Laser Sniffing Captures Typed Keystrokes From 50-100 Feet

Death Metal writes "Chief Security Engineer Andrea Barisani and hardware hacker Daniele Bianco used handmade laser microphone device and a photo diode to measure the vibrations, software for analyzing the spectrograms of frequencies from different keystrokes, as well as technology to apply the data to a dictionary to try to guess the words. They used a technique called dynamic time warping that's typically used for speech recognition applications, to measure the similarity of signals. Line-of-sight on the laptop is needed, but it works through a glass window, they said. Using an infrared laser would prevent a victim from knowing they were being spied on." (This is the same team that was able to pick up the electromagnetic signals emitted by PS/2 keyboards.)

Oblig

Sharks with frigging lasers..

Re:Oblig

[stonedcat]

I'd like to know what sharks are doing with keyboards in the first place.

Re:Oblig

I know I'd have trouble typing in my password with a shark with a laser hovering nearby

Re:Oblig

[Onymous+Coward]

Bathyscaphe hacking?

Not First Post

[MyLongNickName]

I would have had first post, but I had to close my blinds to avoid anyone spying on my leet Slashdot posting skills.

Re:Not First Post

[mcgrew]

You misspelled 133t, 14m3r!

Re:Not First Post

No, YOU misspelled 1337 (I'll even go further with 31337)!

Re:Not First Post

[cromar]

n00b. 17'5 5p3113d \/\/17# 4 "7." 17'5 5p3113d "1337." 101

Re:Not First Post

[RulerOf]

n00b. 17'5 5p3113d \/\/17# 4 "7." 17'5 5p3113d "1337." 101

Oh. My. God... I could read that.

I'm going to go get laid ASAP, burning sun be damned!

Re:Not First Post

[AliasMarlowe]

n00b. 17'5 5p3113d \/\/17# 4 "7." 17'5 5p3113d "1337." 101

Oh. My. God... I could read that.
I'm going to go get laid ASAP, burning sun be damned!

Eerily, not only could I read it, but so could my wife and our teenage kids!

Re:Not First Post

[cromar]

101. 7#47'5 pR06461y 4 g00d 1d34 ;-) 631/3v3 /\/\3, u 5#0u1d 63 g14D 5145#d07 d035/\/'7 4110\/\/ un/c0d3 c#4R5 0r 7#15 c0u1d g37 pr377y kR4zY, Y0u k/\/0\/\/?

Re:Not First Post

[davolfman]

Except it wouldn't work. The sound would still reach the glass and be picked up by the laser mic.

Re:Not First Post

I had to turn up my bass speakers. You know, to make the windows constantly vibrate, ruining any attempt to record conversations spoken or typed.

It's that, or work on my alternative typing patterns, using an alternate key layout and forcing myself to make awkward pauses while typing. Listening to loud music is also more fun.

Re:Not First Post

i'm sorry to be the one to tell you this but: no, no you're not.

Re:Not First Post

[spazdor]

Pics or it didn't happen.

Re:Not First Post

[Anenome]

If the song you play can be identified and reproduced to a good degree of the distortion created by your room and the bass levels, then removing that from the data stream is not particularly difficult. You would actually have to play two different songs at some non-standard or perhaps continuously variable playback-rate in order to create something hard to find and duplicate so that it couldn't be simply removed from the recording. It's like those Bose noise-canceling headphones, by sampling the sound as it comes in they can subtract that sound from what you actually hear. The same would apply here.

Re:Not First Post

[Ihmhi]

Incidentally, I wonder how much fun we could have with this sentence. Just start showing it to random people.

----

Me: "It's the supposed formula for cold fusion."

Physics Student: "I mean, as a chemistry formula it makes sense, but in some ways it doesn't... # isn't even a chemistry symbol! Unless..." -proceed with four hours of rambling-

----

Me: "It's a diagram of a portion of the circuitry that's in the new iPhone. I think it's like, some Chinese system of mapping out electrical stuff.:

Electrical Engineer: "It's brilliant! The 7s are obviously resistors, and if we assume that the # is a redundant capacitor to prevent overload..."

----

It's probably work on any major aside from computer sciences. I'm pretty sure most people in that field take LSL (Leet as a Second Language).

Re:Not First Post

[VagaStorm]

Lol, that was my first thought to :)

Re:Not First Post

Eerily, not only could I read it, but so could my wife and our teenage kids!

What, you're all hanging out around the computer reading slashdot together?

Re:Not First Post

[mcgrew]

I'm going to go get laid ASAP, burning sun be damned!

