Type much? Watch out for data-thieving lasers and power outlets

Next Story

DIY laser-controlled keyboard

hamburglarArticles like this make me glad I lead a relatively boring life and rarely type anything interesting enough to steal (or even read?) into my computer.

Hackers will demonstrate a couple new methods of data theft at Black Hat USA 2009 in Vegas later this month. Both methods involve reading which individual keyboard keys are struck from afar. One method reads the impulses through electrical outlets and the other uses a laser shined on a flat surface of the computer to detect the minute wobble generated when each key is struck.

Apparently each individual key on your keyboard creates a distinct electrical impulse and hackers have figured out how to filter those into translatable letter and number combinations. What’s more, each brand and style of keyboard creates impulses distinct from surrounding keyboards, so it’s possible to single out a particular keyboard in, say, a crowded coffee shop.

According to the article:

In the power-line exploit, the attacker grabs the keyboard signals that are generated by hitting keys. Because the data wire within the keyboard cable is unshielded, the signals leak into the ground wire in the cable, and from there into the ground wire of the electrical system feeding the computer. Bit streams generated by the keyboards that indicate what keys have been struck create voltage fluctuations in the grounds, they say…

…This method would not work if the computer were unplugged from the wall, such as a laptop running on its battery. The second attack can prove effective in this case, Bianco’s and Barisani’s paper says.

Attackers point a cheap laser, slightly better than what is used in laser pointers, at a shiny part of a laptop or even an object on the table with the laptop. A receiver is aligned to capture the reflected light beam and the modulations that are caused by the vibrations resulting from striking the keys.

How to use electrical outlets and cheap lasers to steal data [Network World]

blog comments powered by Disqus