Reasons to be Paranoid: Keyboards
October 22, 2008 - Security
Ecommerce, Security, Passwords.
This isn’t necessarily related to ecommerce, but it is yet another example of how many attack vectors there are with computers, and why you should use strong passwords and change them regularly (which is part of PCI DSS compliance. (Not that that’d help in this case, but it’s still important.)
Sniffing passwords from wired keyboards
This may not necessarily be a brand new way to electronically eavesdrop, but it’s one that I’d bet 99% of us haven’t ever thought about. From The Register and Darknet.
Swiss researchers have demonstrated a variety of ways to eavesdrop on the sensitive messages computer users type by monitoring their wired keyboards
And…
In one video demonstration, researchers Martin Vuagnoux and Sylvain Pasini sniff out the the keystrokes typed into a standard keyboard using a large antenna that’s about 20 to 30 feet away in an adjacent room.
Also worth noting is that using an app like 1password (which allows you to enter a master key to automatically pre-fill whatever unique passwords you’d like) would thwart an attack like this (kind of). The attacker couldn’t get your unique passwords, but they could sniff your master password, which would be incredibly dangerous should the attacker decide to find a way to get physical access to your computer (or hard drive). That probably leads to a discussion about something like Apple’s FileVault and etc., which eventually leads to wearing a tinfoil hat. 😉
At some point in the not too distant future we’ll likely live in a world where more and more security and authentication relies on biometrics. Until then, we have one more reason to think twice about typing in any passwords while you’re in a public place (a coffeeshop, an airport, etc.).