You'll need this.

Re:Not First Post

[mcgrew]

Damn, you're right! Damn them damn typoos! Why did they have to put the T so close to the 7???

Re:Not First Post

[cyberchondriac]

101. 7#47'5 pR06461y 4 g00d 1d34 ;-) 631/3v3 /\/\3, u 5#0u1d 63 g14D 5145#d07 d035/\/'7 4110\/\/ un/c0d3 c#4R5 0r 7#15 c0u1d g37 pr377y kR4zY, Y0u k/\/0\/\/?

Who uses a "6" for a "B"? I always used an "8".
Plus, you're interchangeably using "1" for both "i" and "L", which is confusing. (I know, tricky when both letters are in the same word). That's why I prefer "|_" for "L"> ;-)

That should read:
101. 7#47'5 pR0848|_y 4 g00d 1d34 ;-) 83|_13v3 /\/\3, u 5#0u1d 83 g|_4D 5|_45#d07 d035/\/'7 4|_|_0\/\/ un/c0d3 c#4R5 0r 7#15 c0u|_d g37 pr377y kR4zY, Y0u k/\/0\/\/

God. I can't believe I can read this stuff either. Scary.

Re:Not First Post

[cromar]

1'11 74|3 7#47 1/\/70 (0/\/51|)3r4710/\/ ;-)

Re:Not First Post

[cyberchondriac]

1'11 74|3 7#47 1/\/70 (0/\/51|)3r4710/\/ ;-)

"I"ll take that into consideration" - LMAO !!!
Ooops, I mean, |_|\/|40 ! ;-)

Easy to dectect

If you go blind while you are typing, you are probably being sniffed.

Or you are having severe problems with your retinas.

In either case, you should feel your way to an opthamologist quickly.

Re:Easy to dectect

[mcgrew]

You should go see Doctor Odin or another retina specialist. And yes, I know the irony of his name.

Dr. Odin shined a high powered laser into my left eye several times. The laser is used to weld a torn retina back together, the linked journal is about the vitrectomy he performed after the retina detached.

I would not wish a vitrectomy on my worst enemy. Becoming a cyborg is a piece of cake by comparison.

Re:Easy to dectect

[chandani]

If you go blind while you are typing, you should probably be typing with both hands.

Re:Easy to dectect

As if he can type with those hairy palms anyways.

Re:Easy to dectect

[VagaStorm]

If you go blind typing, you should maybe leave, the p00rn chat room?

Let's...

[Roadkills-R-Us]

dynamic time warp again!

Re:Let's...

<voice=deep voice typical of old movie trailers>Dragon's Lair: Time Warp!</voice>

Re:Let's...

Damn you dynamic...damn you!

on the contrary: !Easy to dectect

[CaptainPatent]

If you go blind while you are typing, you are probably being sniffed.

Or you are having severe problems with your retinas.

In either case, you should feel your way to an opthamologist quickly.

Actually, Infrared lasers only hurt eyes if you look directly into them. Using a low-powered infrared laser pointed at a keyboard wouldn't be any different than using a red laser pointed at a keyboard except that the victim would see the dot. Unless they're using a mirrored keyboard the light would be diffused and not refracted so it would be similar to looking at a resultant red dot from a laser instead of directly into a laser.

Re:on the contrary: !Easy to dectect

[DMUTPeregrine]

Also, the point is to point the laser at the window and have it reflect. By measuring changes in the angle of reflection you can reconstruct sound hitting the inside of the window. Double-pane glass with a vacuum between the panes removes this attack vector.

Re:on the contrary: !Easy to dectect

[causality]

Also, the point is to point the laser at the window and have it reflect. By measuring changes in the angle of reflection you can reconstruct sound hitting the inside of the window. Double-pane glass with a vacuum between the panes removes this attack vector.

Is it common for double-pane glass to contain anything that could be called a vacuum? I'll admit I don't know but I always thought they just had regular atmospheric-pressure air between the panes, as an extra layer of insulation. Would you need a proper vacuum to dampen the sound vibrations enough to defeat this attack?

Re:on the contrary: !Easy to dectect

[binaryseraph]

If you go blind while you are typing, you are probably being sniffed. Or you are having severe problems with your retinas.

Or you stopped listening to your mother and started looking at those websites she told you to keep away from...

Re:on the contrary: !Easy to dectect

[emlyncorrin]

Double-pane glass with a vacuum between the panes removes this attack vector.

