top | item 46324687

(no title)

farbklang | 2 months ago

I fail to understand how you can measure keystroke latency coming from a KVM. Everything behind the KVM is invisible to you, assuming that it is spoofing a legitimate logitech dongle and emulating a legitimate screen edid.

The KVM uses buffering and queues the keystrokes. So the net time between them is the same as if I would type them locally.

What you could measure is the fingerprint of USB initialization and enumeration of keyboard, mouse etc when connecting and starting up.

discuss

vablings|2 months ago

It's actually the buffering in this case that will get you dinged. The stated 110ms "lag" is probably the minimum time between keystrokes ever. If you have ever recorded data on the mean time between keystrokes you get a nice even distribution but for someone on a KVM it will look very skewed with most being under 110ms and zero below 110ms which is impossible for a normal human at a machine to replicate

Furthermore, there are a number of other side channel attacks here you could use to make things really inconvenient. Something super powerful would-be having a fido2 key such as a YubiKey and recording the mean time to human press keypress. Your average person who is present at the machine will touch the button in a number of seconds. A remote operator in NK will have to summon the homeowner which could take significantly longer.

Another technique you could use is look at the mouse movement data. You would also see the same truncated. distribution, I think a few people have put together a PoC for detecting cheaters in games based on mouse movements.

I do wonder also if the KVM devices they are using support HDCP. Showing media over HDCP on the screen that instructs the user to write an email or make a phone call instantly would be pretty cool.