Feeds

Boffins sniff keystrokes with lasers, oscilloscopes

I know what you typed last summer

The essential guide to IT transformation

CanSecWest Researchers have devised two novel ways to eavesdrop on people as they enter passwords, emails, and other sensitive information into computers, even when they're not connected to the internet or other networks.

Exploiting vibrational patterns and electromagnetic pulses that emanate with every character entered, the Italian researchers are able to remotely sniff keystrokes from significant distances. The techniques use inexpensive equipment and can be hard for targets to detect, making them ideal for snooping on unsuspecting people in the office or building next door.

"The data is there," Andrea Barisani, of security firm Inverse Path, told those attending the CanSecWest security conference in Vancouver, British Columbia. "That's the important thing you need to know: whenever you type your data goes somewhere else. Not many people think about that."

The first method involves the use of laser microphones, which have long been the stuff of thrillers with spies who eavesdrop on conversations spoken from afar. By pointing the devices at windows, snoops can read the sound waves and then reconstruct the words that are being spoken.

Barisani, who was joined on stage by fellow Inverse Path colleague Daniele Bianco, said laser microphones can be trained on a laptop computer or desktop keyboard to similarly read the characters being entered. Because each keystroke has a distinctly different sound vibration, it is possible to remotely discern the characters by capturing the sound and then subjecting it to analysis.

The process is akin to the way secret codes are often cracked. An eavesdropper first figures out which sound represents the space bar. From there, he compares the input against words in a dictionary for likely matches. The more input the device picks up, the more accurate it becomes. Because keystrokes sound different for different people, a snoop would need to learn the distinctive sounds of each person being spied on.

Of course, the technique requires the eavesdropper to have a clean line of sight to the target PC, but it remains suitable for snooping on people typing in public places or next to windows. An attacker can also use one line of sight to point the laser on the victim and a separate straight line to receive the signal that's bounced back for analysis. What's more, infrared lasers can be used to escape detection.

Next gen security for virtualised datacentres

More from The Register

next story
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.