Unfortunately, glass has this annoying property called transparency that allows laser beams to go straight through and be reflected from the inner layer...

Re:on the contrary: !Easy to dectect

[Yokaze]

> Actually, Infrared lasers only hurt eyes if you look directly into them.

Someone could mistake what you are saying, so let me state the following: there is no eye-safe wave length.
The wave-length of the laser only decides which kind of injury it might inflict to your eye, when the energy density is high enough. Granted, for UV wavelengths a lower energy density is dangerous, but the difference between visible light and infra-red can be neglected. Which is comes similar to what you are saying next.

> Using a low-powered infrared laser pointed at a keyboard wouldn't be any different than using a red laser pointed at a keyboard except that the victim would see the dot.

Granted, a sufficiently low powered infra-red laser wouldn't cause any more harm than a visible laser (green or red).
But, looking inadvertantly in the red laser triggers the eye reflex, something what infra-red light would not, as you don't perceive it. So, a NIR can be more dangerous.
So a common 1mW visible light laser is class 2, while the 1mW infra-red is class 3, because you simply wouldn't notice, that your eye is blinded.

Re:on the contrary: !Easy to dectect

[Yokaze]

s/eye reflex/blink reflex/g

Re:on the contrary: !Easy to dectect

[DieByWire]

Is it common for double-pane glass to contain anything that could be called a vacuum? I'll admit I don't know but I always thought they just had regular atmospheric-pressure air between the panes, as an extra layer of insulation.

A vacuum would be great for stopping heat loss, but isn't present in any normal double pane window. Atmospheric pressure (14 lbs/sq in) * the number of sq inches in a window pane is a big number. Any pane that didn't break would be noticeably bowed.

Some higher end double pane windows are filled with argon, since it insulates better than standard air.

Re:on the contrary: !Easy to dectect

[Robotbeat]

They use argon or xenon (on the expensive ones) to insulate double (or triple) pane windows. I know this because I was a door-to-door almost-salesman for a summer. Worst. Job. Evar.

Re:on the contrary: !Easy to dectect

[jabithew]

But, looking inadvertantly in the red laser triggers the eye reflex, something what infra-red light would not, as you don't perceive it.

This is similar to the reason you need UV protection on sunglasses; your pupils widen, and accept more radiation that they would otherwise on a bright day.

Re:on the contrary: !Easy to dectect

[kmac06]

Actually your eye is much less sensitive to damage at wavelengths over 1200 nm or so. I don't remember the source, but it's something 1000x less sensitive at 1550 than 1064...it's either the lens in your eye doesn't focus those wavelengths, or your retina doesn't absorb them, not sure which. So a 1550 laser could be used with no danger.

tinfoil time

[MoFoQ]

looks like it's time to stock up on tinfoil and old reflective (mainly old aol) cds.

imagine what the govt can do if regular scientists can do this with regular lasers (not including with sharks)

Re:tinfoil time

[causality]

looks like it's time to stock up on tinfoil and old reflective (mainly old aol) cds.

imagine what the govt can do if regular scientists can do this with regular lasers (not including with sharks)

Consider that around 1980, they (the US Gov't) admitted to having spy satellites that could photograph a vehicle's license plate from orbit. That's what they were willing to admit to back then; you can bet that their most advanced technologies were kept secret. Then the stealth bomber was kept a secret for about thirty years. Anyone who saw one back when it was secret would have probably called it a UFO since, well, it's a flying object that couldn't be identified without proper security clearances. At least, I know that the U-2 spy plane caused UFO reports back when it was a secret. This makes me wonder if years from now, we'll learn that some of these "flying saucers" and the incredible maneuvers they can do were actually some kind of experimental aircraft.

It's not so absurd that the secret government technology would be years ahead of private industry. For one thing, private industry has to make a profit and can't devote all of their resources to pure research. For another, government agencies, particularly those which are defense-related, receive ridiculous amounts of funding. That's the ones we know about; I suspect that some of these $400 toilet seats and such were a way to fund some of the kinds of projects that fall under "national security". Then consider the talent to which they have access. I've heard that the NSA likes to recruit top mathematics students and wouldn't be surprised to learn that such recruitment efforts are more common.

You raise an excellent point. I wonder if we'll ever know, even years later, about half of the things that are going on right now.

Re:tinfoil time

[langelgjm]

This seems apposite.

Re:tinfoil time

[dattaway]

admitted to having spy satellites that could photograph a vehicle's license plate from orbit.

I still have yet to see a picture of a license plate (horizontal OR vertical) from space. If they can take a picture of a flat object mounted 90 degrees at any distance from the source, I would certainly be impressed.

