Researchers Steal Passwords From Radio Waves

rated by 0 users
This post has 6 Replies | 1 Follower

Top 10 Contributor
Posts 26,501
Points 1,196,745
Joined: Sep 2007
ForumsAdministrator
News Posted: Thu, Oct 23 2008 12:34 PM

The next time you are taking money out at the ATM, be wary of anyone lurking nearby with an antenna sticking out of their pants. They might be stealing your PIN wirelessly. A pair of Ph.D. students at the Security and Cryptography Laboratory (LASEC) of Switzerland's Ecole publique Polytechnique Fédérale de Lausanne (EPFL) recently demonstrated a number of techniques for listening in on the electromagnetic emanations coming from wired keyboards and interpreting that information into the actual keystrokes pressed.

The two researchers, Martin Vuagnoux and Sylvain Pasini, tested four different versions of this technique on 11 different wired keyboards with PS/2 and USB connections as well as keyboards integrated into laptops. Using a combination of the four techniques, they were able to successfully "recover keystrokes from compromising electromagnetic emanation [from] up to 2 meters [away]," at least in part, if not fully. With a stronger antenna, they were even able to listen in to keystrokes through a wall from a computer in the next room.

All electronic devices give off electromagnetic radiation. Those FCC Class A and Class B labels you see on devices tell you that devices have passed certain tests to indicate the electromagnetic radiation they give off do not interfere with certain types of other devices. For instance, FCC Class B is a rating for residential and small office use that indicates that the rated device will not interfere with the over-the-air broadcast transmissions for radios and TVs. This is not to say, however, that these devices are perfectly shielded. Unless a manufacturer is designing a device to be used in a high-security area, such as in a military installation, chances are some "unintentional radiation" (in the form of radio waves) are bound to leak out of a device.

This means that not just the wired keyboards are leaking radio waves--so are all the various components and peripherals that make up a computer system. This can make for a very "noisy" environment. The researchers set up an antenna that captured a wide range of the relevant electromagnetic spectrum. The antenna then sent these signals to a combination of hardware and software that analyzed the spectrum and was able to sniff out and detect the keystrokes from the cacophony of radio noise. The researchers stated on their blog:

"We conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design). Hence they are not safe to transmit sensitive information. No doubt that our attacks can be significantly improved, since we used relatively inexpensive equipments."

Which means that not only is this relatively easy and inexpensive to do (as long as you know what you are doing), but who's to say that there aren't people or organizations out there now that are already doing this? Who needs a keylogger when you can steal passwords from the next room?



  • | Post Points: 80
Top 10 Contributor
Posts 5,054
Points 60,735
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Thu, Oct 23 2008 1:14 PM

1985 called: Van Eck wants his Tempest device back.

(Yes, that's how we spoke in the 80's).

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Top 10 Contributor
Posts 6,181
Points 90,135
Joined: Aug 2003
Location: United States, Virginia
Moderator

If someone goes through all this to steal my gmail password. I say "well done sir, now go find a job."

  • | Post Points: 5
Top 25 Contributor
Posts 3,490
Points 47,190
Joined: Nov 2005
Location: Metropolis
ForumsAdministrator
Moderator

Unfortunately, there just aren't any tortuous punishments available for these nefarious password-stealing evil-genius criminals.Angry

 

 SPAM-posters beware! ®

  • | Post Points: 5
Top 10 Contributor
Posts 7,614
Points 67,270
Joined: May 2000
Location: Santo Domingo, Dominican Republic
Moderator
^Bad_Boy^ replied on Fri, Oct 24 2008 1:10 PM

Very interesting indeed :P

Dammit! What's My Age Again???

  • | Post Points: 5
Top 500 Contributor
Posts 150
Points 2,250
Joined: Sep 2007
Location: U.S.
mazuki replied on Sat, Oct 25 2008 6:04 PM

ok, so we are going to steal mr/mrs "hunt and peck's" password.....what could they really have?

  • | Post Points: 20
Top 10 Contributor
Posts 5,054
Points 60,735
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Tue, Oct 28 2008 8:23 PM

Launch codes.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Page 1 of 1 (7 items) | RSS