouncing a laser off a pane of glass to listen to the people talking inside.