Researchers at InversePath announced at the Tenth Annual CanSecWest conference that they were able to detect sniff keyboard strokes and determine which letters were being typed. They were able to detect and deduce the mechanical emissions from a keyboard by pointing a laser on the reflective surface of a laptop. Security Engineer Andrea Barisani and hardware hacker Daniele Bianco presented new research in hardware hacking titled “Sniff Keystrokes With Lasers/Voltmeters – Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage“. They were able to deduce the keyboard strokes between 50 feet and 100 feet away.
Barisano and Biano used three tools to accomplish this goal:
-
Created a homemade laser microphone to measure the vibrations of the key. Keyboards are spring loaded
- Line-of-sight to the laptop is needed
- It does work through a glass window
- Software for analyzing the spectrograms of frequencies from different keystrokes
- Data Dictionary was used to try and guess what words were being typed.
The researchers dynamic time warping, technique called that’s typically used for speech recognition applications, to measure the similarity of signals.
In a second attack method, these researchers were able to spy on the keystrokes of a computer using a PS/2 keyboard through a ground line from a power plug in an outlet 50 feet away. “Information leaks to the electric grid,” said Barisani. “It can be detected on the power plug, including nearby ones sharing the same electric line” as the victim’s computer. The researchers used a digital oscilloscope and analog-digital converter, as well as filtering technology to isolate the victim’s keystroke pulses from other noise on the power line.
They say they only real way to mitigate against this type of spying would be to change your typing position and mistype words. No problem there!