nothing is safe ....
 

so wifi is ok !

http://news.bbc.co.uk/2/hi/technology/8147534.stm

Re: nothing is safe ....
 

PS/2 cables? Are they still around?

(Typed from, yes, a PS/2 keyboard.)

Very nifty, but if it doesn't affect USB similarly, this attack is fast becoming as useful as recording an analog modem's blinky lights with a high speed video camera.

Re: nothing is safe ....
 

Simple fix...install an OSK on your desktop and click the letters with your mouse....

But then, you still have the wild and wooly Internet to worry about....:D

Re: nothing is safe ....
 

Interesting...*builds decoding attack device* >8D

Jesse~

Re: nothing is safe ....
 

Well dang. That's something quite interesting... will this info cause a class action lawsuit to keyboard cable manufacturers for not ensuring a secure and unencumbered quality of service in places that might be more advantageous for snooping?

I'm just saying... seems like that could happen

Re: nothing is safe ....
 

Take a couple of cell phone signal booster stickers and place them on the cable. That will surely protect you.

Re: nothing is safe ....
 

Not if it's a PS/2 mouse!

Re: nothing is safe ....
 

Touchscreen please ;)

Jesse~

Re: nothing is safe ....
 

Probably someone will try sadly.

Hmm I wonder what happens if there's any noise from other devices hooked into the grid..

E.g. if you have power strips with plugged in device chargers, + game consoles + monitors, etc..

Re: nothing is safe ....
 

I for one call BS on this. Of course, anyone who's anybody knows that physical access equals root. So these aren't "hacks" by the proper definition, but rather good old fashioned wire taps and physical keylogging.

Re: nothing is safe ....
 

They can do it with no physical access to the box, or to any communications cables; just a tap on the same power line up to 15m away. How's that BS?

While it technically is tapping a wire, it's much more analogous to the old CRT (or as sjgadsby pointed out, modem-light) snooping.

Re: nothing is safe ....
 

Well, even if it's theoretically 15 meters away, I still call shenanigans. There's no way you can track what someone's typing by monitoring electrical signals over mains power. The signals going to the computer are not THAT unique. And besides, if they're looking for the tiny spikes caused by typing, secondary activity on the computer would immediately render that null and void as it'd put extra noise on the line. Assuming such a thing was even possible in the first place.

Re: nothing is safe ....
 

Why? <extra chars for the board>

Re: nothing is safe ....
 

Wouldn't it be way easier to kidnap the person who's typing, beat him/her senselessly till he/she is almost dead and then get all the information we want nicely written on paper while drinking a cup of coffee?

Ah, technology, always forgetting to put the heart in mobster business...

I second what Lord Raiden said, the depicted scenario would maybe work if the PC is the only thing connected to a wall plug, the cable are in perfect shape with superior insulation from EMI and the "listener" has Sci-fi technology took from the alien ship that fell in Roswell some time ago...

Re: nothing is safe ....
 

The link you want is probably:
http://lasecwww.epfl.ch/keyboard/

This is not exactly news... In different forms this is known to be possible with various equipment for decades, see http://en.wikipedia.org/wiki/TEMPEST#Public_research for some further info.

It's not as SF and Alien tech as you might think (yes, I'm actually an EE).

Re: nothing is safe ....
 

Because they demonstrated snooping characters over an AT / PS/2 serial link; switching to a different link of the same type isn't going to be the fix.

For those claiming this is "theoretical", I'm aware general-news outlets reporting on papers often get things wrong, but the BBC piece does quote the paper as saying the tests verifying success were performed for a "worst case scenario". Now maybe that was the shorter-range tests, and the 15m wasn't worst-case; maybe I'd disagree with them on what constitutes realistic worst-case conditions; but if they've got a POC working at 15m under any realistic conditions at all, it should be quite feasible for a dedicated solution to be successful enough to be useful.

One problem I do see, on thinking more about it, is with laptops; since laptop PSUs generally don't have a ground link, they're likely to be practically immune to this approach, between the reduced coupling to the hot and neutral lines, and noise from switching PSUs. But as attilla77 pointed out, keyboard sniffing is possible from RF emissions with the laptop completely disconnected.

