This vulnerability is one of the most profound in computing.\u00a0 Every computer has a connection from the keyboard to the CPU, and when signals are sent this connection acts as an antenna, transmitting a characteristic wave for each keystroke.\u00a0 Each key strike actually emits a characteristic sound wave for each key.\u00a0 Both of these facts have been used to sniff keystrokes from the air.\u00a0 Even worse, PS2 keyboards have a connection to ground which causes their characteristic waves to be sent out in the power grid as well.\u00a0 This means that an adversary could eavesdrop by plugging in a device near the victim’s computer.\u00a0 Theses forms of attacks were first realized by the US government during WWII, but the countermeasures they developed were deemed too difficult to roll-out at the time.<\/p>\n
Assets and security goals:
\n–Goal: Users should be able to type without having people know their keystrokes anywhere in the vicinity or through walls.
\n–Asset of concern: Assets that users should hold private but are currently vulnerable include papers, financial information, private communications, passwords, and business communications.<\/p>\n
Adversaries and threats:
\n–Other governments are an adversary who could be recording the keystrokes of any government official they can dedicate an antenna to.
\n–The main threat is that everything you do on your computer being tracked by an unknown third party.<\/p>\n
Potential Weaknesses:
\n–Electromagnetic waves emitted by the keyboard to computer connection cause characteristic waves to be sent with each keystroke.
\n–Connections to ground propagate characteristic signals of each keystroke in the power grid.<\/p>\n
Potential Defenses:
\n–Shield the keyboard-computer connection with lead.
\n–The output of all electrical lines should be filtered by some bandpass filter.<\/p>\n
The main difficulty with the shielding of electromagnetic radiation is that it requires a thick metal to encase the machine, which is costly, bulky, and inconvenient.\u00a0 New ways need to be researched to shield, filter, and mask the emissions of computers.\u00a0 Recently, the research team of Ecole Polytechnique announced they have uncovered ways to sniff keystrokes from 20 meters away with 95 percent accuracy using an antenna, oscilloscope, analog-to-digital converter, and a PC.\u00a0 They plan to present a talk about the research at the upcoming CanSecWest conference, so this vulnerability may become more ubiquitous in the near future.\u00a0 Paranoid people be afraid!<\/p>\n
http:\/\/www.nsa.gov\/public_info\/_files\/cryptologic_spectrum\/tempest.pdf
\nhttp:\/\/www.itworld.com\/security\/64193\/researchers-find-ways-sniff-keystrokes-thin-air<\/p>\n","protected":false},"excerpt":{"rendered":"
This vulnerability is one of the most profound in computing.\u00a0 Every computer has a connection from the keyboard to the CPU, and when signals are sent this connection acts as an antenna, transmitting a characteristic wave for each keystroke.\u00a0 Each … Continue reading