Risk of tapping keyboards and other electronic devices

In the last months two new bugging threats have become known: Attacks on Bluetooth and attacks on Logitech’s “Unifying Protocol”. But these are not the only tapping possibilities: TEMPEST is also still a danger.

tl;dr: Avoid Bluetooth keyboards (and other Bluetooth devices) and Logitech products with “Unifying Protocol”. Use other wireless keyboards with AES encryption or wired keyboards instead.

A group of researchers presented a new attack vector on the Bluetooth Protocol at the 28th USENIX Security Symposium in August 2019 in Santa Clara (USA). The attack refers to the official Bluetooth Protocol itself and exploits a fundamental conceptual error. Thus, all Bluetooth connections are affected, not only keyboards. Only the Bluetooth variant BLE (Bluetooth Low Energy) is not affected.

In short: Bluetooth devices negotiate the quality of the used encryption keys during pairing. An attacker can manipulate this in such a way that the keys are agreed upon are so weak that the attacker can subsequently decrypt the data traffic in real time.

For the attack, however, the attacker must get very close to the devices involved – Bluetooth is specified with a range of 10 meters. In addition, the attacker must also shield the victim devices from each other at the same moment during the attack in order to smuggle in his own data packets. The attack is therefore not so easy to carry out in practice – but the required hardware is cheap and will fit in a trouser pocket if necessary.

The Bluetooth Special Interest Group (SIG), which develops the specifications, has updated the Bluetooth Core Specification and now recommends entropy values of “at least 7 octets in length” for key negotiations. However, for devices already in use, the SIG can also only appeal to manufacturers to update their devices with new firmware.

The attack is highly specialized and probably not very relevant for private users, but in the professional environment it is: whenever really confidential information is processed

Links:

Security expert Markus Mengs has found several security vulnerabilities in Logitech’s Unifying log. This log is used to connect multiple Logitech devices to a single USB dongle (keyboard, mouse, graphics tablet, …). Since Logitech wants to maintain compatibility with old devices, not all of these gaps are closed.

However, for the remaining gaps, simply listening to the devices is not enough: the attacker must have access to the keyboard for at least a few seconds to press a few keys.

As hardware for the attack, a Raspberry Pi or other single-board computer with a suitable dongle (for 10€) including antenna and powerbank in your pocket is sufficient.

A particularly dangerous aspect of these attacks is that the attacker can not only write down the keystrokes, but can also send his own “keystrokes” to the computer and thus smuggle malware into the system – even if the computer is not connected to the network.

The range of the attack is at least 20 m, and with the use of appropriate radio technology it is certainly much further.

The only countermeasure: update all Unifying USB dongles used and prevent unauthorized persons from physically accessing the devices.

Links:

Unfortunately, even when using wired keyboards you are not completely safe. So-called “van Eck- phreaking” attacks have been known for a very long time, in the USA known as TEMPEST.  The abbreviation stands for “Temporary Emanation and Spurious Transmission”, but was also an alias for interception techniques used by the NSA (National Security Agency, USA).

These attacks belong to the so-called side-channel attacks, in which the data stream is not attacked directly, but the unavoidable electromagnetic radiation is received and evaluated, which every electrical device emits when in operation. In the case of keyboards, the – as a rule – non-magnetically shielded cable acts like a transmitting antenna. Depending on the quality of the receivers used, the signals can be received and evaluated over relatively long distances (20 m – 100 m). This affects not only keyboards (including those built into notebooks), but also monitors.

The name “Van Eck Phreaking” goes back to an article on this type of electronic espionage by Wim van Eck in 1985. The first successful public demonstration took place (according to RiskNet, see links) at the DefCon IV conference in 1996, and in 2017 a method was published that makes it possible to steal AES keys in certain situations with hardware worth only 200€. For this purpose the characteristic radiation of the CPU is used when processing AES keys.

Encryption is ineffective against these attacks, since the electromagnetic radiation of the (still unencrypted) keyboard signals between the keyboard and the mainboard of the computer or the already decrypted image contents are intercepted on the way from the graphics card to the screen.

Of course, this technology still works in exactly the same way today, and it can be assumed that at least intelligence agencies are in fact using these techniques.

There are only two ways to protect yourself against TEMPEST attacks:

  1. electromagnetic shielding (copper wire mesh, metal walls, metal-coated windows, …), i.e. a tight Faraday cage
  2. Interfering transmitters that superimpose the corresponding signals.

Both methods are complex and expensive, but indispensable in high security environments.

Links:

According to the current state of knowledge, it is not advisable to use Bluetooth devices including keyboards for processing either personal data or other confidential, secret data. Since it is not to be expected that all devices in operation will receive the corresponding updates, this recommendation is valid for an unlimited period of time.

Similarly, the use of Logitech products using the Unifying protocol is not recommended. Since Logitech will not close all security gaps, this recommendation is also valid for an unlimited period of time.

For normal use, either wired keyboards or wireless keyboards that do not use Bluetooth are suitable – as long as they secure the wireless link with good encryption, for example AES 128bit or better.

For use in high-security environments this is not enough, in these cases measures against TEMPEST attacks must be taken in any case.