we can hear your keyboard

We've long hypothesized that wireless keyboards are just simply insecure, period. The odds that the wireless keyboard vendors use cheesy RF signaling in the clear (or with a weak smattering of FHSS) are just too high to really convince ourselves that wireless keyboards are worth the insecurtiy they likely harbor. It could be as simple as taking the receiver of an identical model keyboard and tuning it to receive the keyboard signals (depending upon how the devices sync; you have better odds of this working if you get a setup that requires you manually select a 'channel' to use). Of course, we're talking proprietary RF 'protocol' (we use that term loosely) and not Bluetooth, although there are those that would still not sleep well at night with Bluetooth either...

Anyways, imagine our surprise when we wandered across this. These guys are sniffing EM from wired keyboards (not wireless)! Usually we leave TEMPEST activities to the three letter agencies, but this is just scary. It's probably just a matter of time before this becomes accessible to the mainstream. I did notice that the demo video shows massive latency between when the keys were pressed and when they were decoded/shown on the receiving PC; that makes me believe the signals need to be captured and buffered, and then post-processed. It's probably just a matter of time until this becomes real-time. Joy.

Maybe we just ditch keyboards and stick with mice and touch screens. I rather like my tablet PC, actually.

posted on 21 Oct 2008 | permalink | comment on this post