WEBVTT

00:00.000 --> 00:15.000
So, let me welcome Federico who will talk about all your keyboards are built to us.

00:15.000 --> 00:16.000
All right.

00:16.000 --> 00:23.000
Thank you.

00:23.000 --> 00:33.000
So, briefing introduction on me, I've had the privilege of spending nearly my entire career in open source software.

00:33.000 --> 00:40.000
And these days, I'm the product management director for Seth at IBM for Marie Wright hat.

00:40.000 --> 00:49.000
Before that, I was debunked to serve her PM at canonical, and before that, I was known as the system's management star.

00:50.000 --> 00:54.000
The talk has nothing to do with my job.

00:54.000 --> 01:02.000
I'm a manager these days, so as a former and by the developer, this is my definition of fun.

01:02.000 --> 01:13.000
I'm also the co-founder of a smaller and the shop in Boston focused on so-and-or-or in the, and this seemed like an interesting combination of sound security and computers.

01:13.000 --> 01:15.000
So, that would be interesting.

01:15.000 --> 01:24.000
Now, the humorous obligatory disclaimer to all my talks is that we will most likely break some hardware playing with it and it will come out of your pocket.

01:24.000 --> 01:31.000
No liability if you follow your instructions and stop your toll and bring about the end of the universe.

01:31.000 --> 01:33.000
That kind of thing.

01:33.000 --> 01:38.000
But this year, the disclaimer is a different kind altogether.

01:38.000 --> 01:41.000
This talk is all compiled with open sources.

01:41.000 --> 01:44.000
There is no classified material here.

01:44.000 --> 01:46.000
With great power comes great responsibility.

01:46.000 --> 01:50.000
Don't do anything you should not with what you're about to hear.

01:50.000 --> 01:57.000
And don't just obey the law, but since this is a hacking talk, be nice.

01:57.000 --> 01:59.000
Let's get going.

01:59.000 --> 02:06.000
We have a ton of slides, and I don't think we're going to get to demos here, but still getting through all of this is a challenge.

02:07.000 --> 02:10.000
This talk is all about of using our beloved keyboards.

02:10.000 --> 02:15.000
Keyboards have access to the plain text of what we are so carefully encrypting.

02:15.000 --> 02:19.000
They have access to our passwords we hope for hashing.

02:19.000 --> 02:23.000
It follows we obviously want some exploit action.

02:23.000 --> 02:26.000
And there is some pretty wild stuff out there.

02:26.000 --> 02:35.000
One cannot hardly imagine what the big boys and the internal community are capable of when the academics are having this much fun.

02:37.000 --> 02:40.000
Let's start with something light.

02:40.000 --> 02:43.000
Eric Hasselton, an interesting career.

02:43.000 --> 02:47.000
Trained in neurology became a Disney imagining executive.

02:47.000 --> 02:53.000
Then was recruited by General Hayden to run the NSA's R&D department.

02:53.000 --> 02:56.000
An original career to reject if I ever saw one.

02:56.000 --> 03:02.000
So the first movie connection is Disney, but there is a point here.

03:03.000 --> 03:06.000
In Hasselton's book, Great Book, by the way.

03:06.000 --> 03:11.000
Absolutely enjoyable read if you're into tech and espionage.

03:11.000 --> 03:20.000
Details of the discovery of the IBM selectorkin plant in typewriters in US embassies in the eastern block among other stories.

03:20.000 --> 03:28.000
At this point here he is talking about Charles Gandhi, the legendary NSA researcher, and how he got to start in the business.

03:28.000 --> 03:29.000
Spoiler.

03:29.000 --> 03:31.000
It's the movies.

03:31.000 --> 03:33.000
So.

03:41.000 --> 03:47.000
In the movie, FBI agents monitoring Nazi spies in America are remotely being energy from addition to the night.

03:47.000 --> 03:50.000
The room where the spies were planning their next attack.

03:50.000 --> 04:00.000
The intrepid FBI agents were able to decoy the voice signals in the room from reflections of a vibrating speaker in a telephone headset and toward the attack.

04:01.000 --> 04:04.000
The supposedly was in the 1940s.

04:04.000 --> 04:07.000
I still haven't figured out what movie this is.

