Boffins sniff keystrokes with lasers, oscilloscopes
I know what you typed last summer
Customer Success Testimonial: Recovery is Everything
CanSecWest Researchers have devised two novel ways to eavesdrop on people as they enter passwords, emails, and other sensitive information into computers, even when they're not connected to the internet or other networks.
Exploiting vibrational patterns and electromagnetic pulses that emanate with every character entered, the Italian researchers are able to remotely sniff keystrokes from significant distances. The techniques use inexpensive equipment and can be hard for targets to detect, making them ideal for snooping on unsuspecting people in the office or building next door.
"The data is there," Andrea Barisani, of security firm Inverse Path, told those attending the CanSecWest security conference in Vancouver, British Columbia. "That's the important thing you need to know: whenever you type your data goes somewhere else. Not many people think about that."
The first method involves the use of laser microphones, which have long been the stuff of thrillers with spies who eavesdrop on conversations spoken from afar. By pointing the devices at windows, snoops can read the sound waves and then reconstruct the words that are being spoken.
Barisani, who was joined on stage by fellow Inverse Path colleague Daniele Bianco, said laser microphones can be trained on a laptop computer or desktop keyboard to similarly read the characters being entered. Because each keystroke has a distinctly different sound vibration, it is possible to remotely discern the characters by capturing the sound and then subjecting it to analysis.
The process is akin to the way secret codes are often cracked. An eavesdropper first figures out which sound represents the space bar. From there, he compares the input against words in a dictionary for likely matches. The more input the device picks up, the more accurate it becomes. Because keystrokes sound different for different people, a snoop would need to learn the distinctive sounds of each person being spied on.
Of course, the technique requires the eavesdropper to have a clean line of sight to the target PC, but it remains suitable for snooping on people typing in public places or next to windows. An attacker can also use one line of sight to point the laser on the victim and a separate straight line to receive the signal that's bounced back for analysis. What's more, infrared lasers can be used to escape detection.
Next page: There is another way
COMMENTS
Go on then, do it.
The idea that you can sniff keystrokes by their sound is all well and good under lab conditions, but the real world is a very different place.
Firstly you would need line of site to the keyboard, hitting a surface is simply not good enough if there is more than one keyboard in the room.
Secondly it relies on people's typing technique being consistent, I'm sure this is fine for trained typists but real people are completely inconsistent in their technique - most of us don't even hit the same key with the same finger every time.
So yes I'm sure it's possible under very specific conditions, but it looks like a headline grabbing excercise to me and it's not something I'll be worrying about.
Hmmm...
"everything would be house in a Faraday cage, a big metal box, ie..a room with no windows..."
Sounds like my old company...
I've already seen workmates complaining about the aircon not working, and that was when we were technically still in winter!
Poor buggers... Glad I left!
USB Immune?
USB is not immune because it uses differential signalling.
The benefit of using differential signalling is that higher data rates can be achieves because noise is reduced by utilising the high common mode rejection ratio of a differential input amplifier on the receiver end of the cable, any radiated noise received in the cable is common to both positive and negative signal lines because of their close proximity and twisting.
That is, the differental signalling concept is used to increase the speed of transmission.
You're still going to get radiated emissions from the cable.
The detection techniques rely on two principles:
radiated noise in the form of RF
conducted noise back up the power cable.
I think you'll find you will still get high frequency noise superimposed on the power line, albeit very small in amplitude. Sure, the power supply contains inductors, and if in series with the power line will provide a high impedance path to high frequency signals, but it's a high impedance which results in attenuation, it's not infinite attenuation.
You'd need to start adding appropriately designed filters on the power lines to suppress the conducted emissions.
If you really want to prevent people spying on you using the techniques then you need to start adopting TEMPEST principles and taking to the extreme, everything would be house in a Faraday cage, a big metal box, ie..a room with no windows, metal doors with berillium copper finger strips space close together down the edges of the doors to provde 100% continuity of screening.
IT infrastructure monitoring strategies
What you need to know about cloud backup
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Customer Success Testimonial: Recovery is Everything
