Keyboard emissions sniffed from 20 metres

Researchers have discovered a major vulnerability with wired keyboards, as they found out that there are several ways to measure the electromagnetic signals emitted when keys are pressed.

The team from the Security and Cryptography Laboratory in Lausanne, Switzerland, found four different ways to fully or partially recover keystrokes from wired keyboards, even through walls. A radio antenna was used to recover the keystrokes.

The researchers tested 11 different wired keyboard models - PS/2, USB and laptop - bought between 2001 and 2008, and found that all were vulnerable to at least one type of attack.

A statement from team members Martin Vuagnoux and Sylvain Pasini said: "We conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design).

"Hence they are not safe to transmit sensitive information. Nom doubt that our attacks can be significantly improved, since we used relatively inexpensive equipments."

Two videos were shown of the experiment which showed a laptop disconnected from its power supply connected up to a keyboard.

In the first video, a wire antenna picked up a researcher typing the words trust no one,' which was then read by a separate computer running the keyboard eavesdropper program.

In the second video, the word password' was typed on a keyboard which was picked up by a separate computer, but this time in an adjacent room.

Vuagnoux and Pasini noted: "Computer keyboards are often used to transmit sensitive information such as username/passwords. A vulnerability on these devices will definitely kill the security of any computer or ATM."