04:07.000 --> 04:12.000
That's a research project, but that's what Gandhi said.

04:12.000 --> 04:19.000
And 11 year old Gandhi was so impressed that he decided to become an FBI agent and defend the United States.

04:19.000 --> 04:23.000
And then NSA didn't exist in 10 years later.

04:23.000 --> 04:27.000
It did, and so he became an NSA agent.

04:31.000 --> 04:34.000
There is an interesting side story about this movie because.

04:34.000 --> 04:36.000
Can't find it, but.

04:36.000 --> 04:38.000
1940s.

04:38.000 --> 04:43.000
The tempas code were brings us the first attack vector.

04:43.000 --> 04:47.000
We usually call this van Eckfried, which is kind of a misnomer.

04:47.000 --> 04:49.000
But it's a super cool name.

04:49.000 --> 04:52.000
So I'm not advocating we move to something else.

04:52.000 --> 05:00.000
That researcher, Vin van Eck, opened Pandora's box on EM signal emissions with his 1985 paper.

05:00.000 --> 05:05.000
Publishing what cigarette professionals had known since 1940s.

05:05.000 --> 05:07.000
But kept classified.

05:07.000 --> 05:11.000
In the open, it was known that signal leakage existed.

05:11.000 --> 05:14.000
But everybody assumed it would be really hard to get to.

05:14.000 --> 05:19.000
Well, one act demonstrated that it was actually much easier.

05:20.000 --> 05:26.000
So he actually went live on the BBC.

05:26.000 --> 05:28.000
I think this was 1985.

05:28.000 --> 05:32.000
And he demonstrated the attack.

05:32.000 --> 05:37.000
If you go to YouTube and you type BBC Tempest.

05:37.000 --> 05:40.000
And you skip the Shakespeare parts.

05:40.000 --> 05:43.000
You get this video.

05:44.000 --> 05:53.000
In van Eckfried, he exploits the emanation of unshielded CRT screens containing frequency components in the UHF band.

05:53.000 --> 05:58.000
Monitor synchronization pulses are missing and have to be recreated.

05:58.000 --> 06:02.000
So he had to spend the full 15 dollars to make that circuit.

06:02.000 --> 06:07.000
And with that, he could display the resulting feed on a TV of the year.

06:07.000 --> 06:11.000
From about a hundred meters away and up to one kilometer.

06:11.000 --> 06:16.000
People freak out about this every about 20 years I found.

06:16.000 --> 06:20.000
Like the next generation forgets or something like that.

06:20.000 --> 06:29.000
Unclassified NSA history is talk about rediscovery of Tempest as well between the 1940s and the 1950s.

06:29.000 --> 06:38.000
Bell Labs figured it out in 1940s, but the NSA, when they were founded later, they had to rediscover it in the 1950s.

06:39.000 --> 06:43.000
And I think they had some other kind of thing later.

06:43.000 --> 06:49.000
But we don't necessarily care about the intel community.

06:49.000 --> 06:54.000
We care about cyclical freaking out about this in the public sphere.

06:54.000 --> 06:58.000
So we're not going to play the BBC video because we don't have five minutes to do that.

06:58.000 --> 07:07.000
But this gentleman drives around in a van and he manages to read the email that somebody five floors up in writing.

07:07.000 --> 07:17.000
And this is 1980s, so probably it was even legal in England at that point or probably wasn't even an anti-hacking law covering this.

07:17.000 --> 07:20.000
Or maybe he was a friend of the BBC who knows.

07:20.000 --> 07:24.000
But it's a very decent introduction to the topic.

07:24.000 --> 07:28.000
They just drive with an antenna in the van down the street.

07:28.000 --> 07:30.000
And there you go.

07:30.000 --> 07:38.000
You have to watch that separately.

07:38.000 --> 07:56.000
But the Tempest Code Word refers to a classified protection standard for unintended signal emissions linked through EM or other channels.

07:56.000 --> 08:01.000
Most common sources are aware CRT monitors.

08:01.000 --> 08:12.000
Here an exemplary from my retro computing research for those of you to young to know what the CRT monitor is.

08:12.000 --> 08:18.000
This much we know because the code word definition itself has been declassified in 2008.

