Zero Day

Ryan Naraine and Dancho Danchev

Get Zero Day via:: Mobile; RSS; Email Alerts
Bios:: Ryan’s Bio; Dancho’s Bio

October 20th, 2008

Researchers hack wired keyboards, hijack keystrokes

Posted by Ryan Naraine @ 7:35 am

Categories: Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Exploit code, Patch Watch, Pen testing, Phishing, Privacy, Research, Responsible disclosure, Vulnerability research

Tags: Team, Radiation, Keyboards, Hardware, Peripherals, Ryan Naraine

Researchers hack wired keyboards, hijack keystrokes A team of Swiss researchers say there are several ways to recover keystrokes from wired keyboards by simply measuring the electromagnetic radiations emitted when keys are pressed.

In all, the team of researchers from the Security and Cryptography Laboratory in Lausanne, Switzerland, found four different ways to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls.

A research paper on the discovery will be published after a peer-review process. Team members Martin Vuagnoux and Sylvain Pasini explain the findings:

To determine if wired keyboards generate compromising emanations, we measured the electromagnetic radiations emitted when keys are pressed. To analyze compromising radiations, we generally use a receiver tuned on a specific frequency. However, this method may not be optimal: the signal does not contain the maximal entropy since a significant amount of information is lost.

Our approach was to acquire the signal directly from the antenna and to work on the whole captured electromagnetic spectrum.

We found 4 different ways (including the Kuhn attack .pdf) to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. We tested 11 different wired keyboard models bought between 2001 and 2008 (PS/2, USB and laptop). They are all vulnerable to at least one of our 4 attacks.

We conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design). Hence they are not safe to transmit sensitive information. No doubt that our attacks can be significantly improved, since we used relatively inexpensive equipments.

The team released two online videos (here and here) demonstrating the research findings.

* Image source: DeclanTM’s Flickr photostream (Creative Commons 2.0)

Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.

Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Talkback
Most Recent of 61 Talkback(s)

Thread View
Flat View

Re: Simple solution...: Can I get a bigger office from this? ... (Read the rest); Posted by: Ed Burnette Posted on: 11/10/08 You are currently: a Guest | Log in | Terms of Use

Oh great Boot_Agnostic | 10/20/08

Back to the old standby dave@... | 10/20/08

One way to find out... MGP2 | 10/20/08

RE: Researchers hack wired keyboards, hijack keystrokes Hal Jordan | 10/20/08

Waterboarding works wonders as well ... terry flores | 10/20/08

This was what caused all the Tempest jjmcdonald7911@... | 10/26/08

Yes, very old news rjhenn_z | 10/26/08

I love that game! grilldoggy@... | 10/27/08

Someone Seriously Needs A Life.... itanalyst2@... | 10/20/08

lol grilldoggy@... | 10/20/08

RE: Isn't this old news? BillPStudios | 10/20/08

Google "Tempest secure" pleap | 10/20/08

used to work with it Paul Fletcher | 10/21/08

Yes it is. dunn@... | 10/20/08

Gov't Measures CosmoAgain | 10/21/08

RE: Hacking my stuff. bigjohnt@... | 10/20/08

Can you imagine??? Modgirl | 10/20/08

Stray emissions..... seannj427 | 10/20/08

sometimes its just the challenge dave@... | 10/20/08

Urban Legend anyone? GM Fedorchuk | 10/20/08

Practical vs theoretical dave@... | 10/20/08

yes, it's an urban legend caburlingame | 10/20/08

Who says destroy dave@... | 10/20/08

ah yes... upon reflection vilppuu@... | 10/21/08

And putting tinfoil in your hubcaps jams speed radar, too fairportfan | 11/06/08

Wrong fairportfan | 11/06/08

RE: Researchers hack wired keyboards, hijack keystrokes ColdFusion_z | 10/20/08

cnn vs thumbtacks gabrielbear@... | 10/20/08

RE: Researchers hack wired keyboards, hijack keystrokes Zippereye125 | 10/20/08

Short Hairs... michaelstn@... | 10/20/08

ZDNet Exclusive: Paper and Pencil have been Hacked! jjarman | 10/20/08

So maybe my cousin isn't crazy? bob@... | 10/20/08

Read our thoughts? murphym@... | 10/21/08

RE: Researchers hack wired keyboards, hijack keystrokes brianbeattie | 10/20/08

Back to the future knot_mine | 10/20/08

...well, except for... DataGazetteer | 10/20/08

RE: Researchers hack wired keyboards, hijack keystrokes ColdFusion_z | 10/20/08

Yes, but... let's get real here! tgilbert@... | 10/20/08

RE: Researchers hack wired keyboards, hijack keystrokes rhoward@... | 10/20/08

RE: Researchers hack wired keyboards, hijack keystrokes rikg | 10/20/08

Different problem, same solution: fibre optics bob@... | 10/20/08

RE: Researchers hack wired keyboards, hijack keystrokes dougxd | 10/20/08

RE: Researchers hack wired keyboards, hijack keystrokes L8erG8er | 10/21/08

add more trm1945 | 10/21/08

Nice idea, but... fairportfan | 11/06/08

what about onscreen kbd? simple simon | 10/21/08

Screenshot Capturing pretendre | 10/21/08

RE: Researchers hack wired keyboards, hijack keystrokes User name is available | 10/21/08

RE: Researchers hack wired keyboards, hijack keystrokes derek007 | 10/21/08

Here is a solution to the problem. sprintlife | 10/21/08

I think it's Chemtrails cwallen19803@... | 10/21/08

RE: Researchers hack wired keyboards, hijack keystrokes phatkat | 10/21/08

Nothing Like Emanations Security Research melekali | 10/21/08

Minimising Emanations... fairportfan | 11/06/08

RE: Researchers hack wired keyboards, hijack keystrokes tfry@... | 10/21/08

Cheap parlor trick Dark_Knight | 10/22/08

Keylogging, not jacking. ticthak@... | 10/22/08

So fix it already albeit | 10/22/08

Simple solution... K�RC | 10/22/08

Re: Simple solution... Ed Burnette

| 11/10/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Unrivaled support from Novell, now available for Red Hat Novell If Linux is going to power your mission-critical applications, you'd ... Download Now
Dell's IT Infrastructure Services, Desktops, and Notebooks Allow Global Consumer Packaged Goods Marketer Unilever to Support Staff Efficiency and Productivity With Business-Critical IT Services Dell Unilever is a multinational corporation that owns 400 consumer brands ... Download Now

Essential Topics

Blogs From Our Sponsors

Top Rated

Facebook password-reset spam is Bredolab botnet attack+46 votes
Thousands of web sites compromised, redirect to scareware+43 votes
Microsoft confirms 'detailed' Windows 7 exploit+43 votes
Firefox hit by multiple drive-by download flaws+41 votes
Which antivirus is best at removing malware?+39 votes
iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
Mac OS X mega patch covers 58 security vulnerabilities+26 votes

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
Unrivaled support from Novell, now available for Red Hat Novell If Linux is going to power your mission-critical applications, you'd ... Download Now

Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
Smart People The best and worst moves in the management and strategy trenches. Learn More

Zero Day

Ryan Naraine and Dancho Danchev

October 20th, 2008

Researchers hack wired keyboards, hijack keystrokes

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics

Recent Entries

Blogs From Our Sponsors

Top Rated

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads

Zero Day

Ryan Naraine and Dancho Danchev

October 20th, 2008

Researchers hack wired keyboards, hijack keystrokes

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics

Recent Entries

Blogs From Our Sponsors

Top Rated

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Keep up with ZDNet

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads