A Remote Key Loagger? Im sitting behind you, and yet detecting keystrokes?

[shadowx 0]

Original Article (BBC)

The story goes like this. You're in a hotel lobby on your laptop buying an expensive present with your credit card using paypal or some other recognized system. You enter your details while a strange man in the corner fiddles with his old style radio receiver. 3 days later your account is empty of cash. But how?

Well the answer is a key logger than can work up to 20m away from the target computer, that man you saw in the corner with the receiver was actually tuning the antennae to the electromagnetic radiation created when you hit a key.

Everytime you hit a key on the keyboard it sends an electrical impulse down a wire to the motherboard, as we know electric impulses create an electromagnetic field around them and this principal is used, but amplified, to send radio signals. So in theory if all electronic impulses create electromagnetic radiation then so does that impulse on your keyboard's wire, and with the right technology ANYONE can detect that radiation and decipher it to retrieve the key you pressed, and that is what researchers have done.

Using one of 4 different receivers they were able to detect each key (or partially detect it) pressed and recreate what the user was typing on their own computer, which is exactly what a key logger does (well a logger saves the data but thats easy done once you have picked the data up). They tested their devices on different computers, using PS/2 and USB connections and with keyboards built in to laptops. Using one combination of antennae and keyboard they could detect the key strokes up to 20m away. So if they were malicious in their attempts they just stole your credit card info from 20m away!

currently there is no commercial solution to this problem. I expect military computers have built in shielding but as for a home solution your only real option is to shield your cables manually and means lost of tin foil and copper wire

[Nabb 0]

That's insane, and it has the potential to become a huge problem to people all around the world.. like a HUGE security threat..

A few things - this won't work well when there are many people around, unless it's possible to distinguish between different laptops easily (in which case you have people on the same laptop model )
Wouldn't the EMR created be extremely small and thus any nearby electronic devices would be able to interfere..
A mouse controlled interface could easily thwart this - for example the system MapleStory uses:

Notably, the game MapleStory uses, in addition to a standard alphanumeric password, a 4-digit PIN code secured by both on-screen keyboard entry and a randomly changing button pattern; there is no real way to get the latter information without logging the screen and mouse movement

[shadowx 0]

I just realized the title has a typo but i cant edit it so meh!I dont think its possible to distinguish between computers so it wouldnt work well in any noisy (meaning EMF noise) environment, however when you consider directional antennae you get a problem... by pointing the receiver directly at one machine you would probably be able to get a fairly clear reading and with the right software and hardware you could clean the noise up to reveal a clean signal. The researchers said they were using fairly low tech stuff so an organized gang could easily do better.It really is scary stuff considering EVERY keyboard is at risk (except ones using shielded cables of which i expect the only ones are in the military). Bad times!