We Can Tell What You’re Typing, So Stop It!

Published on July 13th, 2009

Posted by Uncle Dave in Technology, crime

Not many people are carting around tower computers and keyboards to hotels rather than laptops, but combined with things like how easy it is to hack WEP encryption (rather than more secure, but still crackable, WPA & WPA2) on wireless networks and so on, this is just one more way others can find out what you’re doing.

On the other hand, how much you wanna bet the CIA, et al have known about this for decades. And used it against, oh, let’s say… you.

Power sockets can be used to eavesdrop on what people type on a computer. Security researchers found that poor shielding on some keyboard cables means useful data can be leaked about each character typed. By analysing the information leaking onto power circuits, the researchers could see what a target was typing.
[...]
The research focused on the cables used to connect PS/2 keyboards to desktop PCs.

Usefully, said the pair, the six wires inside a PS/2 cable are typically “close to each other and poorly shielded”. This means that information traveling along the data wire, when a key is pressed, leaks onto the earth (ground in the US) wire in the same cable. The earth wire, via the PC’s power unit, ultimately connects to the plug in the power socket, and from there information leaks out onto the circuit supplying electricity to a room. Even better, said the researchers, data travels along PS/2 cables one bit at a time and uses a clock speed far lower than any other PC component. Both these qualities make it easy to pick out voltage changes caused by key presses.
[...]
“The PS/2 signal square wave is preserved with good quality… and can be decoded back to the original keystroke information,” wrote the pair in a paper describing their work.

They demonstrated it working over distances of 1, 5, 10 and 15m from a target, far enough to suggest it could work in a hotel or office.

23 users responded in " We Can Tell What You’re Typing, So Stop It! "

Subscribe to this post comment rss or trackback url

# 1 testtubebaby said, on July 13th, 2009 at 5:43 pm

Look up “Tempest”. The government has known of this for decades. Southwall used to make shielding to combate this.

# 2 bill said, on July 13th, 2009 at 5:45 pm

What about bluetooth wireless keyboards?

# 3 Olo Baggins of Bywater said, on July 13th, 2009 at 6:04 pm

I used to work on Tempest PCs back when the 286 was hot. The AC line filters in those machines was as big as a pair of today’s bigger laptop power supplies.

# 4 Ah_Yea said, on July 13th, 2009 at 6:49 pm

Not nearly as effective as that guy in black looking over my shoulder.

# 5 Jeff said, on July 13th, 2009 at 6:53 pm

Show me a link with someone who has actually cracked a secure password on a WPA2 connection. Something at least sixteen random characters long with random numbers and letters.

# 6 Ah_Yea said, on July 13th, 2009 at 6:53 pm

And BTW, who still uses a PS2 keyboard? I know I still have one somewhere but all of mine are USB.

# 7 Ah_Yea said, on July 13th, 2009 at 6:55 pm

That is, all that I still use…

# 8 Somebody_Else said, on July 13th, 2009 at 7:26 pm

#5 My thoughts as well. WPA hasn’t been cracked, any password can be bruteforced given enough time.

As for USB or wireless keyboards, the same issues apply. Wireless keyboards usually use weak bit-shift encryption, if anything.

# 9 dusanmal said, on July 13th, 2009 at 7:47 pm

@#5,8 (agreement) as well as original poster (disagreement): “rather than more secure, but still crackable, WPA & WPA2″.

If you use WPA to its full capability, you can bet your life on it against any existing foe. Though 16 char’s #5 mentions are fair defense, that is not the full capability. Random 63 characters from the complete available character set provide full protection. Anyone using less may ask themselves: why?

# 10 qb said, on July 13th, 2009 at 7:50 pm

Or you could do the easy thing. 61165 – that was the pin of the women in line in front of me this evening. Did I mention she leaves her wallet in the outside wallet of her purse?

# 11 Uncle Dave said, on July 13th, 2009 at 8:12 pm

1) Go to Google
2) Enter ‘wpa2 hack’

# 12 ridin the short bus said, on July 13th, 2009 at 8:31 pm

All a non story here too… Damn the Blog is getting boring these days…
The “Tempest” computers / shielding etc, idea is used on Military Installations or Government Installations, its almost Ironic, in nature, because the people interested in cracking or spying would be the government?.. And if on a Military Base even less chance to be spied upon.. due to access of the location..
As for Network Access security, I use MAC Address Fitering.. this limits exactly what PC can log onto my network, period. We use this at work, as well. If we have a guest that needs access to our network, we just ask them for their laptop MAC Address then provide them with the Access Key and put thier Mac Address on our system. This cant be cracked, due to Physical Hardware Unique Address.