Re:tinfoil time

[eat+here_get+gas]

for years i've argued that the supposed "UFO" sightings in Ohio, Utah, and Arizona were the Air Force/CIA/whoever testing new aircraft.

mind you, that doesn't mean I don't believe in alien spacecraft...

Re:tinfoil time

A buddy of mine was recruited by the NSA and he was as you said, a top math student. He actually turned them down because he didn't want to move to Virginia!

Now he's a network administrator at a private hospital and works way too many hours for probably not enough pay and definitely not enough recognition. Ugh.

Re:tinfoil time

[Hurricane78]

If you think about it, what if you would point something like a modern hubble at the earth instead of the stars? I bet you would see *much* more than just license plates.

It goes without saying...

Don't look directly at the keyboard with your remaining good eye.

Sounds like a good way to curb people who hunt-and-peck!

What is it with these guys?

[eclectro]

It's time to switch to a DVORAK keyboard. Let them sniff that.

Re:What is it with these guys?

[srussia]

It's time to switch to a DVORAK keyboard. Let them sniff that.

Actually, Dvorak users tend to be the most sniffable, in the literal olfactory sense of the term.

Re:What is it with these guys?

No one wants to sniff a Dvorak keyboard when a typical Dvorak user is using it.

Re:What is it with these guys?

[srollyson]

I don't know if that's a good enough defense. TFA says that the laser sniffing method is "analyzing the spectrograms of frequencies from different keystrokes." Once you've got a signature for each key and a large enough typing sample, your problem is reduced to a simple substitution cipher.

Re:What is it with these guys?

[langelgjm]

Clearly the solution is to type all your work in Esperanto, on a chorded keyboard. Let them sniff that.

Re:What is it with these guys?

[IQgryn]

It'll work just as well as any keyboard layout. Unless you manage to switch layouts every few minutes, they will simply come up with a different map of sounds to letters. It will still be successfully analyzed, since you're using the same map of keys to letters.

Re:What is it with these guys?

[srollyson]

Nah. The trick is to memorize a 4096-bit RSA keypair and encrypt your typing.

Re:What is it with these guys?

[adavies42]

how about the morse-code-on-the-spacebar hack from cryptonomicon? would that be sufficiently confusing?

Re:What is it with these guys?

[nschubach]

I wonder if it were possible to have the laptop generate random sounds of key presses on key down. Since the speakers on a laptop are built in, any subtle noise should be able to mess with the detection.

Re:What is it with these guys?

[Lobster+Quadrille]

Actually, it's not even that complicated.

The whole system uses statistical information to determine which key is being pressed, the same way cryptographers break basic ciphers by counting the number of occurrences of each letter. They likely will never realize the typist is using dvorak, and it won't matter.

The attacker effectively solves the dvorak/qwerty substitution cipher by listening to which keys are being pressed, not their physical location.

I don't know if they are using timing (some key combinations are faster to type in qwerty, or vice versa) in their matching of sound signatures to keys, but that's the only thing dvorak will help with, and given a big enough typing sample, it won't help that much.

Re:What is it with these guys?

[Lobster+Quadrille]

I type with a one time pad- a monitor displays random numbers and I XOR them with the keycode I want in realtime.

clickity clack

[brad3378]

Bummer.
My favorite keyboards are always the loudest ones.

Re:clickity clack

[Scrameustache]

Bummer.
My favorite keyboards are always the loudest ones.

And your recorded keyboard sounds of innocuous typing will become your new favorite background music.

Re:clickity clack

[FatdogHaiku]

Make an MP3 of random key press noise and music mixed... and play it loud. Better yet write a program to play back individual key stroke noises randomly based on your normal typing speed. I too like the old click clack keyboards, I've even got spares.

Re:clickity clack

[Onymous+Coward]

Clever idea.

Also interesting: That MP3 means "recording".

Re:clickity clack

[nschubach]

Not so interesting if you consider people make JPGs, BMPs, DOCs and PDFs as well.

How prevent spying?

[Fri13]

Just type with l33t text or other slang what words ain't on the dictionary and they just cant find out what you are typing.

Even school kids knows this and thats why they write short messages with their cell phones and for tests so the kid on the next bench can not copy what they write....

Re:How prevent spying?

[SkyDude]

Just type with l33t text or other slang what words ain't on the dictionary and they just cant find out what you are typing.

I'll just pull my tinfoil hat down over my eyes and face - that'll stop 'em.

