“attached a keyboard to a laptop that was running off of battery power”

Are laptop keyboards more secure, emitting less ?
Run my desktop, remotely, from my laptop, how secure ?

Generaly most wirless key board use Bluetooth technolgy. Because Bluethooth is well understood it can be hacked. However if a wireless keyboard was hacked this would either compermised either the operation of the user’s computer. With out any understanding of what the users is typing in this hack would not be very usefully.
A example would be if some oine hacked into a keyboad had a telescope and could use the user typeig into thier computer they would be able to use this against a user .
Blue tooth can use a code that can pair off devices but in keybaords and mice I have not seen this . This is something manufacturesd need to watch out for.

Comeon this is not news, it has been around since the late 80s! Lookup C2 certification and TEMPEST!

For me, the security matter isn’t as much a concern as the possible health impact of the emf’s on the hands using the keyboard. Is there a cumulative effect? Is this absorbed by the body/brain? Considering this is detectable from 65 feet away, what happens if people are surrounded by a roomful of people using keyboards. How safe is such a work environment? Could this be one of the causes of mental health issues and the increase of leukemia among computer users?

In realistic terms, security is variable with the amount of effort undertaken and the investment we are willing to make in order to protect the equipment and its data. If you spend enough money, it is possible to make a computer so secure that it becomes uneconomical for the ordinary criminal to try and monitor its emissions. But the outlay in expenditure to secure a system should be reasonable in terms of the data and transactions being protected. For example, it makes no sense to spend $3000 “insulating” a laptop against emissions when the laptop is used mainly for browsing the web and a teenager’s personal emails. Of course, the laptop of a defense dept. official used in official business will probably justify much more extensive security measures.

But ultimately, there is no such thing as an absolutely secure computer. No mattter to what length we go to “secure” our computer equipment, there will always be situations in which they transmit some sort of radiation that can be detected.

While this is all well and good, I would assume people would probably notice a whole bunch of equipment set up if it all has to be within 65ft. Please refrain from starting a keyboard panic, its just dumb.

Ohhhh, THAT’s why those guys in the big van have been parked in my driveway for the past three weeks! Boy, are they gonna get it now!!!

The real response to having it secure, is to have the punishment by death, same goes for identity theft. If it were considered I bet you would see a huge decrease in it.

Not to be paranoid but a van parked outside your home or place of business could easily be within 65 feet (or farther as the technology matures).

Also, for the other commentor, I would be more concerned with the EMF from all the other equipment that surrounds us daily. Although a keyboard, near crotch level, is a bit alarming.

First of all, you have to have a *wired* keyboard plugged into your laptop, without the power cord. Why? Because the power cord emits it’s own emf’s and interfere with the keyboard. Has anyone ever used a laptop with a wired keyboard *without* being plugged into power? What about a wired mouse? That will cause interference as well. The only time I have used a keyboard with a laptop was while it was docked.

But what about desktops? These mostly have wired keyboards. Desktops have to be plugged in, you are safe.

Enough with this *The world is going to end* crap. If you watched the video, you can see how non-realistic their setup is.

First off, this isn’t restricted to wireless keyboards. Second, this has been a known vulnerability in regards to audio. If someone records the sound of you typing for long enough they can actually determine what you’re typing using computerized analysis. This particular instance is about the detectable radiation in keyboard switches, which may be easier to read than audio. Obviously in a world where you can listen to conversations with lasers bouncing off window pans and see people with infrared imaging, this is merely incidental. However, this sort of knowledge is important for some industries to protect themselves against espionage by organized criminals. As for the comment about “noticing a whole bunch of equipment set up,” even if this were true, the classic surveillance van paradigm comes to mind as well as the continued rapid miniaturization of technology.

Yes this has been around for a while, and it doesn’t stop at just your keyboard. Your network connection does this also, and can be detected from farther away. Given that there are many keyboards at any one location, you must be able to distinguish between each one, not quite so easy, but it can be done. And that’s the point of this article, it can be done. So don’t say no one ever told you about it.

And as for needing a whole lot of equipment, don’t bet on it. Purpose built equipment can be rather small for those determined to make it so. This also reminds me of a piece of equipment a little bigger than a credit card (and thicker) that can read your smart card (credit card) information as someone passes by. How’s that for security?

