BBC E-mail: Snooping through the power socket

[covertbits at gmail.com (Covert Bits)]

They also presented it at CanSecWest back in March.  There were two
different types of attacks that they demonstrated there.. one was sniffing
the PS/2 keystrokes from the power leakage... and the second (and cooler
IMHO) one was remote sniffing of keystrokes using lasers.

Basically they use a laser being reflected off the lid of a laptop as a
remote microphone and measuring vibrations, a technique which apparently has
been previously documented.. then they combine that with the ability to use
the "sound" of your typing to determine what key you're striking.  When I
type, each letter has a very slightly different sound due to variations such
as how fast I hit it, how hard I hit it, differences in the physical keys
etc.  So once you can tell the signature of each different key.. then just
take a long sample of keystrokes and compare them to a dictionary to map
each signature to the correct key.

The nice thing is all of that could be done offline, once you gather the
recording of the session.  After I saw this, I immediately changed my
password from "111111111" to include some other numbers as well... you know,
to throw them off.

Plus they had a killer presentation with "frickin laserbeams".. Cool stuff.

Slide deck from cansec is here:
http://cansecwest.com/csw09/csw09-barisani-bianco.pdf




On Mon, Jul 13, 2009 at 11:43 AM, Jack Daniel <jackadaniel at gmail.com> wrote:

> The presentation was done at Shakacon, and is available on the Risky
> Business 2 podcast, along with an interview with the guys who
> presented it.  I'm looking forward to seeing their preso live at BH or
> DC.
>
> Jack
>
>
> On Mon, Jul 13, 2009 at 1:10 PM, kajigga<kajigga+pauldotcom at gmail.com<kajigga%2Bpauldotcom at gmail.com>>
> wrote:
> > kajigga saw this story on the BBC News website and thought you
> > should see it.
> >
> >
> >
> > ** Snooping through the power socket **
> > Whatever you type on a keyboard leaks via the power socket and can be
> eavesdropped upon, find security researchers.
> > < http://news.bbc.co.uk/go/em/fr/-/2/hi/technology/8147534.stm >
> >
> >
> > ** BBC Daily E-mail **
> > Choose the news and sport headlines you want - when you want them, all
> > in one daily e-mail
> > < http://www.bbc.co.uk/email >
> >
> >
> > ** Disclaimer **
> > The BBC is not responsible for the content of this e-mail, and anything
> written in this e-mail does not necessarily reflect the BBC's views or
> opinions. Please note that neither the e-mail address nor name of the sender
> have been verified.
> > If you do not wish to receive such e-mails in the future or want to know
> more about the BBC's Email a Friend service, please read our frequently
> asked questions. http://news.bbc.co.uk/1/hi/help/4162471.stm
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090713/30b84396/attachment.htm