BrokenStrokes: On the (in)Security of Wireless Keyboards
share
Wireless devices resorting to event-triggered communications have been proved to suffer critical privacy issues, due to the intrinsic leakage associated with radio frequency emissions. In this paper, we move the attack frontier forward by proposing BrokenStrokes: an inexpensive, easy to implement, efficient, and effective attack able to detect the typing of a predefined keyword by only eavesdropping the communication channel used by the wireless keyboard. BrokenStrokes achieves its goal when the eavesdropping antenna is up to 15 meters from the target keyboard. We prove the attack succeeds regardless of the encryption scheme, the communication protocol, the presence of radio noise, and the presence of physical obstacles. We tested BrokenStrokes in three real scenarios (close to the keyboard–e.g., the eavesdropping device is concealed under the desk–, wall separation– eavesdropping from next office–, and eavesdropping from the public street–into the house of one of the co-authors), under the following conditions: presence of radio noise, testing arbitrary long keystroke sequences, and varying several system parameters. Performance are striking: BrokenStrokes detects the presence of a keyword among the user's keystrokes in 90 proximity of the keyboard (up to 20 cm), while it guarantees at least 73 success rate when the eavesdropping antenna is up to 15 meters far away from the target. We discuss the rationale for the attack, its logical flow, and we detail the experimental setting and the algorithmic machinery adopted. Finally, we discuss potential countermeasures and sketch some future research directions. The data utilized in this paper have been released as open-source to allow practitioners, industries, and academia to verify our claims and use them as a basis for further developments.
READ FULL TEXT