Re:How prevent spying?

[Yamamato]

It's "1337" not "l33t", noobtard.

Re:How prevent spying?

[Scrameustache]

Just type with l33t text or other slang what words ain't on the dictionary and they just cant find out what you are typing.

The invisible lasers are listening. Write in codes and speak in tongues!

Gods, we sound like madmen.

Re:How prevent spying?

[Lobster+Quadrille]

While historically, you're right, a pretty good case could be made for spelling it whatever way you damn well please.

That's kind of the nature, and the beauty of 13375P33k

Easy solution...

[HerculesMO]

Go back to Dvorak.

Sorry, the nerd in me speaks :p

Re:Easy solution...

I don't see how dvorak would that solve the problem at all. I didn't RTFA but if its the same tech. used in the past then it is based on frequency of the repetitions of the different sounds each key makes (not the audible frequencies themselves.) Pressing the 'a' key a hundred times if its in qwerty or dvorak format doesn't change things.

Re:Easy solution...

[HerculesMO]

Dammit I was hoping nobody would notice :)

Sniff This, Mr Laser: +1, Incendiary

KKAABBBBBOOOOMMMMMMM!.

Yours In Communism,
Kilgore Trout

Wait what?

[Diracy]

Looks like I'll need to buy blinds for my basement windows now.

Re:Wait what?

[CannonballHead]

Basements with windows seems slightly ridiculous.

Of course, anything with Windows seems slightly ridiculous I guess.

[tongue in cheek, posted from Win XP..)

Re:Wait what?

[Lobster+Quadrille]

Um. You mean shutters, not blinds. Blinds wouldn't help. Sound still hits the window, and the window still vibrates.

I'd rather you get blinds for your bathroom windows. Nobody needs to see that. Back at The Company, we call you "Naked Shower Dance Guy"

Besides, there's nobody watching you.

Apple has sloved this issue

http://www.theonion.com/content/video/apple_introduces_revolutionary

Because my work is so valuable

[ClosedSource]

Everything I type on my keyboard is of great value, so of course spies will adopt sophisticated technologies to try to monitor me. They want to be wealthy and famous just as I have .. oh wait.

Re:Because my work is so valuable

[mcostas]

Yes, this article is much more lame than it first seemed. Sniffing keystrokes is most useful for stealing passwords. But these guys actually have a horrible accuracy and need to use dictionary based prediction to guess words, which won't work for any reasonable passwords.

Re:Because my work is so valuable

[CroDragn]

The problem is, there are far more "unreasonable" passwords in use than reasonably good ones.

Re:Because my work is so valuable

[badkarmadayaccount]

Which are gonna take less computing brunt to brute force than via this method.

50-100 feet away

[Nos.]

Fine, I'll just make sure I'm less that 50 feet away.

Line of sight needed?

[dfm3]

I hear that a pair of binoculars works well for this purpose, too. I'm told that they even work through glass.

Re:Line of sight needed?

[tinkerton]

Contrary to infrared lasers that have problems getting through glass...

Well, to be fair, maybe enough gets through to make it usable.

Re:Line of sight needed?

[Lobster+Quadrille]

Getting through the glass isn't a requirement. The light just has to bounce off.

bargain seats?

wow.....toilet seats are suppose to go for $600.

HA!

[LoRdTAW]

Just try sniffing my keystrokes! I use the on screen keyboard.

Re:HA!

You don't know much about Van Eck Phreaking, do you?

Re:HA!

WOOOOSHHHHHHHH

Yeah, but I bet they can't guess what number I'm

[mkcmkc]

...thinking of. (Not very much, though.)

Just Great...

[retech]

Now I need a bigger piece of tinfoil!

Re:Just Great...

[Scrameustache]

Now I need a bigger piece of tinfoil!

Shiny side out! Take THAT, laser.
Though a tinfoil covered laptop might get lousy wifi reception...

The thing that impresses me the most is...

[whiledo]

If they did this in a movie a couple of years ago, I would have called bullshit on them.

Simple. Encrypted keyboard.

[Karganeth]

Use a keyboard which changes the entire key layout every time you press any key.

Re:Simple. Encrypted keyboard.

Use a keyboard which changes the entire key layout every time you press any key.

And, when the bad guy steals your keyboard, you'll plug in a normal keyboard and try to type your username/perlgdorf.

(Wow, those were supposed to be random letters.)

Re:Simple. Encrypted keyboard.

[Lobster+Quadrille]

You said that as a joke, but this would actually be the only practical use I can think of for the Optimus Maximus.