ATM pads (or most POS systems using PIN input to accept debit cards for that matter) are not at all secure. Have you ever noticed that when you key in your PIN, the same tones play back no matter what POS system you are using? (E.g.,My grocery store vs my ATM vs my local fast food drive-thru all use the same tones for my PIN.) Anyone with a reasonable sense of pitch and a decent memory has only to listen closely when you key in your PIN and write down the numbers normally associated with those tones and then they have your PIN. After that, it’s easy to see lots of ways they could make use of that info.

This is “news”? My former employer was cognizant and taking action to preclude RF snooping of keyboards and monitors 25 years ago! What cave have you people been living in?

Yes, this is a critical security lapse for a laptop consumer. Not only does it allow potential hackers and harrasers to access your laptop for their own illegal and discriminatory use but it also gives way to the person using the laptop to encounter problems down the road with someone who doesnt like the person and tries to use this means of extortion to cause a problem for the person. This can lead to a person being extorted for money from a fraudulent company seeking to make fast cash off of this type of scam, or it could be used to hold sway over a person’s belief and force them to either become like the other person believes and or continue to be harrassed at work and or at home.

No, I do not feel threatened. My computer is hooked up to the internet all the time and that is the weakest link.

It is very difficult to build a “tempest” device to read EM waves off keyboards and monitors, and only the more knowledge people will do that.

CNN discovers Van Eck Phreaking. Congratulations guys, only took you 23 years.

That sounds like it would be more trouble than it’s worth unless the target is someone noteworthy. I highly doubt there will be any kind of significant outbreak of key logging based information theft.

There is nothing new here. This was known over twenty years ago. Back in the mid-80’s the US military was ordering computers that were Tempest tested and designed to not emit any radiation at all.

You do not even need a hacker. Computor to the repair person? Yep.
Leave the computor and you to could experience the “joy”-not – of having all your files, info and passwords taken,put on a disk to be used by said computor person anytime,year, they wish too. Cause damage? Yep. Destroy good credit? yep. Easy to catch? yep-if you know another “good” computor repair person. Easy to report? no.
Especially in a small town. Ruin your life? yep. Can you get over it? Probably. Trust anyone again with your computor? no.

I completely believe this article. This could easily become a security risk.
Why? Because I know how powerful those wireless waves can be. I had a hard time finding a wireless keyboard that did not mess with my pacemaker. They all cause me to have Angina when I am close to them, but some would cause me to have chest pain as far as 10 foot them. The same with getting within 5 to10 foot of cell phones that have voice command dialing or bluetooth.

Rev. Enid
Callao, VA

As for the fear of Electromagnetic radiation making people sick from keyboards that can be detected from 65 ft, not all radiation are equal.

For example, Geostationary satellites are, on the average about 22,000 miles away and transmit less power than a normal radio station antenna, making the amount of Electromagnetic radiation minimal, but we can still receive their signals from about anywhere.

There is no proof that Electromagnetic radiation is damaging to human, at the highest possible normal exposure (i.e. not working in places that have super strong electromagnets everywhere), in spite of numerous studies. This is because this radiation is called non-ionizing radiation, meaning it pass through cells without damaging them. If this radiation did damage cells, we would be in big trouble because the Earth itself is one big magnet, giving off this type of radiation throughout the entire Earth and out into space.

However, ionizing radiation damages cells and, at high enough doses, can kill, like the workers at Chernobyl. We normally receive such radiation, in small amounts, from radon gas, which comes from the soil in certain areas, from airplane travel (cosmic rays), some bricks and X-rays, and a little bit from the sun in UV rays. The effect of this ionizing radiation is cumulative. That is why pregnant women shouldn’t have CT scans (x-rays), why we should check for radon in our homes, and X-ray technicians should always stay behind a shielded wall when the x-ray tube is on and during CT scans. There is no completely safe ionizing radiation level since the effects are cumulative. There is a “safe” limit of exposure standards. Once radiation workers exceed this yearly limit standard, they can no longer work in that job for a year or more.

As for wireless keyboards not being secure, that is a big problem because wireless receivers are getting better with each passing year. Anything that is wireless is now not as secure as wired devices in general. Just remember that.

I am more worried about an ATM’s keypad than my PC’s keyboard.

With an ATM there are relatively few key-strokes, and of those few, most of them are a short 4-number PIN’s. Something that could be captured very quickly, and be very valuable.

