Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

Re: All your keyboard are belong to us
From: Martin Vuagnoux <dailydave () vuagnoux com>
Date: Mon, 20 Oct 2008 16:42:21 +0200
Francois ROPERT a écrit :

Martin Vuagnoux a écrit :
  

Hi list,

    

Hi Martin,

  

Hi Francois,

Here you can find a video of our compromising electromagnetic emanations 
attacks on (wired) keyboards. The objective is to show that wired 
keyboards may be eavesdropped remotely and passively. PS/2, USB and 
Laptop keyboards have been tested. Since it's an academic research, the 
paper will come later.

It's more related to hardware security but it works in practice, so why 
not exploit it ?
    


This looks like very 80's and reminds me
http://cryptome.org/tempest-leak.htm

Anything new I can't catch under the switzerland sun ?
  

Of course we know cryptome and all TEMPEST stuff. These things motivated 
our research indeed. Our objective to see if these attacks can be 
applied to modern keyboards. If these attacks are known, why keyboards 
are still vulnerable ?

We found that modern keyboards (especially USB and Laptop-based) use a 
different technology, which avoid (partially) known attacks. Even PS/2 
keyboard changed since the 80's, the electromagnetic leaks are not the 
same. Our research shows that there is other ways to recover keystrokes 
even with new keyboards. Again, our objective was to give *practical* 
evidences that  modern keyboards can still be remotely eavesdropped with 
accessible equipments.

I heard that NSA is able to eavesdrop keyboards at a distance up to 200 
meters. This paper shows (I hope for the first time in the open 
litterature) exactly how to do it at a much smaller range. However, this 
attack can be practically applied and exploited for real, with currently 
sold keyboards. So the danger is still here, isn't ?

Note that TEMPEST compliant keyboards exist in the stores (~ 500$ the 
keyboard) proving that Agencies are probably protected against these 
attacks.

I hope I answered to your question.

Martin

http://lasecwww.epfl.ch/keyboard/

Best regards,

Martin Vuagnoux
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

    


Cheers,
  


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]