UW Computer Security Research and Course Blog

This vulnerability is one of the most profound in computing.  Every computer has a connection from the keyboard to the CPU, and when signals are sent this connection acts as an antenna, transmitting a characteristic wave for each keystroke.  Each key strike actually emits a characteristic sound wave for each key.  Both of these facts have been used to sniff keystrokes from the air.  Even worse, PS2 keyboards have a connection to ground which causes their characteristic waves to be sent out in the power grid as well.  This means that an adversary could eavesdrop by plugging in a device near the victim’s computer.  Theses forms of attacks were first realized by the US government during WWII, but the countermeasures they developed were deemed too difficult to roll-out at the time.

Assets and security goals:
–Goal: Users should be able to type without having people know their keystrokes anywhere in the vicinity or through walls.
–Asset of concern: Assets that users should hold private but are currently vulnerable include papers, financial information, private communications, passwords, and business communications.

Adversaries and threats:
–Other governments are an adversary who could be recording the keystrokes of any government official they can dedicate an antenna to.
–The main threat is that everything you do on your computer being tracked by an unknown third party.

Potential Weaknesses:
–Electromagnetic waves emitted by the keyboard to computer connection cause characteristic waves to be sent with each keystroke.
–Connections to ground propagate characteristic signals of each keystroke in the power grid.

Potential Defenses:
–Shield the keyboard-computer connection with lead.
–The output of all electrical lines should be filtered by some bandpass filter.

The main difficulty with the shielding of electromagnetic radiation is that it requires a thick metal to encase the machine, which is costly, bulky, and inconvenient.  New ways need to be researched to shield, filter, and mask the emissions of computers.  Recently, the research team of Ecole Polytechnique announced they have uncovered ways to sniff keystrokes from 20 meters away with 95 percent accuracy using an antenna, oscilloscope, analog-to-digital converter, and a PC.  They plan to present a talk about the research at the upcoming CanSecWest conference, so this vulnerability may become more ubiquitous in the near future.  Paranoid people be afraid!

http://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf
http://www.itworld.com/security/64193/researchers-find-ways-sniff-keystrokes-thin-air