Sniffing keystrokes via laser and keyboard power

From: ed <ber..._at_netaxs.com>
Date: Thu, 26 Mar 2009 23:37:27 -0400

Sniffing keystrokes via laser and keyboard power
by Elinor Mills

C|Net News
March 19, 2009 4:27 PM PDT
  
(Photo) This screenshot shows varying frequencies of keystrokes, with the arrow
pointing to what a stroke on the space bar looks like on a spectrogram.
(Credit: Inverse Path)

VANCOUVER, B.C.--Presenters at the CanSecWest security conference detailed on
Thursday how they can sniff data by analyzing keystroke vibrations using a laser
trained on a shiny laptop or through electrical signals coming from a PC
connected to a PS/2 keyboard and plugged into a socket.

Using equipment costing about $80, researchers from Inverse Path were able to
point a laser on the reflective surface of a laptop between 50 feet and 100 feet
away and determine what letters were typed.

Chief Security Engineer Andrea Barisani and hardware hacker Daniele Bianco used
a handmade laser microphone device and a photo diode to measure the vibrations,
software for analyzing the spectrograms of frequencies from different
keystrokes, as well as technology to apply the data to a dictionary to try to
guess the words. They used a technique called dynamic time warping that's
typically used for speech recognition applications, to measure the similarity of
signals.

Line-of-sight on the laptop is needed, but it works through a glass window, they
said. Using an infrared laser would prevent a victim from knowing they were
being spied on.

The only real way to mitigate against this type of spying would be to change
your typing position and mistype words, Barisani said.

In the second attack method, the researchers were able to spy on the keystrokes
of a computer which was using a PS/2 keyboard through a ground line from a power
plug in an outlet 50 feet away.

"Information leaks to the electric grid," said Barisani. "It can be detected on
the power plug, including nearby ones sharing the same electric line" as the
victim's computer.

The researchers used a digital oscilloscope and analog-digital converter, as
well as filtering technology to isolate the victim's keystroke pulses from other
noise on the power line.

Their initial test, which took about five days to prepare and perform, enabled
them to record individual keystrokes but not continuous data such as words and
sentences, though they expect to be able to do that within a few months,
Barisani said.

In addition to being used to sniff a neighbor's keystrokes in a nearby room, the
attack could be used to sniff data from ATM machines that use PS/2 or similar
keypads, Barsani said. The attack does not work against laptops or USB
keyboards, he said.

The attacks are similar to other recent research that involves sniffing
keystrokes through a wireless antenna.

And of course there is the big daddy of these types of remote sniffing attacks,
TEMPEST, which allows someone with a lot of expensive equipment to sniff the
electromagnetic radiation emanating from a video display.

The new attacks are easier and can be accomplished at lower cost, the
researchers said.
Received on Sat Mar 02 2024 - 00:57:28 CST