Obviously, it wouldn't be practical for normal use, but when you need to type passwords?

There are PIN pads and electric door locks that randomize the layout of the keypad to prevent people from watching the movement of your fingers or just looking at which buttons have fingerprints or don't have any dust on them.

Re:Simple. Encrypted keyboard.

[Feminist-Mom]

I'm not sure I understand. How does the user know what keys to hit? Are they not physical buttons?

Re:Simple. Encrypted keyboard.

[Lobster+Quadrille]

Buttons with different colored lights, or in the case of the Optimus Maximus, little LCD screens in every keyboard. The idea is that the display can be changed quickly.

Aren't windows fairly IR opaque?

[beezhive]

I seem remember reading or hearing somewhere that windows were fairly IR opaque. (Maybe it was Mythbusters?) Anyway, if that's the case, you just need to stay inside and watch your keyboard like a hawk to prevent people spying on you...

Re:Aren't windows fairly IR opaque?

seem remember reading or hearing somewhere that windows were fairly IR opaque.

Glass isn't, but some windows of treatments that reflect IR. They are considerably more expensive.

Re:Aren't windows fairly IR opaque?

[Lobster+Quadrille]

You don't need to shoot the laser through the window, you need to bounce it off.

Scare them!

[x78]

Well I guess we'll all have to start typing "I KNOW YOU'RE SPYING" every few minutes or so, shift held down of course (no copy-pasting!),
That'll show them!
See http://xkcd.com/525/ for funnies

Get Smart!

[Scrameustache]

And the keystroke that was planted in my brain
Still remains
Within the cone... of silence.

That's 20-30 meters in real units.

[Arancaytar]

...

Cooler than van-Eck phreaking

[Arancaytar]

For high-tech methods of electronic surveillance, I thought Stephenson's van-Eck phreaking in Cryptonomicon held the record. But laser microphones clearly win as far as range is concerned. :)

Re:Cooler than van-Eck phreaking

[whitehatnetizen]

"stephenson's van-Eck phreaking"? I'm certain that it's van-Eck's van-Eck phreaking http://en.wikipedia.org/wiki/Van_Eck_phreaking

Re:Cooler than van-Eck phreaking

[Lobster+Quadrille]

They're also way easier to build. I was playing with them last weekend.

http://www.diylife.com/2007/08/22/diy-laser-long-distance-listening-device/

As long as they can't capture...

>Laser Sniffing Captures Typed Keystrokes From 50-100 Feet

As long as they can't capture keystrokes typed with your hands, I feel pretty safe.

Gotcha

[Jane+Q.+Public]

"Using an infrared laser would prevent a victim from knowing they were being spied on."

An infrared laser would not "work through a glass window". Most glass is essentially opaque to infrared. That's why your car gets so hot in the summer... UV comes in, warms up the upholstery, but the IR emitted from the hot interior just reflects off the glass, back into the car.

Re:Gotcha

[Lobster+Quadrille]

It doesn't have to go through the window, it has to bounce off. The whole thing works by recording vibrations in the reflection.

Re:Gotcha

[Jane+Q.+Public]

Not according to the original post. Read it again.

That is the way a normal IR listening device works, but that is not what they were proposing.

Tough to do undetected through a window, I'd guess

[DieByWire]

Line-of-sight on the laptop is needed, but it works through a glass window, they said. Using an infrared laser would prevent a victim from knowing they were being spied on.

The reason greenhouses work so well is that glass does a decent job of blocking infrared light (hmmm... maybe someone can think up a catchy name for the effect).

I'm not an optics wonk but I'd expect the infrared laser through a window trick would be tough to pull off. Especially so if the glass is low-e.

They're filled with N2, Ar or plain air.

[Xenographic]

Parent post is correct. I work for a window manufacturer and our IG units are only ever filled with normal air, nitrogen, or argon.

("IG units" are insulated glass units, AKA double pane windows, and consist of two lites of glass with a spacer between them. They are sealed shut with PIB and silicone.)

It's possible that they're confused by part of the manufacturing process where the IG units go through a vacuum chamber which removes all the air, before filling the units with nitrogen or argon and sealing them. But I'm quite sure we don't make any vacuum filled units. And even if we did, I have to think that at least some sound would be transmitted through the spacer that holds the two lites of glass apart.

