PaulDotCom mailing list archives
BBC E-mail: Snooping through the power socket
From: covertbits at gmail.com (Covert Bits)
Date: Mon, 13 Jul 2009 12:22:12 -0700
They also presented it at CanSecWest back in March. There were two different types of attacks that they demonstrated there.. one was sniffing the PS/2 keystrokes from the power leakage... and the second (and cooler IMHO) one was remote sniffing of keystrokes using lasers. Basically they use a laser being reflected off the lid of a laptop as a remote microphone and measuring vibrations, a technique which apparently has been previously documented.. then they combine that with the ability to use the "sound" of your typing to determine what key you're striking. When I type, each letter has a very slightly different sound due to variations such as how fast I hit it, how hard I hit it, differences in the physical keys etc. So once you can tell the signature of each different key.. then just take a long sample of keystrokes and compare them to a dictionary to map each signature to the correct key. The nice thing is all of that could be done offline, once you gather the recording of the session. After I saw this, I immediately changed my password from "111111111" to include some other numbers as well... you know, to throw them off. Plus they had a killer presentation with "frickin laserbeams".. Cool stuff. Slide deck from cansec is here: http://cansecwest.com/csw09/csw09-barisani-bianco.pdf On Mon, Jul 13, 2009 at 11:43 AM, Jack Daniel <jackadaniel at gmail.com> wrote:
The presentation was done at Shakacon, and is available on the Risky Business 2 podcast, along with an interview with the guys who presented it. I'm looking forward to seeing their preso live at BH or DC. Jack On Mon, Jul 13, 2009 at 1:10 PM, kajigga<kajigga+pauldotcom at gmail.com<kajigga%2Bpauldotcom at gmail.com>> wrote:kajigga saw this story on the BBC News website and thought you should see it. ** Snooping through the power socket ** Whatever you type on a keyboard leaks via the power socket and can beeavesdropped upon, find security researchers.< http://news.bbc.co.uk/go/em/fr/-/2/hi/technology/8147534.stm > ** BBC Daily E-mail ** Choose the news and sport headlines you want - when you want them, all in one daily e-mail < http://www.bbc.co.uk/email > ** Disclaimer ** The BBC is not responsible for the content of this e-mail, and anythingwritten in this e-mail does not necessarily reflect the BBC's views or opinions. Please note that neither the e-mail address nor name of the sender have been verified.If you do not wish to receive such e-mails in the future or want to knowmore about the BBC's Email a Friend service, please read our frequently asked questions. http://news.bbc.co.uk/1/hi/help/4162471.stm_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090713/30b84396/attachment.htm
Current thread:
- BBC E-mail: Snooping through the power socket kajigga (Jul 13)
- BBC E-mail: Snooping through the power socket Jack Daniel (Jul 13)
- BBC E-mail: Snooping through the power socket Matt Hillman (Jul 13)
- BBC E-mail: Snooping through the power socket Jack Daniel (Jul 13)
- BBC E-mail: Snooping through the power socket PJ McGarvey (Jul 14)
- BBC E-mail: Snooping through the power socket Covert Bits (Jul 13)
- Using SAMBA with Active Directory Russell Butturini (Jul 13)
- Using SAMBA with Active Directory Bradley McMahon (Jul 14)
- Using SAMBA with Active Directory John Strand (Jul 14)
- BBC E-mail: Snooping through the power socket Matt Hillman (Jul 13)
- BBC E-mail: Snooping through the power socket Jack Daniel (Jul 13)