Monday, October 20, 2008

Swiss Researchers catch up to 1960s

Well, better late than never:

Swiss researchers have demonstrated a variety of ways to eavesdrop on the sensitive messages computer users type by monitoring their wired keyboards. At least 11 models using a wide range of connection types are vulnerable.

The researchers from the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne are able to capture keystrokes by monitoring the electromagnetic radiation of PS/2, universal serial bus, or laptop keyboards. They've outline four separate attack methods, some that work at a distance of as much as 65 feet from the target.

The article goes on to quote some "principle security analyst" breathlessly saying that this is "very James Bond." Well, the Sean Connery Bond:
TEMPEST is a codename referring to investigations and studies of compromising emanations (CE). Compromising emanations are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any information-processing equipment.

[snip]

The term TEMPEST was coined in the late 60's and early 70's as a codename for the NSA operation to secure electronic communications equipment from potential eavesdroppers[2] and vice versa the ability to intercept and interpret those signals from other sources.
Don't get all excited, I'm not letting any classified cats out of any black bag operations here. TEMPEST has been unclassified since the mid 1980s at least, so the only secret here is why the Swiss researchers weren't in the know.

Does this matter to you? Well, if nobody can get closer than 65 feet to your computer, you're probably OK. And anyone who wants your info enough to drive the TEMPEST collection van through your neighborhood probably has other was to get it.

Especially if you haven't turned WiFi security on.

UPDATE 24 October 2008 20:46: Unlike in the past, not only did I beat Insty to the punch, but gave you debunked, not hyped security news. Lord knows that there's plenty of real security news that's bad. OK, this is bad, too, but it's been had for decades. And you should still turn on your WiFi security.

1 comment:

TOTWTYTR said...

I remember reading a book about the British spying on the Russians in the 1950s. They had a device that could read the key strokes on the Russian teletype machines sending message over telephone cables. They then decrypted them.

So, this predates computer technology by 30 or more years.

I think the book was called "Spy Catcher" but I'm not sure.