One of the famous quotes related to computer security goes as follows:
“The best way to secure your computer is to physically unplug its network cable”.
In other words do not keep your computer on any network at all, especially the Internet.
Fine, so does physically isolating my Computer from any and every network make it secure??
Well, not really! Let us see why.
First and foremost, is data security only a software issue or is it also a hardware issue?
While mostly it is a software issue due to the huge number of software applications which our data interacts with, it is also a hardware issue because, finally it is the hardware which transmits our data.
Say you are making an online purchase and entering your credit card details to make a payment. Now these details travel from your computer to the credit card processing server located continents across. Isn’t it possible that somebody out there can eavesdrop in between into the cables carrying your card details and decode the signal and thereby learn your card details? Wouldn’t it be free happy shopping for him after that?
Which is why we have secure connections – more commonly denoted by the lock icon in the browser’s address bar and recognized as https connections. These HTTPS connections protect our data from hardware based eavesdropping. What exactly they do is to encrypt the data (like the credit card details) so that even if somebody happens to read it in between, all they see is a bunch of meaningless characters. The key to unlock your data resides ONLY with the credit card processing server, and hence this connection is said to be SECURE. Its locked at your browser and unlocked ONLY at the destination server. It is a different matter that with the advent of quantum computing in the future, even this security can be broken. See the article on quantum computing and data security.
Now coming back to our hardware based security, assuming that all your software is bullet proof with all updates and latest patches applied, assuming that you have the best anti-virus, anti-spyware and firewalls installed. Does this guarantee your data adequate security?
May be your data is most secure during its transmission across continents via the Internet on a HTTPS connection, but it would be astonishing to know that in spite of all these security measures, your data is least secure in your immediate neighborhood, may be in your own apartment in the next flat, or in your neighbouring house!!
Just imagine, as you are typing-in your credit card details in your computer, there is a bad guy sitting out there in the adjacent room with a geeky device connected to his computer (which in no way is connected to your computer) and is reading all the details as you are typing them out!! If you had thought all these days that the only way to trap your keys typed in was by using a key logger spyware then you are wrong!
So, How is it possible?
Very simple. Your keyboard, be it wired or wireless, be it of a laptop or a desktop – being an electrical device, it emits electromagnetic signals which carry the information about the keys pressed, and in doing so being electrical in nature it also emits weak electromagnetic signals while transmitting the data. These electromagnetic waves are strong enough to be listened to by an electromagnetic wave detector in your immediate neighbourhood! Remember? Before the advent of cable television how the television antennae used to pick up data from the TV stations? The way radio picks up songs broadcast by the radio stations by listening to a particular frequency. The same principle is used to listen to the electromagnetic waves emitted by your keyboard.
Now couple this with FPGA or hardware based computation where the electromagnetic signals picked up from your keyboard are transmitted to that bad guy’s computer in the next room and decoded instantaneously. And there you go with all the latest security software installed in your PC, and here you have a hacker picking it up right from your next door without being troubled by your security software in any way! In fact the data you type reach your computer and his device almost at the same time!! Pretty troubling isn’t it??
And this is the problem with almost every keyboard sold on this planet today. Be it wired or wireless, the electromagnetic waves they emit are definitely wireless, and lo, the same applies to ATMs of banks as well, from where you withdraw hard cash. All these devices emit compromising electromagnetic emanations which can be easily sniffed by an expert!
So what is the solution? Its simple too, just like mobile jammers, the keyboards should have electromagnetic jammers so that the keyboard signals travel only to your computer without any electromagnetic waves leaking into the surrounding space. These jammers are basically insulators coated around your keyboard wires there by preventing the electromagnetic signals emanating from the wires from spreading into the neighbouring space.
So what is the issue then? Well, its expensive to have this electromagnetic shielding in the keyboard and so most modern keyboards simply do not have this coating!! And so your data is ALWAYS exposed in your neighbourhood as you type it. Thank God, your neighbor is not that bad geek guy who knows how to eaves drop on your computer keyboard sniffing your keystrokes.
By the way, US Government had a project codenamed TEMPEST to address this security issue in Government offices. TEMPEST stands for Telecommunications Electronics Material Protected from Emanating Spurious Transmissions. We can assume that all US government offices have adequate measures to prevent electromagnetic signal leakage. And this signal leakage is not limited only to keyboards, even monitors emit signals revealing what they are displaying, even network cables, LEDs all emit these signals and properly tuned and configured software/hardware combination can listen to any of these sources to recover information being transmitted.
What else can we do then to protect our data being leaked out in the surrounding space?
Well, live in a Faraday’s cage. In simple terms what it means is sit inside an enclosure surrounded by walls made of material like aluminum which prevent the electromagnetic waves from leaking outside the closed walls of your cage. An Aluminium enclosure would probably do!
By the way, even human brains emit electromagnetic signals, so get ready to wear shielding helmets to protect your thoughts :)