Feeds

Boffins sniff keystrokes with lasers, oscilloscopes

I know what you typed last summer

Remote control for virtualized desktops

CanSecWest Researchers have devised two novel ways to eavesdrop on people as they enter passwords, emails, and other sensitive information into computers, even when they're not connected to the internet or other networks.

Exploiting vibrational patterns and electromagnetic pulses that emanate with every character entered, the Italian researchers are able to remotely sniff keystrokes from significant distances. The techniques use inexpensive equipment and can be hard for targets to detect, making them ideal for snooping on unsuspecting people in the office or building next door.

"The data is there," Andrea Barisani, of security firm Inverse Path, told those attending the CanSecWest security conference in Vancouver, British Columbia. "That's the important thing you need to know: whenever you type your data goes somewhere else. Not many people think about that."

The first method involves the use of laser microphones, which have long been the stuff of thrillers with spies who eavesdrop on conversations spoken from afar. By pointing the devices at windows, snoops can read the sound waves and then reconstruct the words that are being spoken.

Barisani, who was joined on stage by fellow Inverse Path colleague Daniele Bianco, said laser microphones can be trained on a laptop computer or desktop keyboard to similarly read the characters being entered. Because each keystroke has a distinctly different sound vibration, it is possible to remotely discern the characters by capturing the sound and then subjecting it to analysis.

The process is akin to the way secret codes are often cracked. An eavesdropper first figures out which sound represents the space bar. From there, he compares the input against words in a dictionary for likely matches. The more input the device picks up, the more accurate it becomes. Because keystrokes sound different for different people, a snoop would need to learn the distinctive sounds of each person being spied on.

Of course, the technique requires the eavesdropper to have a clean line of sight to the target PC, but it remains suitable for snooping on people typing in public places or next to windows. An attacker can also use one line of sight to point the laser on the victim and a separate straight line to receive the signal that's bounced back for analysis. What's more, infrared lasers can be used to escape detection.

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.