Bezbednost bežičnih tastatura: pretnje, ranjivosti i mere zaštite

  • Siniša V. Jovanović Vojska Srbije, Generalštab, Uprava za telekomunikacije i informatiku (J-6), Centar za primenjenu matematiku i elektroniku, Beograd, Republika Srbija https://orcid.org/0009-0002-6088-9553
  • Danijela D. Protić Vojska Srbije, Generalštab, Uprava za telekomunikacije i informatiku (J-6), Centar za primenjenu matematiku i elektroniku, Beograd, Republika Srbija https://orcid.org/0000-0003-0827-2863
  • Vladimir D. Antić Vojska Srbije, Generalštab, Uprava za telekomunikacije i informatiku (J-6), Centar za primenjenu matematiku i elektroniku, Beograd, Republika Srbija https://orcid.org/0000-0001-9843-0743
  • Milena M. Grdović Vojska Srbije, Generalštab, Uprava za telekomunikacije i informatiku (J-6), Centar za primenjenu matematiku i elektroniku, Beograd, Republika Srbija https://orcid.org/0000-0003-4310-7935
  • Dejan A. Bajić Vojska Srbije, Generalštab, Uprava za telekomunikacije i informatiku (J-6), Centar za primenjenu matematiku i elektroniku, Beograd, Republika Srbija https://orcid.org/0009-0007-5283-4110
Ključne reči: bežična tastatura, radio-frekvencije, elektromagnetska emisija, softverski definisani radio

Sažetak


Uvod/cilj: Ranjivost računarskih sistema uzrokovana je kompromitujućim elektromagnetskim zračenjem sa bežičnih tastatura. Pokazano je da bežični uređaji koji koriste komunikaciju baziranu na trigerima imaju probleme koji se odnose na  privatnost, što je uzrokovano elektromagnetskim oticanjem povezanim sa emisijom radio-talasa. Tehnologija bežičnih veza izvor je emanacije signala koji mora biti zaštićen u pogledu performansi i bezbednosti.

Metode: Uočavaju se ranjivosti bežičnih uređaja i napadi na bočne kanale, uporedo sa elektromagnetskom emisijom radio- signala.

Rezultati: Ukazano je na greške u bezbednosti i enkripciji za određene bežične tastature. Rezultati penetracionih testova otkrivaju ranjivosti ciljane bežične tastature u pogledu zastarelog firmvera, enkripcije i pouzdanosti bežične mreže.

Zaključak: Bežične tastature imaju bezbedonosne propuste koji omogućuju ometanje radio-komunikacije, dajući zlonamernom korisniku potpun pristup računaru na koji je tastatura povezana. Stoga on može da ukrade osetljive podatke posmatrajući rad sistema i koristeći elektromagnetsku emisiju. 

Reference

-ANSI webstore. 1999. ANSI INCTIS 154-1998 (R1999). Office machines and supplies – Alphanumeric machines – Keyboard arrangement (Formerly ANSI X3. 154-1988 (R1999)) [online]. Available:  https://webstore.ansi.org/standards/incits/ansiincits1541988r1999 [Accessed: 05 January 2023].

Barthe, G., Gregorie, B. & Laporte, V. 2018. Secure Compilation of Side Channel Countermeasures: The Case of Cryptographic “Constant-Time”. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), Oxford, UK, pp.328-343, July 09-12. https://doi.org/10.1109/CSF.2018.00031.

-Bastille Networks Internet Security. 2023. KeySniffer affected devices [online]. Available at: https://keysniffer.net/affected-devices [Accessed: 05 January 2023].

Chamran, M.K., Yau, K.-L.A., Noor, R.M.D. & Wong, R. 2019. A Distributed Testbed for 5G Scenarios: An Experimental Study. Sensors, 20(1), art.number:18. Available at: https://doi.org/10.3390/s20010018.

Chauhan, P. 2020. What is keyboard? & Types of keyboard. RKR Knowledge, 12 May [online]. Available at: https://rkrknowledge.com/what-is-keyboard-types-of-keyboard/ [Accessed: 05 January 2023].

de Jesus Rugeles Uribe, J., Guillen, E.P. & Cardoso. L.S. 2022. A technical review of wireless security for the internet of things: Software defined radio perspective. Journal of King Saud University – Computer and Information Sciences, 34(7), pp.4122-4134. Available at: https://doi.org/10.1016/j.jksuci.2021.04.003.

Deeg, M. & Klostermeier, G. 2019. New tales of wireless input devices. SlideShare [online]. Available at: https://www.slideshare.net/proidea_conferences/new-tales-of-wireless-input-devices-matthias-deeg-gerhard-klostermeier [Accessed: 05 January 2023].

