Vigil@nce - Linux: detecting keyboard strokes with /dev/ptmx
January 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can monitor the activity of /dev/ptmx, in order
to detect when a user presses a key.
Impacted products: Unix (platform)
Severity: 1/4
Creation date: 08/01/2013
DESCRIPTION OF THE VULNERABILITY
A pseudo terminal uses a pair of connected descriptors, which are
associated to /dev/ptmx (master) and /dev/pts/x (slave). Each
pressed key in the pseudo terminal is sent to /dev/ptmx.
A local attacker can therefore monitor the activity of /dev/ptmx,
in order to detect when a user presses a key.
He can thus measure the time range between each stroke, in order
to guess pressed keys.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-detecting-keyboard-strokes-with-dev-ptmx-12287