In all, the team of researchers from the Security and Cryptography Laboratory in Lausanne, Switzerland, found four different ways to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls.
A research paper on the discovery will be published after a peer-review process. Team members Martin Vuagnoux and Sylvain Pasini explain the findings:
To determine if wired keyboards generate compromising emanations, we measured the electromagnetic radiations emitted when keys are pressed. To analyze compromising radiations, we generally use a receiver tuned on a specific frequency. However, this method may not be optimal: the signal does not contain the maximal entropy since a significant amount of information is lost.
Our approach was to acquire the signal directly from the antenna and to work on the whole captured electromagnetic spectrum.
We found 4 different ways (including the Kuhn attack .pdf) to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. We tested 11 different wired keyboard models bought between 2001 and 2008 (PS/2, USB and laptop). They are all vulnerable to at least one of our 4 attacks.
We conclude that wired computer keyboards sold in the stores generate compromising emanations (mainly because of the cost pressures in the design). Hence they are not safe to transmit sensitive information. No doubt that our attacks can be significantly improved, since we used relatively inexpensive equipments.
The team released two online videos (here and here) demonstrating the research findings.
* Image source: DeclanTM's Flickr photostream (Creative Commons 2.0)