In contrast, I type a lot of stuff all day long on my PC’s keyboard. To go thru capturing all that, day after day, waiting (hoping) that I might type something like my bank password, would be a monumental task.

In the COMINT world “Tempest” attacks are a standard tool used to collect information from electrical and electronic communication devices. Success depends heavily on the level of electromagnetic shielding employed with the device being probed.

The old IBM `Selectric’ typewriters could be decoded from a considerable distance away by equipment in a van. The same can be done with most computers, displays, keyboards and printers.

With today’s readily available electronics devices anyone who wishes to can do the same with relative ease. The electronics manufacturers need to do more to help protect against this threat. Solutions suitable for the consumer and office markets are simple and inexpensive to implement but mostly overlooked. Let’s hope this changes soon. The snoops are multiplying, and getting more sophisticated every day.

Output is in the milliwatts, pretty low compared to other emissions around you (and going thru you) otherwise you would be replacing the battery more often.

BUT…I am interested in boosting the Bluetooth signal, so my keyboard and mouse will operate at another 10-20% further distance. Anyone have any knowledge on this?

Thank you for providing information, you have given me great help.

If you transmit through the air, as with Blue Tooth, interception of that signal is relatively easy. However, it gets more difficult the more discreetly shielded the input device. I found that an external “White Noise Generator” works quite well to mask a key board or other devices outputs. Nothing short of a Faraday Cage is really going to be effective. My home office is insulated on five sides with Foil Backed Fiberglass Insultion which seems to work extremely well.

This problem isn’t worth worrying about, as long as we realize that there is no such thing as “secure” communication. If the government, or other criminals want to listen in on your “private comms, there isn’t much you can do about it. There is no such thing as privacy. Get used to it.

Welcome to another chapter in The Big Book of Scary Things brought to you by the Falling Skies Society.
There are plenty of more important and potentially deadly incidents to worry about, if you really feel compelled to worry about something.
This is a non-issue in the overall scheme of things.

Shielding, bonding and grounding
Spurious emitted radiation standards are lax

Manufacturers compete on functionality, not security.

So does that mean if I have a jiffy pop popcorn on my lap (in the metal container for the stove) and everytime I hit a key stroke I will be that much closer having popcorn due to the electromagnetic wave being emited?

If someone’s smart enough to do this, they’re already making so much money it would be a waste of their time.

Dave
“closer having popcorn due to the electromagnetic wave being emited?”

Another proof of the intelligently designed photon
Not only Cell phone warming, but also,
Thermalizing, erasing your brain and hard drive
Preparing, Purgetoring, clensing, before entering Heaven

Unless we Repent, and Runaway tax the evil CO2
The PopcornHouse effect will pop Planet Earth
And the Allmighty Popcorn Eater in the sky
Will wonder, these Human Zombies, thought ? but not quite free to will

I notice that the article said that keystrokes were detected, but not that they were identified. If you can detect that somebody is typing, but not what they are typing, it isn’t much of a vulnerability. On the other hand, knowing the timing of keystrokes might enable you to make some guesses as to what type of material was being typed (numbers versus letters, etc.)

You may think that I’m being a little bizarre about the wording, but I’ve seen this distinction before.

On the other hand, people were able to identify what keystrokes were being generated by an old IBM Selectric because the timing sequences for the servos were distinctive for each letter.

Wow, wackos unite! But seriously, there isn’t any reason that keyboard manufacturers couldn’t add EM shielding to keyboards. The added cost would be minimal. That being said, the spies, hackers, and crackers will always find a way.

The military has known about this for years, and have devices that can read computer inputs from a distance

Would be interesting to have a spook comment
But if the spook told. How will we catch drug lords and Osama ?

An antenna becomes efficient, as the size approaches 1/4 wavelength
Around a druglords abode. if we had cables, parabolic reflectors
Even active RF methods? Simpler just to waterboard him ?

yada,yada,yada…i see it like this…if my typing teacher almost committed suiside from my key strokes then the poor old hacker, id theft etc may as well call it premeditated .and go on and just do it!!! for god’s sake don’t miss the chance.save there selves some time…….take it from my typing teacher……it’s not worth it/ opp’s wrong Id /she only has – ???. lol

…Wow! Boy, you newspeople are really up to the times, eh? This is over 45 years old stuff! Run out of news topics?

It is true. Ask any embassy. This problem was evident even in the days of the IBM Track -Ball typewriter (40 years ago?).
M.

