Data canÃ‚ now be sniffed by analyzing keystroke vibrations of a laptop or a PC connected to a PS/2 keyboard. This is what the researchers from Inverse Path revealed in their presentation at the CanSecWest Security Conference held in Vancouver.
- See also: DIY Wireless Keylogger
The Laser method:
The experts from Inverse Path first used equipment priced at around $80 to demonstrate how laser technology can be used to analyze keystrokes. They showed that letters typed on a laptop placedÃ‚ 50 to a 100 feet away, could be determined by pointing a laser on the reflective surface of the laptop. This was presented by engineer Andrea Barisani and hardware hacker Daniele Bianco.
TheÃ‚ simple sensor equipment that they used was comprised of a handmade laser microphone device,Ã‚ a photo diode for the measurement of vibrations, software to analyzeÃ‚ frequency spectrograms from different keystrokes, and a program which feedsÃ‚ the data to a dictionary, which in turn deciphers the words.
This technologyÃ‚ is known as Dynamic Time Warping, and is primarily used in speech recognition applications. The only prerequisite is that the laptop needs to be aligned so that it appears in sight. They said that infrared lasers can be used to prevent a victim from being conscious that their system is being spied on. This method also works through glass windows.
- Where can it be used: According to Barisani, this method can be used under mostÃ‚ circumstances, except when the user changes the typing position or mistypes words.
The Power-line method: The seconds method that was demonstrated by researchers showed how keystrokes from a desktop computer, with a PS/2 keyboard, can be analyzed through a ground line from a power plug in an outlet 50 feet away. In this method, as Barisani said, an information leakage is created in the electric grid. In order to detect this, a power plug, including nearby ones sharing the same electric line as the victim’s computer can be used. The victim’s keystroke pulses can be isolated from other noise on the power line by using a digital oscilloscope and analog-digital converter, as well as filtering technology.
This technology is still at its infancy stage since the researchers, after preparing for five days,Ã‚ performed an initial test in which they recorded individual keystrokes but were unable to record a continuous flow of data. However, Barisani expects the latter to be possible shortly.
- Where can it be used: The power-line method can be used to sniff data from the computers of any nearby user, as well as any ATM machine that uses PS/2 or similar keypads. This method does not work against laptops or USB keyboards.
These techniques are similar to otherÃ‚ research that involves sniffing keystrokes through a wireless antenna. So far though, TEMPEST remains the most effective one. That method involves lots of expensive equipment and works by sniffing the electromagnetic radiation emanating from a video display.