Here’s a new vulnerability vector. Even when keystroke loggers aren’t embedded in a computer, someone with malicious intent can eavesdrop on the keystrokes because wired keyboards emit electromagnetic waves that are fairly easy to detect, according to recent research by French computer scientists.
This from a recent paper by Martin Vuagnoux and Sylvain Pasini, researchers at France’s EPLF.. They measured the waves emitted as keys are pressed: “Our approach was to acquire the signal directly from the antenna and to work on the whole captured electromagnetic spectrum.”
The results of the research are sobering. “We found four different ways to fully or partially recover keystrokes for wired keyboards at a distance of up to 20 meters, even through walls,” Vuagnoux and Pasini state. “We tested 11 different keyboard models bought between 2001 and 2008 (PS/2, USB and laptop). They are all vulnerable to at least one of our four attacks.”
Their conclusion? Keyboards currently available in stores near you “emit compromising emanations,” largely due to low-cost design, and “are not safe to transmit sensitive information.”
The authors say their attacks could have been much more sophisticated had they launched them using higher-end resources; but comforting is the fact that they require close proximity to the target to execute.