08:18.000 --> 08:22.000
And you can find it on Wikipedia you find the declassified document.

08:22.000 --> 08:25.000
Much of it is blanked out, however.

08:25.000 --> 08:27.000
But a few interesting things were disclosed.

08:27.000 --> 08:34.000
It was discovered in 1943 at Bell Labs, reading an encrypting machine from across the street in New York City.

08:34.000 --> 08:38.000
Rediscovered in 1951 by the CIA.

08:38.000 --> 08:42.000
Strategies for mitigation include shielding, filtering, and masking.

08:42.000 --> 08:50.000
So shielding with a fire day cage around the thing, filtering, trying to protect the frequencies that you don't want to leak.

08:50.000 --> 08:59.000
Or masking makes so much noise in the same band that you cannot find the right signal.

08:59.000 --> 09:06.000
The eventual resolution to this being instructing facilities to control as zone 200 feet in all directions.

09:06.000 --> 09:12.000
Notably by what we know in the open, this was not a standard dictated for technical reasons.

09:13.000 --> 09:25.000
It was dictated because they didn't think that it was militarily feasible to instruct bases or stations to control more than 200 feet around the area.

09:25.000 --> 09:28.000
It takes people to surveil an area.

09:28.000 --> 09:33.000
So it didn't seem practical to say control a kilometer around your base or something like that.

09:33.000 --> 09:49.000
So this is supposedly a guideline, but it seemed dictated by practical reasons, just as much as physics.

09:49.000 --> 09:56.000
The other recommendation was operating 10 teletypes all at once, which would be masking.

09:56.000 --> 10:02.000
Today we know that that doesn't work, at least not with the kind of analysis that we can do today.

10:02.000 --> 10:11.000
It seemed okay back then. I suppose it was great for teletypes vendors.

10:11.000 --> 10:23.000
Another bit of the declassified memo discloses the red black signal separation requirement that the NSA is in place, which is essentially put the cipher text.

10:23.000 --> 10:28.000
Keep the cipher text separate from the plain text.

10:28.000 --> 10:34.000
Again, because of signal leakage. This is illustrated by this other document.

10:34.000 --> 10:39.000
Another good book, Peter Wright's MI5 memoir. This was a British spy.

10:39.000 --> 10:51.000
In 1960's, UK government wanted to enter the U and the French president and general the Gaulle at the time held a grudge against the British, that was a monumental size, if you know your history.

10:51.000 --> 11:00.000
And so you wanted to keep them out. The foreign office wiretaps the French embassy to understand the French negotiating position.

11:00.000 --> 11:14.000
And as they examine the cipher text coming down the line, they discovered that they don't need to hack it, because the plain text is writing on the same signal of the cipher text much weaker.

11:14.000 --> 11:20.000
So this very faint signal has all that they need, and they find the plain text.

11:20.000 --> 11:29.000
The French cipher was actually good, as far as we know, GCHQ was not able to break it, but they didn't have to.

11:29.000 --> 11:40.000
And the problem here was that the proximity of the two machines, the machine that was controlling the encrypted signal and the machine that was holding the plain text and loud signal leakage.

11:40.000 --> 11:51.000
There you go. The bridge only had to pick up the leaked signal. By the way, it did no good to locate this case. The Gaulle kept the mouth until his death.

11:51.000 --> 12:00.000
The negotiation failed in 1963 and UK joined only a decade later, which is funny, given what's been happening recently.

12:01.000 --> 12:16.000
But history, oh well. Additionally, the declassified code word and three describes signal emanations in other domains, seismic, presumably referring to vibration, but the only title of the section was released.

12:16.000 --> 12:24.000
And acoustic, quaintly termed phenomenon number five, don't ask me why.

12:24.000 --> 12:33.000
So this is actually from the little museum in my IBM office. Here is another target, electric typewriters.

12:33.000 --> 12:42.000
Obviously, here we have the emanation problem, but the interesting bit is the sound emanation. These things make hell of a racket.

12:42.000 --> 12:47.000
Turns out you can figure out what is being typed by listening to a typewriter or teletypes sound.

12:47.000 --> 12:54.000
And the best memo itself indicates this can be done from 100 feet away with a shotgun parabolic microphone.

12:54.000 --> 13:09.000
Another interesting nugget that contrary to expectations, soundproofing a room helps the attacker, because you know where the noise, not the signal.

13:09.000 --> 13:23.000
Something confirmed by others in the open literature, since the range limits for all of these emanation leak attacks are dictated by signal noise, so you can see why.

13:23.000 --> 13:34.000
There is a lot out there about tempest on the internet and some of it is even true, but there is more, and those of you in the room who know cannot tell us.

13:34.000 --> 13:42.000
So there is no point in charging up all the tempest gossip and guessing about that. You can Google it yourself and figure it out.

13:42.000 --> 13:50.000
The other word you want to search for is penning, which unlike tempest has an officially disclosed acronym,

13:51.000 --> 14:12.000
Pobochnia, Electromagnetia, Illucenia, Illavodki, or something like it, which translates to something like unwanted electromagnetic radiation and interference.

14:12.000 --> 14:21.000
Just remember, there is more than in audio, vibration, optical are all coming to the party.

14:21.000 --> 14:33.000
By the way, in Hasselstein's book, he has a ton of footnotes, he is a director at the NSA, so he cannot talk about random junk on Google about tempest.

14:33.000 --> 14:44.000
So he points about, he points to random junk on Google about tempest, which has since all disappeared, but you can find it on archive.

14:44.000 --> 14:57.000
So if you are curious about what Russians declassified and then reclassified or somehow disappeared from the internet, you can find it on archive.org and you can find the URL on Hasselstein's book.

14:57.000 --> 15:09.000
But it's mostly, I mean, maybe 15 years ago, it's mostly about the physics, so don't expect to compute stuff.

15:09.000 --> 15:15.000
I will take revenge of the caps lock for 500 readges.

15:15.000 --> 15:22.000
I must admit, I was disappointed to find no reports of signal leakage from keyboard LEDs, that seemed like an obvious one.

15:22.000 --> 15:24.000
That is unintentional leakage.

15:24.000 --> 15:33.000
There are multiple ex-filtration research papers showing reasonable bandwidth in defeating air-gapped systems by flashing caps lock.

15:33.000 --> 15:37.000
I recall one reaching 56 kilobod.

15:37.000 --> 15:50.000
A character in Neil's defense on scriptonomical, ex-filtrates digger are using caps lock, and in a novel, it also makes extensive use of vanic freaking in its plot, so it's perfect novel for us.

15:51.000 --> 16:01.000
And then there is this. We have an entire industry of pentesters, and the gold standard for them is a keystroke injection tool disguised as a USB drive, which is the rubber duckie.

16:01.000 --> 16:08.000
You know about it unless you have been living under a rock in some outer planet if you are in security.

16:08.000 --> 16:16.000
USB rubber duckie is the original keystroke injection tool in 15 years old, although the hardware has been updated.

16:16.000 --> 16:26.000
It looks like a USB drive to us, it acts like a keyboard when talking to the OS and types of superhuman speed, whatever you tell it to type.

16:26.000 --> 16:31.000
But this is not to talk about the rubber duckie.

16:31.000 --> 16:39.000
This is a talk about signal leakage.

16:40.000 --> 16:53.000
Until 2022, the way you would use a rubber duckie is that you would hack a machine, you would get to a machine, you would put it into a machine, and you would have access to the shell when those are, and then type whatever you want.

16:53.000 --> 16:56.000
As long as the machine is unlocked.

16:56.000 --> 17:03.000
And the rubber duckie would type it for you, so you would just plug it in, it would type at this crazy speed for one second and you're done.

17:03.000 --> 17:09.000
But because it's a keyboard to the OS, you don't have any place to put data that you may want to steal, still.

17:09.000 --> 17:12.000
So USB drive, but it's not good for storage.

17:12.000 --> 17:17.000
So you would send the data to some ugly parts of the internet and retrieve it from there.

17:17.000 --> 17:19.000
Until 2022.

17:19.000 --> 17:29.000
Now, to reduce the price of PC keyboards, IBM delegated the management of the cap state and lights to the host, giving us the site channel keyboards and rather the duckie.

17:29.000 --> 17:33.000
Can now use to expel trade data to its internal storage.

17:33.000 --> 17:35.000
Side channel four decades in the making.

