Sniffing keystrokes via laser and keyboard power

This screenshot shows varying frequencies of keystrokes, with the arrow pointing to what a stroke on the space bar looks like on a spectrogram.

(Credit: Inverse Path)

VANCOUVER, B.C.--Presenters at the CanSecWest security conference detailed on Thursday how they can sniff data by analyzing keystroke vibrations using a laser trained on a shiny laptop or through electrical signals coming from a PC connected to a PS/2 keyboard and plugged into a socket.

Using equipment costing about $80, researchers from Inverse Path were able to point a laser on the reflective surface of a laptop between 50 feet and 100 feet away and determine what letters were typed.

Chief Security Engineer Andrea Barisani and hardware hacker Daniele Bianco used a handmade laser microphone device and a photo diode to measure the vibrations, software for analyzing the spectrograms of frequencies from different keystrokes, as well as technology to apply the data to a dictionary to try to guess the words. They used a technique called dynamic time warping that's typically used for speech recognition applications, to measure the similarity of signals.

Line-of-sight on the laptop is needed, but it works through a glass window, they said. Using an infrared laser would prevent a victim from knowing they were being spied on.

The only real way to mitigate against this type of spying would be to change your typing position and mistype words, Barisani said.

In the second attack method, the researchers were able to spy on the keystrokes of a computer which was using a PS/2 keyboard through a ground line from a power plug in an outlet 50 feet away.

"Information leaks to the electric grid," said Barisani. "It can be detected on the power plug, including nearby ones sharing the same electric line" as the victim's computer.

The researchers used a digital oscilloscope and analog-digital converter, as well as filtering technology to isolate the victim's keystroke pulses from other noise on the power line.

Their initial test, which took about five days to prepare and perform, enabled them to record individual keystrokes but not continuous data such as words and sentences, though they expect to be able to do that within a few months, Barisani said.

In addition to being used to sniff a neighbor's keystrokes in a nearby room, the attack could be used to sniff data from ATM machines that use PS/2 or similar keypads, Barsani said. The attack does not work against laptops or USB keyboards, he said.

The attacks are similar to other recent research that involves sniffing keystrokes through a wireless antenna.

And of course there is the big daddy of these types of remote sniffing attacks, TEMPEST, which allows someone with a lot of expensive equipment to sniff the electromagnetic radiation emanating from a video display.

The new attacks are easier and can be accomplished at lower cost, the researchers said.

[man_w_balls]

USB keyboard FTW!

[Wookiee-1138]

In a controlled test environment, that might work. But I wonder how accurate it would be in an actual workspace or coffeeshop where there's dozens of electronic signals flying in every direction.

[Wookiee-1138]

and background vibrations.

[mbenedict]

TEMPEST doesn't have to be expensive, nor is it limited to video displays. There are already several public demonstrations more sophisticated than the one at CanWest (e.g., can sniff laptops, not require line of sight, etc.) $80 is pretty cheap, admittedly.

[Hernys]

> The only real way to mitigate against this type of spying would be to change your typing position and mistype words, Barisani said.

That's not quite right. Using smartcards or other two factor authentication mechanisms (other than biometrics, which add very little security in practice) effectively mitigate this threat.
Fact is, passwords aren't a good authentication mechanisms in times when there are myriads of technology solutions to intercept whatever you enter into a computer. Two factor authentication is a must.

[a85]

You're presuming that people are solely going to use this technology to sniff out authentication data such as passwords. It could also be used to steal confidential information such as trade secrets, emails etc. In those cases, any authentication system (two factor or otherwise) is rendered inutile. That is why this is such a significant development.

[gregorytga]

There's an assumption that they could figure out each key's frequency and that they maintain the same frequency every time they are pressed. Since line of sight is required at a distance of <100 video surveillance probably would use yield better results, albeit tedious. Interesting proof of concept likely not a threat.

[skyscraperjim]

Are new PCs still shipping with PS/2 keyboards? My hardware is a bit out of date, but I figured everything would be USB by now.

[tunesfan]

If they have direct line of site... why not just look and watch what the person types? :-)

[pcorus]

I'm just gettig into pc repair. If hard drives can be encripted why can't the "BIG" companies try encruipting the keyboards unless they are already. Maybe that might help.