This is minor and silly.

Think about possible versus probable.

There are way more immediate things to be worried about.

Privacy!!
Privacy and Google, Yahoo and Microsoft reading your email. No hacking required. Plus they save it for 20+ years.

They do collect identifiable info too. If they match up the info they get from reading your email (and browsing habits) and can compare it against say, your shopping card, credit card info or medical records, I would say they can easily identify most people.

Who is to say what happens to the data of a business as those businesses are bought and sold through financal collapses.

Profiling. All the governments, not just the Chinese catching the politically inconvenient, with the help of Google, Boohoo, MogaSoft

Every moving thing tagged, profiled, located. Rats, cats, and elephants included. Mosquitoes ? need more techological research

Really convenient to have a RFID chip printed on your forehead
Will not have to carry a credit card, drivers licence, passport . .. …

Forgot to pay taxes ? (that will not become automatic !)
Turn up the voltage to the pain receptors in your brain

“For me, the security matter isn’t as much a concern as the possible health impact of the emf’s on the hands using the keyboard. Is there a cumulative effect? Is this absorbed by the body/brain? Considering this is detectable from 65 feet away, what happens if people are surrounded by a roomful of people using keyboards. How safe is such a work environment? Could this be one of the causes of mental health issues and the increase of leukemia among computer users?”

The short answer is, you are wrong. Feel free to wrap your head in tin foil though.

After you wrap your head with tin foil, stick your head out the window and look for the big black helicopters that are tracking your key strokes.

This method is so much more difficult than IP based attacks. Lets get rid of the easiest methods of snooping before we worry about these stupid obscure ones.

We need a revolution in the way input is given. There is a need for more security, but for now, perhaps, touch screens are the way, in order to avoid this blameless error.

Actually, it’s much easier than TEMPEST. Those Blue Tooth keyboards are designed to transmit every keystroke for anyone to intercept using another computer!

you people are crazy

… For this to work you;ll need a person to actually activly try and hack your keyboard. If there is someone trying to do it, they will get it. Everything is hackable. You just need time and determination.

This was a very interesting article. That being said I wasn’t shocked by any means. Security is important. There are a lot of ways personal or corporate security can be breached. The fact of the matter is… How important is your information? Not every bit of information has the same value. Espionage or mere theft? I’m willing to say more means will be taken at greater expense to get more important information.

So fix the issue with the electronic emissions. You still have the fact that you can actually decipher the keystrokes based solely on the sound produced when the key is pressed. The ultimate goal of course would be to secure your PC to such an extent that someone would need direct physical access to the system to obtain any information. Unfortunately the only way that is possible is by locking it in a secured vault with a dedicated power source accessible through several security measures ranging from voice print, biometrics, pin codes, and keys. The average consumer doesn’t have the space or funds for such an endeavor, so the solution is simple. Be cautious about releasing personal information over the web or on your PC. Pay close attention to your bank account and credit cards. Don’t wait for the bill but check them daily. Take advantage of the annual free credit report. Once you see a discrepancy dispute it. There is no such thing as foolproof security. If someone wants it bad enough they will get it. Everything electronic can be cracked, phreaked, or hacked. The goal is to make yourself less desirable a target. The longer it takes them to get your information and the harder you make it the more likely they will give up and find an easier target. Their goal is quantity. The more the faster the better. I will wager that 90% of consumer PC’s on the internet are hackable by a novice within 5 minutes or less. A pro would obviously take much less time. Probably 0.5% are secured to such a point that the hacker would need to know information about you prior to gaining access or would take an extended length of time. So secure your system properly and the only reason you would be hacked is because they specifically want you. Random attacks are much more likely and those are easy to discourage. Secure your wi-fi network with WPA2 encryption. Use an effective firewall solution and antivirus. Use complex passwords on your computer accounts. Disable remote desktop and remote assistance. Close all unused ports by disabling the appropriate service. Implement a solid data security plan. Contact your local computer guru for assistance. I am sure they would be happy to help you out. Remember the goal is not to be like Fort Knox but instead to be harder then the next system.

I think even the cable that connects the monitor to the video card is vulnerable as well. This isn’t new information.

I agree with the people who say not to worry about this unless you are extremely high profile. If you have somebody or some group of people following you around trying to monitor you in this fashion, then you probably have much bigger problems on your hands!