As to whether it's more practical than other options, you're right, for many scenarios rubber-hose cryptanalysis is easier than any password sniffing, and there's many scenarios where other sniffing techniques would be easier/cheaper. But there are a couple benefits: sniffing in general is non-intrusive, so you don't just get information now, you get a login for an indefinite period. And this particular technique would be useful for cases where the target machine is offline (e.g. sniffing local passwords for later remote-login attempts) or on an uninterceptable network, but still plugged into an accessible power circuit.

While the power-line sniffing does potentially suffer more interference than RF snooping with a highly directional antenna, it has the potential to be very unobtrusive; it could allow long-term unattended snooping in computer labs and net cafes where . (I, at least, always ok, usually check cables for hardware keyloggers when I use a publicly accessible machine, but I don't check for mysterious boxes plugged into powerstrips.)

Re: nothing is safe ....
 

[QUOTE=Benson;304583]Because they demonstrated snooping characters over an AT / PS/2 serial link; switching to a different link of the same type isn't going to be the fix.
/QUOTE]

Sorry, still don't get it. If I install an On Screen Keyboard, and click the characters with a mouse, AT or PS/2, how are those characters getting transmitted across the serial link?

Re: nothing is safe ....
 

And this other EE here thanks you for the valuable information you linked ;)
I was joking about SF and alien technology, but I still don't consider this a threat compared to other way of stealing informations...

Re: nothing is safe ....
 

We oughta make a club :D

Of course, often people embark about discussing (and even working) on sophisticated security procedures while leaving open very simple (e.g. human) concerns - and a hacker/cracker will always attack at the weakest point known/exploitable to him. TEMPEST style data acquisiton is interesting because it is virtually undetectable. Mobster and other head on techniques are simpler, but are more like quantum physics, can't actively find out stuff without actually interfering with the processes and particles involved :) That, in turn, might actually be a part of procedures (e.g. what to do if forced to give out credentials, how to detect moles and information leaks, etc).

Re: nothing is safe ....
 

Could be a good idea :D

Virtually and probably practically; the biggest issue though is that nowadays it's easy to find many machines in small areas, so it could be very hard if not impossible to find a relation between the leaked information and a possible target... at least it would take a long time...


That was a joke too :D

Re: nothing is safe ....
 

There's no need for that sort of...unpleasantness.

Re: nothing is safe ....
 

They aren't, at least not directly; the mouse movements are. But since the computer can translate the data coming over the mouse line into characters, the only question is: what state information is your computer using to make that translation that the attacker doesn't have, and how hard is it for them to guess?

Initial cursor position, but that's controlled once the user has made a move long enough to bump one edge of the screen. Screen resolution, as mentioned, matters, but in practice can be reduced to a short list instead of all possible dimensions. I guess acceleration could mess things up, if you use it, but odds are trying various minimum and maximum settings from different desktops would get it. So you've got absolute positions of all clicks. (How to know when you've got these accurate? Analyze patterns; for example, the Windows taskbar is normally at the bottom of the screen, and you should see some activity there if you've got the height right. Compare ones that bounced off the bottom limit to ones coming directly from the top limit; they should match up. In general, look for clustered clicks coming from the top, and corresponding clusters from the bottom, and similarly left and right.)

Now to convert the click-list to keypresses, the entire code of the OSK in use is involved, but given only a handful of these in common use, you can assume they have that, and just need to guess which one is running. Location on-screen, and (if configurable) key pitch? You can estimate these from a bunch of click data, and the results will help confirm the OSK & layout; frequency analysis of the proposed keys will allow you to distinguish geometrically similar layouts (e.g. QWERTY vs. Dvorak). Now you should be able to translate large periods of of the click-list into text, some of which should be identifiable natural language; at this point, you know you've got everything right; start looking for passwords or whatever sensitive info was desired.

Re: nothing is safe ....
 

Benson,

Thanks for the explanation!