# 13 FakinMyMAC said, on July 13th, 2009 at 9:47 pm

#12:
It’s trivial to fake your MAC address. You can also determine MAC addresses in use easily and then tame ones of those over. You might need to boot the other person off if they don’t go away nicely, but MAC address filtering is only a single step in the overall picture of wireness network defense.

# 14 slowth said, on July 14th, 2009 at 12:35 am

#11, Uncle Dave

1.)Go to Google
2.)Enter “rainbow table”
3.)Change WPA password from “Dog” or “Bartholomews” to a 63 character monster password
4.)Wait for many times the age of the universe to crack your new password
5.)Don’t spread misinformation

# 15 Mr Diesel said, on July 14th, 2009 at 3:23 am

#12 ridin the short bus

FakinMyMAC is correct.

Obviously you have never attended any hacking conferences or have done a search on MAC Spoofing or you wouldn’t place so much confidence in MAC filtering.

Yeah, try that with any hacker older than 4 in the area and watched yourself get pwned.

# 16 orangetiki said, on July 14th, 2009 at 5:25 am

so each key has it’s own voltage signature? And you can tell who is typing what by the power outlet? LAME and COMPLETE BS

# 17 Winston said, on July 14th, 2009 at 5:44 am

This “news” is even more ancient than your Newsweek cover revelation.

# 18 Patrick said, on July 14th, 2009 at 5:53 am

News that is a couple decades old.

# 19 Uncle Patso said, on July 14th, 2009 at 6:20 am

Reminds me of the passage in “Cryptonomicon” about “Van Eck phreaking.” I can’t see this being a danger in most situations. Unless your neighbor is a spy or cybercrook out to get you…

On the other hand, checking your email over unencrypted public wi-fi could be iffy…

# 20 Somebody_Else said, on July 14th, 2009 at 8:31 am

#11, UncleDave

If you actually looked at some of the links you’d understand that WPA2 has not been “cracked.” The tools that come up all use brute force methods. Any encryption system is vulnerable to a brute force attack, the solution is simply to use a strong password.

You can crack simple, insecure passwords with dictionary attacks and short random passwords by guessing (brute forcing), but the time it would take to crack a complex password longer than 10 characters is prohibitive. Unless you have thousands of years to wait around, anyway.

Proper “WPA2″ encryption uses secure AES-based CCMP, and thus far there are no known exploits.

# 21 Patrick said, on July 14th, 2009 at 9:52 am

# 20 Somebody_Else said, “Proper “WPA2″ encryption uses secure AES-based CCMP, and thus far there are no known exploits.”

If you aren’t handling certificate issues correctly you could get in by man in the middle. Not likely though.

# 22 Rich said, on July 14th, 2009 at 6:05 pm

“so each key has it’s own voltage signature? And you can tell who is typing what by the power outlet? LAME and COMPLETE BS”

Each key sends a unique signal from the keyboard to the PC. This is an electrical signal that both leaks into the ground system and radiates through space. A system used to monitor these signals would only provide a display of keys typed.

# 23 Common_Sense said, on July 15th, 2009 at 11:22 pm

The tinfoil hat crowd has most of this discussion right.

MAC address filtering and WEP is good for preventing casual misuse – read: 95% of the people you re trying to keep out who have no hacking “tools” but will just steal your open wifi. It’ll get beat in minutes (literally, single digit minutes) by anyone with hacking tools.

WPA/WPA2 with good passwords is secure enough for protecting your porn habits from prying eyes, or whatever it you think people will care about getting into your business for.

The techniques that are technically possible – I mean, power signal leakage, freezing your memory to get encryption keys, and even the monitor signal leakage, etc — these are not the hacks of “hackers” as much as governments and industrial espionage types, maybe. You aren’t important enough to draw that kind of technological threat. The individual’s threat model is more along the lines of wifi snoopers, virus/trojan keyloggers, physical cameras, etc…

Know your threats and design your protection against them as best you can, and just accept that there’s no perfect security against a foe with unlimited resources and motivation – fortunately, most of us will never face that foe. A properly shielded cable isn’t worth a hill of beans if your wife still leaves herself logged into her computer 24/7 without locking the machine — it’d be easier for someone to break in and install a quick keylogger on her machine than to try to tap into my power line to pick out signals.

Interesting idea, though – signal leakage via improperly shielded cables. Cool.

Leave Your Reply Below...

Comment Moderation is Active, so if your comment doesn't
show up immediately, please don't submit it again.

Special Deals 4U

25% off eHarmony subscription with code EHTECH
12-percent discount forever with code TECH
10-percent discount and free month using TECH10
10-percent or 30 dollars off weekly car rental!
Get 10-percent discount on car rental!
Get 10% off rental cars!
Get 10% off Dollar rentals!
Discounts on domain names!