Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Compromising electromagnetic emanations of wired keyboards

  1. #1
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default Compromising electromagnetic emanations of wired keyboards

    We found 4 different ways (including the Kuhn attack) to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. We tested 11 different wired keyboard models bought between 2001 and 2008 (PS/2, USB and laptop). They are all vulnerable to at least one of our 4 attacks.
    http://lasecwww.epfl.ch/keyboard/
    -Monkeys are like nature's humans.

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by =Tron= View Post
    All the more reason to live in a Faraday cage.

    I'm not sure that this is really a credible attack. While it can be done, the resources involved are rather intense and expensive. Your average run of the mill company isn't going to need to worry about it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by streaker69 View Post
    All the more reason to live in a Faraday cage.

    I'm not sure that this is really a credible attack. While it can be done, the resources involved are rather intense and expensive. Your average run of the mill company isn't going to need to worry about it.
    This is actually very interesting from a pentesting standpoint. Let's say you are black boxing; you capture the name of a corporate CEO, tail him/her to the gas station and sniff their ATM transaction using one of these methods. BAM, just like that you've opened up a door to hell as far as that company's concerned. Can anyone say distraction? Sec-admin: "What?! The CEO's power/gas/water got turned off? That's crazy, you know one time this guy I knew....blah....blah....blah....", all the while you are dropping in for a friendly visit, you know, just to digi-steal some stuff.

    Exaggeration? Maybe. But maybe not....

    Going to have to read some more on this.



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  4. #4
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by streaker69 View Post
    All the more reason to live in a Faraday cage.

    I'm not sure that this is really a credible attack. While it can be done, the resources involved are rather intense and expensive. Your average run of the mill company isn't going to need to worry about it.
    Indeed. The antenna used in the room next door did seem a bit big to take with you on your average pentesting job.

    The technique did seem a bit unrefined at the moment, but was nevertheless an really impressive proof of concept. In a real-world situation this would however most likely be infeasible. With all the electromagnetic radiation from countless power chords and electronic equipment in an average home or office it would be impossible to distinguish a single keystroke accurately. Not to mention the problem with sorting out different sources in case there are more than one keyboard in use nearby.
    -Monkeys are like nature's humans.

  5. #5
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by =Tron= View Post
    Indeed. The antenna used in the room next door did seem a bit big to take with you on your average pentesting job.

    The technique did seem a bit unrefined at the moment, but was nevertheless an really impressive proof of concept. In a real-world situation this would however most likely be infeasible. With all the electromagnetic radiation from countless power chords and electronic equipment in an average home or office it would be impossible to distinguish a single keystroke accurately. Not to mention the problem with sorting out different sources in case there are more than one keyboard in use nearby.
    You're right, disseminating keystrokes from all the other electronic noise would be nearly impossible for equipment that your average NGA to afford.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #6
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by streaker69 View Post
    You're right, disseminating keystrokes from all the other electronic noise would be nearly impossible for equipment that your average NGA to afford.
    Okay, I'll bite, NGA?
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  7. #7
    Member
    Join Date
    May 2007
    Posts
    202

    Default

    Quote Originally Posted by Barry View Post
    Okay, I'll bite, NGA?
    NGA = Non Government Agency (I think)

  8. #8
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by loftrat View Post
    NGA = Non Government Agency (I think)
    Ding Ding Ding, We have a Winner! Johnny, tell him what he's won.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #9
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Cool POC but nothing new. We've (GA) been doing this for decades. Just look up TEMPEST. As you state, though, it takes a GA to accomplish this.

  10. #10
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by loftrat View Post
    NGA = Non Government Agency (I think)
    Ah Ha! Damn acronyms.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •