Eavesdropping on Wired Keyboards from 20 Paces

Yes, you heard it right. Researchers in Switzerland have developed some attacks targetted at capturing the Radio Frequency emmissions from keyboards and using the captured RF data to work out what keys the user pressed.

Note that this attack is not against wireless keyboards, but is actually aimed at those USB and PS2 keyboards which we all use every day. Notebooks with built in keyboards are just as easily sniffed too, so there is no obvious escape from this problem. 

The heart of the vulnerability is that keyboards are built so cheaply that they have absolutley no Radio Frequency sheilding at all and picking up some form of radio signal from just about any keyboard is an almost trivial excercise.

What is not trivial of course is the decoding of that signal to rebuild the users keypresses. Nevertheless, the team from the Security and Cryptography Laboratory (LASEC) in Lausanne, Switzerland have developed four similar attacks and have found that of the 11 keyboards they extensivly tested, all were suseptible to their eavedropping methods.

The key point here is that it's now pretty much mandatory to use one time passwords if you truly want to be secure.

Read more about the attackes here.

Leave a Reply