A team of Swiss researchers have discovered a security vulnerability in many modern keyboards that allow keystrokes to be captured remotely by tracking electromagnetic emissions. The discovery raises concerns about entering sensitive data like banking passwords using a computer keyboard or even an ATM keypad.

The duo, Martin Vuagnoux and Sylvain Pasini, wrote a paper on the security flaw for the Lausanne Security and Cryptography Laboratory (LASEC) and documented their experiments in two videos (below).

The team found 4 different modes of attack that could be used to capture keystrokes from up to 20 meters away, even through walls. They tested 11 different keyboard models including laptop, USB and PS2 types that were purchased between 2001 and 2008. All were found to be vulnerable to at least one of the four attacks.

They used basic, inexpensive equipment yet in one demonstration managed to capture keystrokes inconspicuously from an adjacent room. To ensure the success of the experiments, they did remove all other sources of interference such as the display and computer’s power supply which wouldn’t be possible in a real-world setting. They are confident, however, that the system could be improved with more sophisticated equipment.

I wonder how those picture-based passwords are coming along?

Sources:

LASEC’s Paper via Vnunet