Duarte, L., Gomes, R., Riberio, C. & Caldeirinha, R.F.S. 2019. A Software-Defined-Radio for future wireless communication systems at 60 GHz. Electronics, 8(12), art.number:1490. Available at: https://doi.org/10.3390/electronics8121490.

-ETSI. 2011. Final draft EN 301 489-1 V1.9.2. (2011-04) Electromagnetic compatibility and Radio spectrum Matters (ERM); Electromagnetic Compatibility (EMC) standard for radio equipment and services; Part 1: Common technical requirements [online]. Available at: https://www.etsi.org/deliver/etsi_en/301400_301499/30148901/01.09.01_40/en_30148901v010901o.pdf [Accessed: 05 January 2023]. 

-ETSI. 2012. ETSI EN 300 386 V16.1. (2012-09) Electromagnetic compatibility and Radio spectrum Matters (ERM); Telecommunication network equipment; ElectroMagnetic Compatibility (EMC) requirements [online]. Available at: https://www.etsi.org/deliver/etsi_en/300300_300399/300386/01.06.01_60/en_300386v010601p.pdf [Accessed: 05 January 2023].

-ETSI. 2023. Electro Magnetic Compatibility [online]. Available at: https://www.etsi.org/technologies/emc [Accessed: 05 January 2023].

Garcia Reis, A.L., Barros, A.F., Gusso Lenzi, K., Pedroso Meloni, L.G. & Barbin, S.E. 2012. Introduction to the Software-defined Radio Approach. IEEE Latin America Transactions, 10(1), pp.1156-1161. Available at: https://doi.org/10.1109/TLA.2012.6142453.

Gatlan, S. 2019. Logitec unifying receivers vulnerable to key injection attacks. Bleeping Computer [online]. Available at: https://www.bleepingcomputer.com/news/security/logitech-unifying-receivers-vulnerable-to-key-injection-attacks/ [Accessed: 05 January 2023].

Goodin, D. 2019. How a wireless keyboard lets hackers take full control of connected computers. arsTECHNICA [online]. Available at: https://arstechnica.com/information-technology/2019/03/how-a-wireless-keyboard-lets-hackers-take-full-control-of-connected-computers/ [Accessed: 05 January 2023].

Grdović, M.M, Protić, D.D, Antic, V.D. & Jovanovic, B.Ž. 2022. Electromagnetic information leakage from the computer monitor. Vojnotehnički glasnik/Military Technical Courier, 70(4), pp.836-855. Available at: https://doi.org/10.5937/vojtehg70-38930

Griskenas, S. 2023. What is wireless keyboard security? Everything you need to know. Nord VPN [online]. Available at: https://nordvpn.com/blog/what-is-wireless-keyboard-security/ [Accessed: 05 January 2023].

-ISO. 2009. ISO/IEC 9995-1:2009. Information technology – Keyboard layouts for text and office systems – Part 1: General principles governing keyboard layouts [online]. Available at: https://www.iso.org/standard/51645.html [Accessed: 05 January 2023].

-ITU. 2014. K.84: Test methods and guide against information leaks through unintentional electromagnetic emission [online]. Available at: https://www.itu.int/rec/T-REC-K.84/en [Accessed: 05 January 2023].

-JSAJIS. 2018. JIS X 6002:1980 English Edition Keyboard layout for information processing using the JIS 7 bit coded character set [online]. Available at: http://www.jsajis.org/index.php?main_page=product_info&cPath=4&products_id=16459 [Accessed: 05 January 2023].

Liu, H., Spolaor, R., Turrin, F., Bonafede, C. & Conti, M. 2021. USB powered devices: A survey of side-channel threats and countermeasures. High-Confidence Computing, 1(1), art.ID:100007. Available at: https://doi.org/10.1016/j.hcc.2021.100007

-Logitech. 2022. Logi Bolt Secure, robust wireless connections. Logitech [online]. Available at: https://www.logitech.com/content/dam/logitech/en/business/pdf/logi-bolt-white-paper.pdf [Accessed: 05 January 2023].

-Logitech. 2023. Setting a new standard in wireless peripheral security. Today’s work-from-anywhere workplace demands enhanced protection. Logitech [online]. Available at: https://www.logitech.com/en-us/business/resources/wireless-peripheral-security.html [Accessed: 05 January 2023].

Mangard, S., Oswald, E. & Popp, T. 2007. Power Analysis Attacks: Revealing the Secrets of Smart Cards. New York, NY: Springer. Available at: https://doi.org/10.1007/978-0-387-38162-6

Markagić, M.S. 2018. Compromising electromagnetic radiation–challenges, threats and protection. Vojnotehnički glasnik/Military Technical Courier, 66(1), pp.143-153. Available at:  https://doi.org/10.5937/vojtehg66-8691

Molina-Tenorio, Y., Prieto-Guerrero, A. & Aguilar-Gonzales, R. 2021. Real-Time Implementation of Multiband Spectrum Sensing Using SDR Technology. Sensors, 21(10), art.number:3506. Available at: https://doi.org/10.3390/s21103506.  