17:35.000 --> 17:41.000
Keystroke reflection relies on only on caps lock, number lock, and scroll lock to establish a data transfer path.

17:41.000 --> 17:44.000
This is something a rubber duckie can now do out of the box.

17:44.000 --> 17:51.000
No more need to connect to our C servers on the far side of the planet to expel data unless there is you want to.

17:51.000 --> 17:53.000
But there is more.

17:53.000 --> 17:57.000
For one simple price of 1999, or never mind.

17:58.000 --> 17:59.000
What is this?

17:59.000 --> 18:03.000
The lower line is an R.S.232 signal.

18:03.000 --> 18:05.000
Straight from the port.

18:05.000 --> 18:10.000
The bottom one is the signal read by Lafrey and Ampress.

18:10.000 --> 18:16.000
Looking at the brightest variation on a modem's DX LED.

18:16.000 --> 18:21.000
Their optical tempest result was a spectacular one if I ever saw a paper.

18:21.000 --> 18:23.000
There's a ring of that title.

18:23.000 --> 18:25.000
This was 2002.

18:25.000 --> 18:33.000
Modens are obviously a thing of the past, but you could read the transmission from across the room or across the street if the window was open.

18:33.000 --> 18:35.000
With some tweaking or a telescope.

18:35.000 --> 18:43.000
One bright spot of their studies that they're testing examined hard disk LEDs and found no IO leakage there.

18:43.000 --> 18:47.000
But wait, there is even more.

18:47.000 --> 18:54.000
The gentleman from Lockheed Martin, previous one, was stopped in the LED category by a team at Ben Gurion University of the Naghe.

18:54.000 --> 18:56.000
The University of the Naghev.

18:56.000 --> 18:58.000
The new glow warm attack display.

18:58.000 --> 19:03.000
Exploids flickering of LEDs in the room connected to a sound speaker.

19:03.000 --> 19:06.000
Or the USB hub the power in it.

19:06.000 --> 19:10.000
To extract spoken audio from up to 25 meters away.

19:10.000 --> 19:15.000
You can see that they're using a telescope to get that signal.

19:15.000 --> 19:19.000
It's not itself a keyboard attack, but leads us to one.

19:19.000 --> 19:27.000
It used to be don't drink and derive, but now it's don't Skype and Type.

19:27.000 --> 19:31.000
A team led by a researcher at the University of Rome,

19:31.000 --> 19:36.000
La Sapienza demonstrated what cool hypothesized and awesome of demonstrated as a possibility.

19:36.000 --> 19:44.000
The audio emanation of a keyboard can be exploited over a phone call or as it turns out, a voice over IP-1.

19:44.000 --> 19:50.000
I must say, like, I like how their code is laid out.

19:50.000 --> 19:52.000
It's not the usual R&D completeness.

19:52.000 --> 19:55.000
It shows a little CS thinking for once.

19:55.000 --> 20:04.000
If you type in Skype, what you type can be recovered with top 5 guessing 91.7% of the time.

20:04.000 --> 20:10.000
But we need to know something to tune the model, something about your typing style and your keyboard,

20:10.000 --> 20:14.000
which leads us to the classic Asimov and Agra Wall study.

20:14.000 --> 20:23.000
By the way, Skype has more advanced in-band filtering now for noise that will get in the way of this.

20:23.000 --> 20:29.000
But this is a 2017 paper and back then you could do it.

20:29.000 --> 20:36.000
At the turn of the millennium, Professor Markus Kuhn at Cambridge published a massive report on CRT emissions.

20:36.000 --> 20:42.000
It is so large for quite some time, I believe, it was a PhD thesis.

20:42.000 --> 20:49.000
This is likely to remain the definitive work on EM emissions, possibly until some NSA work is declassified.

20:49.000 --> 20:56.000
It isn't trying Kuhn as an ex-successor as a spiritual guide of non-classified signal leak researchers.

20:56.000 --> 21:01.000
And a year later, keyboard acoustic emanations was published by IBM Research.

21:02.000 --> 21:07.000
As an over in Agra Wall systematically studied the problem and wrote them meticulously,

21:07.000 --> 21:11.000
meticulously detailed paper answering many core questions.