As if the bow wouldn't be bad enough, the vacuum would cause the windows to explode even more violently than they already do if they were broken. As someone who has seen tempered lites of glass around 6' x 9' explode, I can tell you that your living room would already be a mess of broken glass if a picture window like that broke. You really don't want a vacuum in there to make things worse. Especially given that a window that size would likely be made out of 6 mm glass...

Well, I guess if someone was crazy enough to make a window like that, they'd use laminated glass. At least, I hope they would. Our customers are always trying to push the limits of how big you can allow a lite to get before it has to be thicker ...

Re:They're filled with N2, Ar or plain air.

[Kjella]

As if the bow wouldn't be bad enough, the vacuum would cause the windows to explode even more violently than they already do if they were broken./quote

All the air would be rushing in, so why would it be exploding outwards? I guess it'd make it shatter more but I'd think the pressure differentail would make it spread less, not more.

Re:They're filled with N2, Ar or plain air.

[Xenographic]

> All the air would be rushing in, so why would it be exploding outwards? I guess it'd make it shatter more but I'd think the pressure differential would make it spread less, not more.

I guess that's just an assumption of mine, but I'm guessing that the pieces would end up with more kinetic energy due to the vacuum.

All I know is that I was once sternly warned about the proper way to break a CRT tube (put it inside a trash bag and carefully crack the thin end on the back with a hammer until you could hear air rush in) and those are vacuum filled. I was told that the implosion would be pretty bad if I broke it any old way (and that I shouldn't just toss it into the trash with the vacuum intact).

It's just a jump to the left

[postermmxvicom]

And then a step to the right

White Noise Generators

[CaputNoodle]

A company that I used to work for put white noise generators on some of the windows to prevent lasers from picking up sounds inside the rooms. Obviously, this was only done for very secretive projects.

Re:White Noise Generators

[adavies42]

don't forget to close the blinds--the "reflection" from a white wall is reconstructable for a source from up to a dozen feet away or so, iirc, so facing your computer away from the window is no use.

Re:White Noise Generators

[Lobster+Quadrille]

I'm not sure it really even requires that secretive of projects.

Laser mics are cheap and easy to build. I can definitely see them being the future of surveillance tech.

Line of sight is required

[hobbit]

AKA you can see the keyboard. What was the laser for again?

No need.

[nsaspook]

Why waste the time snooping and cracking passwords when you could do things the old fashioned way. A red hot framing nail up the sysadmins uretha works every time.

    Quote from the "Jack Bauer diaries"

Warning!

[Trace+Bullet]

Do not sniff laser with remaining nostril.

so much for the model m

[adavies42]

the world's first decent reason not to use a model m. (of course, if you do get sniffed using one, you'll have a much better chance of killing the bastards with it than you will with some rubber-dome POS from dell....)

Re:Tough to do undetected through a window, I'd gu

so use a uv laser and hope the targets laptop doesn't fluoresce

Researchers mining old spy technologies

Having gained fame by re-using 35-year-old spy techniques on computer keyboards, they make headlines again using 20-year old infrared-laser-on-glass techniques.

I'm thinking of blowing everyone away by showing that "invisible ink" can be made with lemon juice and then read -- get this -- over a flame.

Infrared

[Majik+Sheff]

Since typical window glass blocks a large portion of the infrared spectrum that lasers are tuned to, their idea of being stealthy seems less likely.

Re:Infrared

[Lobster+Quadrille]

You aren't trying to shoot the laser through the window, you're bouncing it off and reading the reflection.

Re:Infrared

[pmarcondes]

I guess they meant IR lasers. IIRc, the laser is used to measure window pane displacement, caused by by sound waves emanating from you keyboard. Ah, in another /. post today they talk about the comeback of the IBM type M keyboard. With that, you might use regular microphone =]

Re:Infrared

[Majik+Sheff]

I understand that that is how normal laser mics work, but in the first sentence of TFA: "researchers from Inverse Path were able to point a laser on the reflective surface of a laptop"

That would imply that if you wanted to listen in, you would have to pass your laser through the window, bounce it off of the laptop, and back through the window before doing your interferometric measurements.

Their measurements worked because they were measuring soundwaves propagated through a solid material (the laptop) directly to the reflective surface. Making readings of similar quality from a window in the room is MUCH harder due to things like the relatively poor conduction of sound from surface to air to surface and the existence of other sounds in the room. Reading acoustic signals directly off of an object that is vibrating is infinitely easier.

The important part of this accomplishment is the algorithms that they developed to extract and extrapolate valid data from an otherwise useless stream of noises.

Re:Infrared

[Lobster+Quadrille]

I confess I didn't read the article closely and I assumed that they were using the laser mic like a regular laser mic.

