Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Researchers find keyboards to be tattletales
Published: 2008-10-20

Two researchers at the Swiss Federal Institute of Technology (EPFL) in Lausanne, Switzerland have surveyed 11 different wired computer keyboards and found that all leaked keystroke information.

The researchers, Martin Vuagnoux and Sylvain Pasini, used four different attacks to gather information at a distance of up to 20 meters via the electrical signals emitted from the they keyboards. The antenna used by the researchers could read the data even through walls, Vuagnoux said.

"We conclude that wired computer keyboards sold in the stores generate compromising emanations -- mainly because of the cost pressures in the design," Vuagnous wrote on a Web page describing the attacks. "Hence they are not safe to transmit sensitive information. No doubt that our attacks can be significantly improved, since we used relatively unexpensive equipments (sic)."

The researchers claim that the study is the most complete survey to date of the problems of data leakage among standard keyboards. Previous research has found that the key clicks on a keyboard can also leak information, if a microphone is placed relatively close to the keyboard. In addition, a great deal of research has focused on eavesdropping on systems via the emanations of the computer monitor.

While more expensive keyboards contain shielded components, preventing them from leaking information, the pressure to reduce costs of commercial keyboards means that the vast majority of people could fall prey to a remote eavesdropping attack. The researchers have submitted a paper on the experiments to be peer reviewed and two videos showing their attacks can be viewed via their Web site.

If you have tips or insights on this topic, please contact SecurityFocus.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:







 

Privacy Statement
Copyright 2009, SecurityFocus