The Keyboard That Could Phone Home 287
An anonymous reader writes "University of Pennsylvania researchers have developed a keylogger they call the JitterBug that can modulate passwords or other information into normal traffic by adding imperceptible delays to keypresses as people use keyboard and network-intensive apps like telnet and remote desktop. The idea is that the delays in keypresses cause delays in packets, and data can be encoded in those delays. There's no software or extra network activity that the victim can see, but anyone who can see the traffic (even if it's encrypted) could grab the data. Here's the scary part: the researchers say that it could be manufactured into a keyboard, making these keyloggers widespread and virtually undetectable."
Re:Could you get around this... (Score:5, Informative)
A more effective method would be to use a method of transmission that wasn't time-dependent on what the user typed. For example, ssh could be designed so that it sent a packet every 100ms (whatever - I don't know the specific time) regardless of what the user had typed. I think this would render this attack useless, but would still introduce some latency...
The article says 'In applications such as telnet and remote desktop, a packet is sent every time a user presses a key' - is this the case with ssh too? I mean - surely *nobody* uses telnet for secure communications!
Re:Cool, where can I get the source? (Score:2, Informative)
Re:Just spreading FUD (Score:3, Informative)
On the other hand, they performed a test, and it seems to have worked. No details on the test but you would really have to go through a lot of effort to be sure that in fact you had a good network connection and a steady typing cadence, and the test was between countries. FTFA:
Provided there is sufficient traffic, who cares if you have a high error rate? Use error correction.
Ordinarily I would raise the same objections, but I read the fine article, and am willing to accept that some people may be a lot smarter than I am, while it is patently obvious that some people are a lot better-educated.
I'm skeptical, too. (Score:3, Informative)
A "Keyboards and Covert Channels" search on Google will give you the PDF, too.
I don't have time to read it right now (time to sleep here in France
problems (Score:3, Informative)
Any crypto that relies on the timing of packets is going to have this problem, because IP makes no promises about packet timing (or even order!).
Re:Just spreading FUD (Score:3, Informative)
No, I don't think so. I am just making a guess, I have not read the article, but I think a simple "rounding" of your cadence would be enough. Pick a small time interval, round your actual timing to the nearest interval, done. For discussion purposes let's say the interval is 0.1s, encode a 0 bit as x.x3s and a 1 bit as x.x6s.
Re:manufactured (Score:5, Informative)
you have to trust the pc vendors, as they have nothing to gain, and everything to lose, in lawsuits and lost sales. But what if their government comes along and says 'add this back door'. They'd comply.
Case in point: Lotus notes put a back door in export versions of notes:
http://catless.ncl.ac.uk/Risks/19.52.html#subj1 [ncl.ac.uk]
they sent messages with 64 bit encryption (!), but 24 bits of the key was hidden in the message, where the NSA knew to look, or otherwise given to them. You only had 40 bit keys, which upset the swedish government.
Moral: You cant trust closed source apps any more than closed source hardware.
Re:My question is... (Score:2, Informative)
Now what was your question again?
Nagle's algorhitm (Score:5, Informative)
For those who don't know, it's a TCP optimization that buffers data until there's a packet worth of data, or an ACK is received for the last packet sent, so that writing 1 byte of data into a socket doesn't immediately result in sending a packet with 40 bytes of overhead, and 1 byte of data.
Re:Could you get around this...Tech Fight. (Score:2, Informative)
Ever heard of a SNR?
Ender
Yes, you can get around this (Score:5, Informative)
Incorrect. It's true that there'd be no way to prevent the keyboard from collecting data, but one could certainly prevent the successful transmission of the collected data. The way the data would be encoded would be via the timing of the packets sent in response to keystrokes; that logic path most definitely involves software levels, specifically (in the example given of a remote terminal session) the choice of the software to send a packet once per keystroke. The proposed solution of introducing jitter to the packets is indeed a solution, and a simple straightforward one at that.
Re:My question is... (Score:3, Informative)
Re:Could you get around this... (Score:3, Informative)
Far be it from me to question the article, but I had been under the impression that Nagle's Algorithm [wikipedia.org] had been designed to concatenate small buffers—such as telnet—to prevent them from necessarily sending a packet with each keypress.
I am not a TCP stack guru (IANATCPSG?!), but it seems like, though this algorithm was designed to reduce congestion, it would upset a timing attack by having to wait for the ACK of the last packet—at least on high latency links.
SSH, at least as of 2002, according to this e-mail [netbsd.org], turns on TCP_NODELAY, which disables the algorithm to reduce latency of keypresses in a connection when it believes an interactive session has been started. Thus, SSH does indeed send a packet with each keypress.
Re:manufactured (Score:3, Informative)
But this isn't just US doing this. France for example around that time only allowed 40bit keys to be used and Lotus had to comply with that too.
Btw, Lotus have long since stopped doing this once it was legal to do so. (hence you post relates to 1997).
Re:It's 1AM, do you know where your keyboard is? (Score:1, Informative)
The delay between the user's key presses is irrelevant, the JitterBug will adjust the delay since the last key press so that, for example, the delay is a multiple of 20ms, or a multiple of 10ms but not 20ms. This gives you the "1" or "0" bits with 10ms separation for noise reduction and it doesn't depend on the user's typing speed, only on the value of delay modulo 20ms.