However, the algorithms to pull keystrokes from an audio recording have been public since 2005, and have probably been used by government and bad guys for a lot longer than that.

According to that article, this can be done with a simple PC mic. For what it's worth, my basic experiments with DIY laser mics get almost as good of sound quality in the right conditions. It's not hard to imagine that somebody who actually understands optics and sound could get much better.

infra-red laser bugging

ooh - I haven't seen anything about this in ages. I remember seeing a film once that started with some politician/businessmen types having a clandestine meeting in an office tower. Unbeknownst to them some guys in the tower opposite are happily listening in with said infra-red laser until one of the security guys notices the beam through a glass of red wine and the chase begins ...

Anyone know what this film is?

Could incorporate the new technology in the remake ...

I thouth I was paranoid

[hesaigo999ca]

This proves it, everyone out there is watching me (or my keyboard strokes)!

IR through glass?

[digitalsolo]

I was under the distinct impression that glass was an excellent medium for blocking/massively dispersing IR, even in "super awesome laser" form.

That would make it somewhat difficult to use anything but visible, very obvious light.

Re:IR through glass?

[Lobster+Quadrille]

It's still pretty good at reflecting it, and the reflections are what you record the windows' vibrations with.

Re:IR through glass?

[digitalsolo]

Understood, but the article states that line of sight is needed with the laptop. A typical IR reflecting window (which most homes have, and even glass without specific design inclusions for IR blocking is pretty effective at it) effectively stops line of sight for infrared light.

Either the article is poorly worded, and they don't need actual line of sight and a laser mic could be pointed at any window (in which case, how far from the window can the keyboard be and still have sufficient enough vibration in the glass to be readable? I would think not very far at all), or they do need line of sight, which they do not have with an IR laser mic through typical glass windows.

Then again, I've not had any caffeine today, so I may just be hopelessly lost here.

Re:IR through glass?

I admit I only skimmed the article, but a few versions of it have been bouncing around. Laser Mics are actually not really anything new, and it's a pretty cool project if you're looking for something to do this weekend.

http://www.diylife.com/2007/08/22/diy-laser-long-distance-listening-device/

At any rate, the article is likely just badly worded. You need line of sight to the window and back, but the window itself can pick up vibrations from anywhere in (or outside) the room.

I'm not sure about how high of quality they need to pull off this version of the attack, but other versions of the "listen to keystrokes with a microphone" attack have been done for a few years now using crappy PC mics. You can get almost that high of quality with the laser and a good window.

clickita grack

[Onymous+Coward]

The fact that people make files of particular formats is not relevant. That they might be told to take a screen capture, for example, with the words "make a JPG of your screen" would instead be a relevant scenario. See the difference? Let's try this:

"here's a tissue for your nose"
"here's a Kleenex for your nose"

I don't think we're really at the point of taking this particular "brand" (MP3) as a generic term, so I'm guessing GGP really did mean for people to make MP3s. I'm guessing this (excessive level of) specification was not because he or she thoroughly equates "MP3" with "recording", but more likely because they are accustomed to conceiving of recordings as MP3s. That is, they distinguish between the general concept of recording and the specific encoding by which it can be done, but generally thinks of recordings with a particular codec.

My response is, "No, using a JPG for a screenshot would be silly for what's currently on my screen, when I can get better compression and lossless reproduction with any number of indexed color formats." Similarly, "There are formats other than MP3 and I might suggest that if you're really paranoid you may not want to give the eavesdroppers anything extra to work with, including encoding artifacts in your decoy background sound. Perhaps you really mean recording instead of accidentally overspecifying."

Re:clickita grack

[nschubach]

Well, it's the same thing as "taping a show"... recording the show to a tape. (Was it Memorex that wanted to "synonimize" their name to recording?) Xeroxing that document.

I guess that's more my point. The format/brand soon becomes commonly accepted as a synonym for the action given plenty of time...and MP3 has been given plenty of time, IMHO. Just as your Kleenex/tissue argument. You also have hot dogs, frankfurters, red hots (which I think were un-trademarked "brand names" at the time if I remember right), and in some southern areas, Coke is any brown colored soda.

Modders, please get a clue.

[Jane+Q.+Public]

Yet again you marked my comment "redundant", even though it was the first one to mention the subject matter.

Clue: These posts have something called a "timestamp". Some of those other comments were almost 12 hours AFTER mine!

add your own vibrations

Strap a little vibration unit to the laptop to add your own vibrations. Instant security.