Two researchers working at security firm Inverse Path, recently came out with a paper that reveals a disturbing discovery about many common keyboards. It turns out that the poor shielding used on many keyboard’s PS/2 cables can allow hackers to snoop on what you’ve been typing. When a key is pressed, the data leaks onto the earth wire that connects to the PC’s power unit, which in turns connects to the plug in the power socket. From there, the data potentially leaks out onto the power circuit that is supplying electricity in a room.
“The PS/2 signal square wave is preserved with good quality… and can be decoded back to the original keystroke information,” wrote the pair in a paper describing their work.
The folks over at Inverse Path have even been able to demonstrate this working over distances up to 15 meters.
“The test performed in the laboratory represents a worst case scenario for this type of measurement, which along with acceptable results emphasizes the feasibility of the attack on normal conditions,” they added.
Apparently, all that is needed to successfully steal the data via a power-line attack is about $500 and another $100 for laser attack gear. Granted, these unconventional attacks do require a good amount of skill and a measure of knowledge. The pair plans to demonstrate this attack in public at the Black Hat conference that will take place in Vegas in late July. As much as this news is somewhat unsettling, and it definitely is a new security risk for companies to take in to consideration, the reality is that for average users, there is a much simpler and affordable method to use to keep an eye on someone’s keystrokes. BrickHouse Security sells several such solutions, including the Stealth iBot Computer Spy and other hardware keyloggers. (Via BBC News | Networld World)