Any system that is connected to the Internet is always subject to threats, no matter how well it is protected. This assumption is well known to any teenager today. No software barriers can fully prevent human errors in a program code or user behavior.
That’s why devices that have functions of special importance, or that contain top-secret information, are usually not connected to the Internet. It is always better to accept inconvenience than face unpleasant consequences. This is how, for example, control systems for large industrial objects or some bank computers are protected.
It may seem that going offline completely will keep any secret safe: if there is no Internet, then there is no data leakage. However, that is not the case. Remote data transfer techniques adopted by secret services long time ago become more accessible each year to ‘commercial’ users. Quite a few spy gadgets at James Bond’s disposal are becoming commonplace today.
Any operational device that is connected to a power line generates electromagnetic radiation that can be intercepted by proven technologies. Almost half a century ago, state security services of the U.S. and the USSR were concerned with such leakages, and the information that has been obtained since those days is massive. Some parts of the American activity are known under the TEMPEST abbreviation, and some declassified archives reads as good as detective novels.
Despite the long history, new methods of ‘surfing’ electromagnetic waves appear regularly as the electrical equipment evolves. In the past, the weakest links were CRT monitors and unshielded VGA cables that produced electromagnetic noise. Keyboards have become favorite toys for data security researchers over the past few years. The research in this area has been steadily productive. These are just a few examples.
Keystrokes can be remotely tracked with high accuracy at the 67-feet (20-meter) distance by using a homemade device that analyzes the radio spectrum and costs around $5,000. It is interesting to note that the attack is equally effective against common cheap USB keyboards, expensive wireless keyboards with a signal encryption, and built-in notebook keyboards.
All of the devices work on the same principle and generate electromagnetic noise. The difference is stipulated by the signal power, which depends upon the length of the data transmission wire (it is the shortest for notebooks).