Researchers Martin Vuagnoux and Sylvain Pasini recently released video demonstrating the ability to pull electromagnetic eminations from wired keyboards. Both videos show how various configurations of standard keyboards could have keystrokes intercepted through the air.

Many of us have heard of the old TEMPEST project that was made famous by their demonstration of the ability to intercept the data that would be displayed on Cathode Ray Tube monitors. Imagine having someone sit outside your office or home and being able to see on their monitor the very same things you are looking at on yours.

I wonder how many more corporate scandals would hit the press if this happened regularly.

Now it appears that simply typing your passwords or authentication information on a keyboard could expose them to the world at large. If you never worried about using password only authentication to protect data, you definitely should now.

The truly scary piece for me is that now that this has been demonstrated, any attacks that we see will probably be narrowly focused and targeted. Security controls in most corporations are not designed to withstand such an attack. These attacks will single out individuals—an attack method that is widely successful.

An additional factor of authentication such as a One Time Password might be able to stave off an attack, at least when it comes to leaking valid credentials to an attacker. Then again, depending on the method, it might not be able to do that.

I’d be interested to see if someone could direct a signal at a machine to insert characters into the computer remotely. Wouldn’t that be wicked?

This post originally appeared on BrandenWilliams.com.

Possibly Related Posts: