Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Researcher Reports JitterBugs Could Turn Your Keyboard Against You, Steal Data

09.08.2006
Researchers from the University of Pennsylvania School of Engineering and Applied Science warn against an entirely new threat to computer security: peripheral devices -- such as keyboards, mice or microphones -- which could be physically bugged in an attempt to steal data. Penn graduate student Gaurav Shah has identified a class of devices that could covertly transmit data across an existing network connection without the user's knowledge.

They are called JitterBugs, named by Shah's advisor, Penn Associate Professor Matthew Blaze, for both the way they transmit stolen data in "jittery" chunks by adding nearly imperceptible processing delays after a keystroke and for the "jitters" such a bug could inspire in anyone with secure data to safeguard.

Shah presented his findings Aug. 3 at the USENIX Security Conference in Vancouver, B.C., where it was designated the "Best Student Paper" by conference organizers. As proof of the concept, Shah and his colleagues built a functional keyboard JitterBug with little difficulty.

"This is spy stuff. Someone would need physical access to your keyboard to place a JitterBug device, but it could be quite easy to hide such a bug in plain sight among cables or even replace a keyboard with a bugged version," said Shah, a graduate student in Penn's Department of Computers and Information Science. "Although we do not have evidence that anyone has actually been using JitterBugs, our message is that if we were able to build one, so could other, less scrupulous people."

JitterBug devices are conceptually similar to keystroke loggers, such as the one famously used by the FBI to gather evidence against bookmaker Nicodemo Scarfo Jr. Unlike keystroke loggers, which would have to be physically installed into a subject's computer and then retrieved, a keyboard JitterBug only needs to be installed. The device itself sends the collected information through any interactive software application where there is a correlation between keyboard activity and network activity, such as instant messaging, SSH or remote desktop applications. The bug leaks the stolen data through short, virtually unnoticeable delays added every time the user presses a key.

Anytime the user surfs the web, sends an e-mail or instant messages someone, an implanted JitterBug could be timed to open a covert jitter channel to send stolen data. According to Shah, a JitterBug could not log and transmit every touch of the key due to limited storage space on the device, but it could be primed to record a keystroke with a particular trigger.

"For example, one could pre-program a JitterBug with the user name of the target as a trigger on the assumption that the following keystrokes would include the user's password," Shah said. "Triggers might also be more generic, perhaps programmed to detect certain typing patterns that indicate some sort of important information might follow."

JitterBugs are potentially worrisome to governments, universities or corporations with information meant to be kept confidential. One particular scenario is what Blaze refers to as a "Supply Chain Attack," in which the manufacture of computer peripherals could be compromised. Such an attack could, for example, result in a large number of such JitterBugged keyboards in the market. An attacker would only then need to wait until a target of interest acquires a bugged keyboard.

According to Shah, the channel through which the JitterBug transmits data is also the point where it could be most easily detected and countered.

While his presentation only discussed simple countermeasures to JitterBugs, Shah's initial results indicate that the use of cryptographic techniques to hide the use of encoded jitter channels might be a promising approach.

"We normally do not think of our keyboard and input devices as being something that needs be secured; however, our research shows that if people really wanted to secure a system, they would also need to make sure that these devices can be trusted," Shah said. "Unless they are particularly paranoid, however, the average person does not need to worry about spies breaking into their homes and installing JitterBugs."

Funding for this research was provided through grants received by Blaze from the National Science Foundation's Cybertrust program.

Greg Lester | EurekAlert!
Further information:
http://www.upenn.edu

More articles from Information Technology:

nachricht Supercomputing the emergence of material behavior
18.05.2018 | University of Texas at Austin, Texas Advanced Computing Center

nachricht Keeping a Close Eye on Ice Loss
18.05.2018 | Alfred-Wegener-Institut, Helmholtz-Zentrum für Polar- und Meeresforschung

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: LZH showcases laser material processing of tomorrow at the LASYS 2018

At the LASYS 2018, from June 5th to 7th, the Laser Zentrum Hannover e.V. (LZH) will be showcasing processes for the laser material processing of tomorrow in hall 4 at stand 4E75. With blown bomb shells the LZH will present first results of a research project on civil security.

At this year's LASYS, the LZH will exhibit light-based processes such as cutting, welding, ablation and structuring as well as additive manufacturing for...

Im Focus: Self-illuminating pixels for a new display generation

There are videos on the internet that can make one marvel at technology. For example, a smartphone is casually bent around the arm or a thin-film display is rolled in all directions and with almost every diameter. From the user's point of view, this looks fantastic. From a professional point of view, however, the question arises: Is that already possible?

At Display Week 2018, scientists from the Fraunhofer Institute for Applied Polymer Research IAP will be demonstrating today’s technological possibilities and...

Im Focus: Explanation for puzzling quantum oscillations has been found

So-called quantum many-body scars allow quantum systems to stay out of equilibrium much longer, explaining experiment | Study published in Nature Physics

Recently, researchers from Harvard and MIT succeeded in trapping a record 53 atoms and individually controlling their quantum state, realizing what is called a...

Im Focus: Dozens of binaries from Milky Way's globular clusters could be detectable by LISA

Next-generation gravitational wave detector in space will complement LIGO on Earth

The historic first detection of gravitational waves from colliding black holes far outside our galaxy opened a new window to understanding the universe. A...

Im Focus: Entangled atoms shine in unison

A team led by Austrian experimental physicist Rainer Blatt has succeeded in characterizing the quantum entanglement of two spatially separated atoms by observing their light emission. This fundamental demonstration could lead to the development of highly sensitive optical gradiometers for the precise measurement of the gravitational field or the earth's magnetic field.

The age of quantum technology has long been heralded. Decades of research into the quantum world have led to the development of methods that make it possible...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

Save the date: Forum European Neuroscience – 07-11 July 2018 in Berlin, Germany

02.05.2018 | Event News

Invitation to the upcoming "Current Topics in Bioinformatics: Big Data in Genomics and Medicine"

13.04.2018 | Event News

Unique scope of UV LED technologies and applications presented in Berlin: ICULTA-2018

12.04.2018 | Event News

 
Latest News

Designer cells: artificial enzyme can activate a gene switch

22.05.2018 | Life Sciences

PR of MCC: Carbon removal from atmosphere unavoidable for 1.5 degree target

22.05.2018 | Earth Sciences

Achema 2018: New camera system monitors distillation and helps save energy

22.05.2018 | Trade Fair News

VideoLinks
Science & Research
Overview of more VideoLinks >>>