Security researchers found that poor shielding on some keyboard cables means useful data can be leaked about each character typed. By analyzing the information leaking onto power circuits, the researchers could see what a target was typing. The attack has been demonstrated to work at a distance of up to 15m, but refinement may mean it could work over much longer distances.
“Our goal is to show that information leaks in the most unexpected ways and can be retrieved,” wrote two individuals of security firm Inverse Path, in a paper describing their work. The research focused on the cables used to connect PS/2 keyboards to desktop PCs. Usefully, said the pair, the six wires inside a PS/2 cable are typically “close to each other and poorly shielded.”
This means that information travelling along the data wire, when a key is pressed, leaks onto the earth (ground in the U.S.) wire in the same cable. The earth wire, via the PC’s power unit, ultimately connects to the plug in the power socket, and from there information leaks out onto the circuit supplying electricity to a room. Even better, said the researchers, data travels along PS/2 cables one bit at a time and uses a clock speed far lower than any other PC component. Both these qualities make it easy to pick out voltage changes caused by key presses. A digital oscilloscope was used to gather data about voltage changes on a power line and filters were used to remove those caused by anything other than the keyboard.