I can hear you typing...
January 20, 2008 10:42 PM Subscribe
Hi-tech key and datalogging: What crazy methods for remotely monitoring datastreams have you heard of?
I was talking to a friend about something related to keystroke monitoring, and I remembered hearing that some people had developed a proof of concept on monitoring keystrokes by their auditory signature—the sound of the user typing could be correlated to their keystokes based on frequency.
I also have heard of users being able to monitor LED light activity on an Ethernet interface to decode the data being sent...
And I think I saw something about being able to tap the EMI signal from a VGA cable, but I think the last two are nearly complete bullshit.
Can anyone cite any sources for those three methods? Or list any other crazy methods?
Many thanks!
I was talking to a friend about something related to keystroke monitoring, and I remembered hearing that some people had developed a proof of concept on monitoring keystrokes by their auditory signature—the sound of the user typing could be correlated to their keystokes based on frequency.
I also have heard of users being able to monitor LED light activity on an Ethernet interface to decode the data being sent...
And I think I saw something about being able to tap the EMI signal from a VGA cable, but I think the last two are nearly complete bullshit.
Can anyone cite any sources for those three methods? Or list any other crazy methods?
Many thanks!
van eck was what I came to mention, i also remember reading something about 'acoustic keylogging', but i think that it required a pretty hefty sample of known input to compare against. Kinda like how telegraph operators in WWII could be identified from their 'fist', or keying style.
posted by pupdog at 11:46 PM on January 20, 2008
posted by pupdog at 11:46 PM on January 20, 2008
Best answer: Van Eck is the guy who's usually credited with CRT eavesdropping. TEMPEST is the US military certification for resisting such eavesdropping, but you'll often hear the eavesdropping itself called TEMPEST. I'm pretty sure that "Van Eck phreaking" is a misnomer that derives from Cryptonomicon.
You can eavesdrop on emissions from lots of things; serial cables (including pre-USB keyboard cables) are an excellent target. I no longer have a copy but I read an article on keyboard sniffing with an FM radio and simple hardware. (There was an unintended oscillation which was modulated by ground-bounce in the cable ... or something like that.) Computers are very noisy electromagnetically and almost all that noise carries some information about what the computer is doing.
pupdog, allegedly ten minutes of keyboard activity is enough to build a useful set of statistics: see here.
posted by hattifattener at 12:56 AM on January 21, 2008
You can eavesdrop on emissions from lots of things; serial cables (including pre-USB keyboard cables) are an excellent target. I no longer have a copy but I read an article on keyboard sniffing with an FM radio and simple hardware. (There was an unintended oscillation which was modulated by ground-bounce in the cable ... or something like that.) Computers are very noisy electromagnetically and almost all that noise carries some information about what the computer is doing.
pupdog, allegedly ten minutes of keyboard activity is enough to build a useful set of statistics: see here.
posted by hattifattener at 12:56 AM on January 21, 2008
You don't even need to listen:
Timing Analysis of Keystrokes and Timing Attacks on SSH
posted by zabuni at 2:34 AM on January 21, 2008
Timing Analysis of Keystrokes and Timing Attacks on SSH
posted by zabuni at 2:34 AM on January 21, 2008
Some researchers have done work on reconstructing the image on a CRT by monitoring the light levels so that, for example, even if you can't see the monitor itself, you can get an idea of its contents by looking at the flickering of the light reflected off walls. Unfortunately, I could only find this fairly technical paper [pdf].
Here are some interesting ideas on using the sound emanating from a motherboard to perform timing attacks.
All of these are types of side-channel attacks.
posted by enn at 6:06 AM on January 21, 2008 [1 favorite]
Here are some interesting ideas on using the sound emanating from a motherboard to perform timing attacks.
All of these are types of side-channel attacks.
posted by enn at 6:06 AM on January 21, 2008 [1 favorite]
I also have heard of users being able to monitor LED light activity on an Ethernet interface to decode the data being sent...
Anecdotal, but when I was working in the tech security industry in the early 2000s, there was definitely a big to-do about this. Turns out that the light on modems/routers, etc would blink out the data stream (ie, 1 on, 0 off), and it was possible to decode this.
Interestingly enough, radio shack used to put out a cheap rolodex portable that used a similar principle to transfer data: instead of using infrared (the hot shit at the time), you'd hold the device up to your floppy drive light and it would blink out the data.
Here's an apparent cite, although I'll admit I haven't read it: Information Leakage from Optical Emanations (PDF) -- [Google HTML] . I think activity lights are no longer a direct on-off with the data stream because of this, but I haven't been following the trends in security for several years.
I've also been privy to hearsay about TEMPEST/CRT eavesdropping. When I visited Boeing with my company in early Sept 2001, they had a Faraday cage at the entrance to their building which our escort told us was there to cut down on this sort of thing (and probably cell phone/radio transmissions etc etc). Anyhow, it was serious enough that the big dogs were doing something about it.
posted by fishfucker at 8:55 AM on January 21, 2008 [1 favorite]
Anecdotal, but when I was working in the tech security industry in the early 2000s, there was definitely a big to-do about this. Turns out that the light on modems/routers, etc would blink out the data stream (ie, 1 on, 0 off), and it was possible to decode this.
Interestingly enough, radio shack used to put out a cheap rolodex portable that used a similar principle to transfer data: instead of using infrared (the hot shit at the time), you'd hold the device up to your floppy drive light and it would blink out the data.
Here's an apparent cite, although I'll admit I haven't read it: Information Leakage from Optical Emanations (PDF) -- [Google HTML] . I think activity lights are no longer a direct on-off with the data stream because of this, but I haven't been following the trends in security for several years.
I've also been privy to hearsay about TEMPEST/CRT eavesdropping. When I visited Boeing with my company in early Sept 2001, they had a Faraday cage at the entrance to their building which our escort told us was there to cut down on this sort of thing (and probably cell phone/radio transmissions etc etc). Anyhow, it was serious enough that the big dogs were doing something about it.
posted by fishfucker at 8:55 AM on January 21, 2008 [1 favorite]
Anecdotal, but when I was working in the tech security industry in the early 2000s, there was definitely a big to-do about this. Turns out that the light on modems/routers, etc would blink out the data stream (ie, 1 on, 0 off), and it was possible to decode this.
oh, and PS, there was also the classic story going around about the bumbling corporate response; something along the lines of how there were million-dollar studies on ways to defeat it, etc, etc, and then when it came down to it, most ops simply put a piece of duct tape over the led light.
posted by fishfucker at 8:58 AM on January 21, 2008
able to tap the EMI signal from a VGA cable
Most cables are shielded enough to make this a fruitless exercise, but regardless... why bother? The cathode ray tube the VGA cable is plugged into will emit more than enough radiation to get a picture from a few dozen feet away.
posted by Civil_Disobedient at 4:34 PM on January 21, 2008
Most cables are shielded enough to make this a fruitless exercise, but regardless... why bother? The cathode ray tube the VGA cable is plugged into will emit more than enough radiation to get a picture from a few dozen feet away.
posted by Civil_Disobedient at 4:34 PM on January 21, 2008
It wasn't VGA but I used to be able to see a ghost of my computer monitor on my TV (on a different floor of the house) back in the early 90s. Enough that I could see the outlines of windows. Of course, I don't know if it was the graphics hardware emitting the EMI, the CRT, or the cable.
posted by jewzilla at 8:55 AM on February 7, 2008
posted by jewzilla at 8:55 AM on February 7, 2008
« Older Is living in a dirty house bad for children? | Would like Mac OS X versions of these Windows... Newer »
This thread is closed to new comments.
posted by cmonkey at 10:46 PM on January 20, 2008