Computer criminals could soon be eavesdropping on what you type by analysing the electromagnetic signals produced by every key press. By analyzing the signals produced by keystrokes, Swiss researchers have reproduced what a target typed.
The security researchers have developed four attacks that work on a wide variety of computer keyboards.
The results led the researchers to declare keyboards were “not safe to transmit sensitive information”.
The attacks were dreamed up by doctoral students Martin Vuagnoux and Sylvain Pasini from the Security and Cryptography Laboratory at the Swiss Ecole Polytechnique Federale de Lausanne (EPFL).
The EPFL students tested 11 different keyboard models that connected to a computer via either a USB or a PS/2 socket. The attacks they developed also worked with keyboards embedded in laptops.
Every keyboard tested was vulnerable to at least one of the four attacks the researchers used. One attack was shown to work over a distance of 20 metres.
In their work the researchers used a radio antenna to “fully or partially recover keystrokes” by spotting the electromagnetic radiation emitted when keys were pressed.
In a web posting they added: “no doubt that our attacks can be significantly improved, since we used relatively inexpensive equipments.”
In videos showing their early work the researchers are seen connecting keyboards to a laptop running on battery power. They avoided using a desktop computer or an LCD display to minimise the chance of picking up signals from other sources.
Details of the attacks are scant but the work is expected to be reported in a peer-reviewed journal soon.
The research builds on earlier work done by University of Cambridge computer scientist Markus Kuhn who looked at ways to use electromagnetic emanations to eavesdrop and steal useful information.
These kind of technologies are really challenges posed before People creating online platforms for banking, and other financial services. Experts advice to common users for time being is that Until counter measures are taken for this kind of eavesdropping, avoid making transactions in online platforms in the public places at least.
Source: BBC News