-NIST National Institute of Standards and Technology. 2001. Advanced Encryption Standard (AES). Federal Information Processing Standards. NIST National Institute of Standards and Technology, NIST Technical Series Publications. Available at: https://doi.org/10.6028/NIST.FIPS.197

Oligeri, G., Sciancalepore, S., Raponi, S. & Di Pietro, R. 2020. BrokenStrokes: on the (in)security of wireless keyboards. In: WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Linc, Austria, pp.231-241, July 08-10. Available at: https://doi.org/10.1145/3395351.3399351

Pohl, J. & Noack, A. 2019. Automatic Wireless Protocol Reverse Engineering. In: Proceedings of 13th USENIX Workshop on Offensive Technologies (WOOT 19), Santa Clara, CA: USENIX Association, August [online]. Available at: https://www.usenix.org/conference/woot19/presentation/pohl [Accessed: 05 January 2023].   

Sadiku, M.N.O. & Akujuobi, C.M. 2004. Software-defined radio: a brief overview. IEEE Potentials, 23(4), pp.14-15. Available at: https://doi.org/10.1109/MP.2004.1343223

Sayakkara, A., Le-Khac, N.-A. & Scanlon, M. 2018. Accuracy Enhancement of Electromagnetic Side-Channel Attacks on Computer Monitors. In: ARES 2018: Proceedings of the 13th International Conference on Availability, Reliability and Security, Hamburg, Germany, August 27-30. Available at: https://doi.org/10.1145/3230833.3234690

Sheimo, M. 2021. Ahhh! My mouse and keyboard were hacked! Sikich, 23 June [online]. Available at: https://www.sikich.com/insight/ahhh-my-mouse-and-keyboard-were-hacked/ [Accessed: 05 January 2023].   

Sim, D.-J., Lee, H.S., Yook, J.-G. & Sim, K. 2016. Measurements and analysis of the compromising electromagnetic emanations from USB keyboard. In: 2016 Asia-Pacific International Symposium on Electromagnetic Compatibility (APEMC), Shenzhen, pp.518-520, May 17-21. Available at: https://doi.org/10.1109/APEMC.2016.7522785

Stewart, R.W., Barlee, K.W., Atkinson, D.S.W. & Crockett, L.H. 2015. Software Defined Radio Using MATLAB & Simulink and the RTL-SDR. Glasgow, UK: Strathclyde Academic Media. ISBN: 978-0-9929787-2-3.

Tomsic, N. 2022. Penetration testing wireless keyboards. Are your devices vulnerable? Degree Project in Computer Science and Technology. Stockholm, Sweden: KTH Royal Institute of Technology [online]. Available at: https://www.diva-portal.org/smash/record.jsf?dswid=-5484&pid=diva2%3A1701492 [Accessed: 05 January 2023].

Vuagnoux, M. & Pasini, S. 2009. Compromising Electromagnetic Emanations of Wired and Wireless Keyboards. USENIX [online]. Available at: https://www.usenix.org/legacy/events/sec09/tech/full_papers/vuagnoux.pdf [Accessed: 05 January 2023].

Wadell, K. 2016. Hackers Can Spy on Wireless Keyboards From Hundreds of Feet Away: There’s a gaping security hole in eight popular models. The Atlantic, 26 July [online]. Available at: https://www.theatlantic.com/technology/archive/2016/07/hackers-can-spy-on-wireless-keyboards-from-hundreds-of-feet-away/492962/ [Accessed: 05 January 2023]. 

-WebNots. 2022. What are Different Types of Computer Keyboards? WebNots, 15 August [online]. Available at: https://www.webnots.com/what-are-different-types-of-computer-keyboards/ [Accessed: 05 January 2023].

Weiss, B. 2023. Can Your Wireless Keyboard Be Hacked? WyzGuys Cybersecurity [online]. Available at: https://wyzguyscybersecurity.com/can-your-wireless-keyboard-be-hacked/ [Accessed: 05 January 2023].

Whittaker, Z. 2016. Flaws in wireless keyboards let hackers snoop on everything you type. ZD Net, 26 July [online]. Available at: https://www.zdnet.com/article/millions-of-wireless-keyboards-at-risk-of-spying-by-hackers-in-new-attack/ [Accessed: 05 January 2023].

 

Objavljeno
2023/03/27
Rubrika
Originalni naučni radovi