The financial crisis is expected to foster larger efforts in software security. This (not so) new finding about physical hacking (retrieving electromagnetic signal) however suggests that efforts will have to be made on the hardware as well. In the case of keyboards, it should not be anything too hard. Coating everything with a thin layer of metal and injecting electromagnetic noise to this shield should be enough. I wonder how it goes for other devices inside our PCs or along the network.
Source : ZDnet
A team of Swiss researchers say there are several ways to recover keystrokes from wired keyboards by simply measuring the electromagnetic radiations emitted when keys are pressed.
In all, the team of researchers from the Security and Cryptography Laboratory in Lausanne, Switzerland, found four different ways to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls.
A research paper on the discovery will be published after a peer-review process. Team members Martin Vuagnoux and Sylvain Pasini explain the findings:
To determine if wired keyboards generate compromising emanations, we measured the electromagnetic radiations emitted when keys are pressed. To analyze compromising radiations, we generally use a receiver tuned on a specific frequency. However, this method may not be optimal: the signal does not contain the maximal entropy since a significant amount of information is lost.
Our approach was to acquire the signal directly from the antenna and to work on the whole captured electromagnetic spectrum.
We found 4 different ways (including the Kuhn attack .pdf) to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. We tested 11 different wired keyboard models bought between 2001 and 2008 (PS/2, USB and laptop). They are all vulnerable to at least one of our 4 attacks.
We conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design). Hence they are not safe to transmit sensitive information. No doubt that our attacks can be significantly improved, since we used relatively inexpensive equipments.