21:11.000 --> 21:18.000
In their attack, my performance placed near a keyboard from half a meter to 15 meters away.

21:18.000 --> 21:24.000
And sound is sampled with a standard sound card of the period at 44.1KHz.

21:24.000 --> 21:27.000
So sounds like a sound blaster to me.

21:27.000 --> 21:36.000
Neural network is trained to classify a labeled training set of 100 samples per key and tested on a second set.

21:36.000 --> 21:48.000
In two key tests, distinguishing between the keys K and L on a quality keyboard, the system performed flaws.

21:48.000 --> 21:54.000
The model scoring 20 out of 20 and averaging 95% in longer tests.

21:54.000 --> 21:58.000
There are no false positives in the above.

21:58.000 --> 22:01.000
Using their set up, they proceeded to answer core questions.

22:01.000 --> 22:07.000
Well, this instance matter, they tried up to 15 meters away with no decrease in recognition quality.

22:07.000 --> 22:11.000
They placed a microphone beyond the type behind the type list.

22:11.000 --> 22:17.000
In other tests with 30 keys and 300 tests, the model gets the correct key 79% of the time.

22:17.000 --> 22:21.000
Rising 28% in a top three choices set up.

22:21.000 --> 22:27.000
They then tried the model trained on one keyboard on another unit of the same model.

22:27.000 --> 22:36.000
Recovering the text was poor, but the model still yielded significant entropy reduction, potentially an issue for passwords.

22:36.000 --> 22:41.000
In other tests, the type is applied variable force in striking the keys.

22:41.000 --> 22:48.000
The fixed force model floundered, but the new model trained with variable force dataset restored the previous result.

22:49.000 --> 22:54.000
In yet another test, they subjected the variable force model to inputs from multiple typists.

22:54.000 --> 22:58.000
We're free to type in any style they chose.

22:58.000 --> 23:02.000
The quality of classification was adversely affected, but only slight.

23:02.000 --> 23:07.000
Showing the applicability of a model trained by the attacker to a potential victim.

23:07.000 --> 23:14.000
Studying the average sound of individual keys, they narrowed down the fact that the individual location on the keyboard,

23:15.000 --> 23:22.000
given keyboard unit, not its model, not its type is style, and not the keys themselves.

23:22.000 --> 23:27.000
They swap their own key caps and key switches to test this.

23:27.000 --> 23:29.000
Are not what matters.

23:29.000 --> 23:33.000
So you can think of the keyboard plate as maybe a symbol.

23:33.000 --> 23:36.000
And the sound matters where you are hitting the plate.

23:36.000 --> 23:39.000
That's the determining fact.

23:39.000 --> 23:48.000
So lots of retesting in this paper, but it starts from the bottom and builds up.

23:48.000 --> 23:49.000
It's very nice.

23:49.000 --> 23:54.000
And so it looks like the audio signal looks like trauma.

23:54.000 --> 24:01.000
In 2005, you were UC Berkeley team, but led by Lee Juang put the final pieces in place.

24:01.000 --> 24:08.000
They revisit the IBM study and demonstrate the use of unsupervised training by leveraging inherent statistical constraints.

24:08.000 --> 24:16.000
The model is designed to attack passwords and can break five character random passwords in fewer than 20 attempts.

24:16.000 --> 24:21.000
And 80% of 10 character passwords are found if you were than 75.

24:21.000 --> 24:28.000
You would think it's game over already, but it gets worse.

24:28.000 --> 24:32.000
So we're running out of time here, what to.

24:33.000 --> 24:40.000
In 2023, a team of UK researchers designed the demonstrated use of sound from a phone.

24:40.000 --> 24:47.000
And there are a number of studies of this kind that used increasingly first a sound from the phone, which requires hacking the phone.

24:47.000 --> 24:53.000
Then the vibration from the phone, which does not because the vibration sensor of the phone is not privileged.

24:53.000 --> 24:56.000
And basically it gets worse and worse.

24:56.000 --> 24:59.000
We're going to stop here.

25:00.000 --> 25:05.000
There is a recording of the rest on the website of Defcon.

25:05.000 --> 25:11.000
You can see a few other things that are not sound and keywords.

25:11.000 --> 25:14.000
Thank you very much.