The idea of someone sniffing out keystrokes with a wireless antenna may seem ripped from the pages of a spy thriller, but criminals have already used sneaky techniques such as wireless video cameras placed near automated teller machines and Wi-Fi sniffers to steal credit-card numbers and passwords.
"If you are a company using highly confidential data, you have to know that the keyboard is a problem," Vuagnoux said.
If pulling keystrokes out of thin air isn't bad enough, another team has found a way to get the same kind of information out of a power socket. Using similar techniques, Inverse Path researchers Andrea Barisani and Daniele Bianco say they get accurate results, picking out keyboard signals from keyboard ground cables.
Their work only applies to older, PS/2 keyboards, but the data they get is "pretty good," they say. On these keyboards, "the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna," Barisani said.
That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. They believe they could pick up signals from a distance of up to 50 meters by simply plugging a keystroke-sniffing device into the power grid somewhere close to the PC they want to snoop on.
Because PS/2 keyboards emanate radiation at a standard, very specific frequency, the researchers can pick up a keyboard's signal even on a crowded power grid. They tried out their experiment at a local university's physics department, and even with particle detectors, oscilloscopes and other computers on the network were still able to get good data.
Barisani and Bianco will present their findings at the CanSecWest hacking conference next week in Vancouver. They will also show how they've been able to read keystrokes by pointing a laser microphone at reflective surfaces on a laptop, such as the screen. Using the laser's very precise measurements of the vibrations on the screen's surface caused by typing, they can figure out what is being typed.
Previously researchers had shown how the sound of keystrokes could be analyzed to figure out what is being typed, but using the laser microphone to pick up mechanical vibrations rather than sound makes this technique much more effective, Barisani said. "We extend the range because with the laser microphone, you can be hundreds of meters away," he said.
The Ecole Polytechnique team has submitted their research for peer review and hopes to publish it very soon.
Sign up for Computerworld eNewsletters.