Security Researchers Claim Wireless Keylogging

[White Haven]

Security professionals have said for years that the only way to make a computer truly secure is for it to not be connected to any other computers, a method called airgapping. Then, any attack would have to happen physically, with the attacker actually entering the room and accessing the computer that way, which is incredibly unlikely. In the case of computers containing highly sensitive information, additional, physical security can always be added in the form of security guards, cameras, and so on.


Researchers at Georgia Institute of Technology have uncovered a vulnerability in all computers, however, which can be exploited regardless of an air gap. It’s a vulnerability which you’d never suspect, and it’s one that’s hard to fight against. All CPUs emit electromagnetic signals when they are performing tasks, and the first thing these researchers discovered was that binary ones and zeroes emit different levels. The second thing they discovered is that electromagnetic radiation is also emitted by the voltage fluctuations and that it can be read from up to six meters away. These signals, by the way, are known as side-channels, and they are well-documented in the cryptography field.

The Least Traditional Attack You’ve Ever Seen

airgapSide channels are a powerful class of attacks that circumvent traditional security protections and access controls. Unlike traditional attacks that exploit vulnerabilities in what the system does, side channel attacks allow information to be obtained by observing how the system does it, reads their white paper.
The researchers, whose names are Robert Callan, Alenka Zajic, and Milos Prvulovic, have developed software which allows them to overcome the two main problems of this type of attack: multiple weak signals and determining what is of interest and what is not, such as keystrokes. In this video, Milos demonstrates that the keystrokes can be decoded in real time from across the room.

The white paper tries very hard to impress the importance of this vulnerability. An attacker who knows what they are looking for can do a great deal of damage using technology like this. They note that a vulnerability rating has been proposed recently, but that the proposal doesn’t do much in the way of providing developers of future technologies with a roadmap of improvement.

The current state of the art is the recently proposed Side-Channel Vulnerability Factor (SVF), which measures how the side channel signal correlates with high-level execution patterns (e.g. program phase transitions). While this metric allows overall assessment of the “leakiness” of a particular system and application over a given side channel, it provides limited insight to 1) computer architects about which architectural and microarchitectural features are the strongest leakers, and to 2) software developers about how to reduce the side channel leakiness of their code.

Nothing New Under the Sun

Elsewhere, in Israel, a similar process has been developed for except it runs on a cell phone, called the AirHopper. This was done back in October to challenge a policy of letting people bring their mobile phones on secure sites as long as they locked them up in a locker before beginning work. The Israeli researchers proved that they could get data from computers that were connected to no standard network by using side-channels.

With the foundations laid for this sort of compromise, one can only assume that it will be developed by governments and bad actors alike in order to further spy on communications of everyday people as well as gain access to incredibly sensitive data.

Farraday Cage Remedy

Conceivably, rooms containing computers or the computer cases themselves could be augmented with Farraday cages that would prevent this sort of close-range monitoring because the signals wouldn't make it past the cage. Doing this on your home PC might seem overkill now. But as the technique gains wider usage and the technology which enables it is improved, a revival of wardriving could happen in highly populated areas, this time with the intention of stealing passwords and other sensitive data. One thing is for sure: the future of computer security will have to account for this new, universal vulnerability in some way.

I generally try to avoid sky-is-falling hysteria, but this could have some serious legs if it ends up broadly proliferated. The Israeli example is particularly worrisome in the modern business environment of bring-your-own-device tablets and phones.

[Darmalus]

Faraday cages as a standard (maybe even required) part of a computer case in the future, maybe?

[Esquire]

That's what I was thinking - an offline computer in a secure room is still un-hackable; we just have to modify the definition of a secure room slightly.

[Simon_Jester]

Could you deliberately screw with the signals being sent by the keyboard, say by combining it with some kind of rotating encryption key software-side, so that the signals sent by the keyboard are no longer predictable and thus defeat keylogging attempts?

[Nephtys]

Isn't this just Van Eck phreaking? Which has been discussed since 1985? Not sure what's novel here.

Farraday caged server rooms and chassis are a real thing too.
Standard TEMPEST techniques account for this sort of stuff.

[Grumman]

I generally try to avoid sky-is-falling hysteria, but this could have some serious legs if it ends up broadly proliferated. The Israeli example is particularly worrisome in the modern business environment of bring-your-own-device tablets and phones.

Based on what I've read about this technology, it is not a wireless keylogger. It requires installation of software on the computer being spied upon to force it to produce these detectable signals in response to your keypresses. It is still significant as a covert form of communication that does not go through the usual channels used by computers to communicate wirelessly with one another, but it does not function without the active assistance of the computer being spied upon.

[Gaidin]

Faraday cages as a standard (maybe even required) part of a computer case in the future, maybe?

Their are less expensive ways to counter it unless you just use sensitive data that much. As a part of electromagnetic compatibility in design your parts are already below a certain level in the spectrum or they flat out can't be sold.

When they need software on your system to tell anything anyway... I wonder what can be done without it.

[Sea Skimmer]

Umm yeah this is nothing even remotely new. See TEMPEST protection. Someone is just trying to drum up fame or money from the ignorant.

[White Haven]

Being able to implement it in a cell phone is the new thing on display here. The concept, no, the idea of being able to possibly implement it via software on a consumer electronics handset, yes.