Laser Sniffing Captures Typed Keystrokes From 50-100 Feet

← Back to Stories (view on slashdot.org)

Laser Sniffing Captures Typed Keystrokes From 50-100 Feet

Posted by timothy on Thursday March 26, 2009 @08:22AM from the shoot-back dept.

Death Metal writes "Chief Security Engineer Andrea Barisani and hardware hacker Daniele Bianco used handmade laser microphone device and a photo diode to measure the vibrations, software for analyzing the spectrograms of frequencies from different keystrokes, as well as technology to apply the data to a dictionary to try to guess the words. They used a technique called dynamic time warping that's typically used for speech recognition applications, to measure the similarity of signals. Line-of-sight on the laptop is needed, but it works through a glass window, they said. Using an infrared laser would prevent a victim from knowing they were being spied on." (This is the same team that was able to pick up the electromagnetic signals emitted by PS/2 keyboards.)

18 of 146 comments (clear)

Not First Post by MyLongNickName · 2009-03-26 08:26 · Score: 4, Funny

I would have had first post, but I had to close my blinds to avoid anyone spying on my leet Slashdot posting skills.

--
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
1. Re:Not First Post by cromar · 2009-03-26 08:44 · Score: 4, Funny
  
  n00b. 17'5 5p3113d \/\/17# 4 "7." 17'5 5p3113d "1337." 101
2. Re:Not First Post by RulerOf · 2009-03-26 09:12 · Score: 5, Funny
  
  n00b. 17'5 5p3113d \/\/17# 4 "7." 17'5 5p3113d "1337." 101
  Oh. My. God... I could read that.
  
  I'm going to go get laid ASAP, burning sun be damned!
  
  --
  Boot Windows, Linux, and ESX over the network for free.
3. Re:Not First Post by Anenome · 2009-03-26 17:10 · Score: 2, Insightful
  
  If the song you play can be identified and reproduced to a good degree of the distortion created by your room and the bass levels, then removing that from the data stream is not particularly difficult. You would actually have to play two different songs at some non-standard or perhaps continuously variable playback-rate in order to create something hard to find and duplicate so that it couldn't be simply removed from the recording. It's like those Bose noise-canceling headphones, by sampling the sound as it comes in they can subtract that sound from what you actually hear. The same would apply here.
  
  --
  "I Don't Have Enough Faith to be an Atheist"
Let's... by Roadkills-R-Us · 2009-03-26 08:27 · Score: 4, Funny

dynamic time warp again!
on the contrary: !Easy to dectect by CaptainPatent · 2009-03-26 08:32 · Score: 3, Informative

If you go blind while you are typing, you are probably being sniffed.

Or you are having severe problems with your retinas.

In either case, you should feel your way to an opthamologist quickly.
Actually, Infrared lasers only hurt eyes if you look directly into them. Using a low-powered infrared laser pointed at a keyboard wouldn't be any different than using a red laser pointed at a keyboard except that the victim would see the dot. Unless they're using a mirrored keyboard the light would be diffused and not refracted so it would be similar to looking at a resultant red dot from a laser instead of directly into a laser.

--
Well, back to rejecting software patent applications.
1. Re:on the contrary: !Easy to dectect by DMUTPeregrine · 2009-03-26 08:49 · Score: 2, Interesting
  
  Also, the point is to point the laser at the window and have it reflect. By measuring changes in the angle of reflection you can reconstruct sound hitting the inside of the window. Double-pane glass with a vacuum between the panes removes this attack vector.
  
  --
  Not a sentence!
2. Re:on the contrary: !Easy to dectect by causality · 2009-03-26 08:56 · Score: 2, Insightful
  
  Also, the point is to point the laser at the window and have it reflect. By measuring changes in the angle of reflection you can reconstruct sound hitting the inside of the window. Double-pane glass with a vacuum between the panes removes this attack vector.
  Is it common for double-pane glass to contain anything that could be called a vacuum? I'll admit I don't know but I always thought they just had regular atmospheric-pressure air between the panes, as an extra layer of insulation. Would you need a proper vacuum to dampen the sound vibrations enough to defeat this attack?
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
3. Re:on the contrary: !Easy to dectect by Yokaze · 2009-03-26 10:37 · Score: 2, Informative
  
  > Actually, Infrared lasers only hurt eyes if you look directly into them.
  Someone could mistake what you are saying, so let me state the following: there is no eye-safe wave length.
  The wave-length of the laser only decides which kind of injury it might inflict to your eye, when the energy density is high enough. Granted, for UV wavelengths a lower energy density is dangerous, but the difference between visible light and infra-red can be neglected. Which is comes similar to what you are saying next.
  > Using a low-powered infrared laser pointed at a keyboard wouldn't be any different than using a red laser pointed at a keyboard except that the victim would see the dot.
  Granted, a sufficiently low powered infra-red laser wouldn't cause any more harm than a visible laser (green or red).
  But, looking inadvertantly in the red laser triggers the eye reflex, something what infra-red light would not, as you don't perceive it. So, a NIR can be more dangerous.
  So a common 1mW visible light laser is class 2, while the 1mW infra-red is class 3, because you simply wouldn't notice, that your eye is blinded.
  
  --
  "Between strong and weak, between rich and poor [...], it is freedom which oppresses and the law which sets free"
4. Re:on the contrary: !Easy to dectect by DieByWire · 2009-03-26 10:46 · Score: 2, Informative
  
  Is it common for double-pane glass to contain anything that could be called a vacuum? I'll admit I don't know but I always thought they just had regular atmospheric-pressure air between the panes, as an extra layer of insulation.
  A vacuum would be great for stopping heat loss, but isn't present in any normal double pane window. Atmospheric pressure (14 lbs/sq in) * the number of sq inches in a window pane is a big number. Any pane that didn't break would be noticeably bowed.
  Some higher end double pane windows are filled with argon, since it insulates better than standard air.
  
  --
  Never shake hands with a man you meet in a fertility clinic.
Apple has sloved this issue by Anonymous Coward · 2009-03-26 08:46 · Score: 2, Funny

http://www.theonion.com/content/video/apple_introduces_revolutionary
Re:What is it with these guys? by srollyson · 2009-03-26 08:49 · Score: 2, Insightful

I don't know if that's a good enough defense. TFA says that the laser sniffing method is "analyzing the spectrograms of frequencies from different keystrokes." Once you've got a signature for each key and a large enough typing sample, your problem is reduced to a simple substitution cipher.
Line of sight needed? by dfm3 · 2009-03-26 08:59 · Score: 4, Funny

I hear that a pair of binoculars works well for this purpose, too. I'm told that they even work through glass.
Re:What is it with these guys? by srollyson · 2009-03-26 09:12 · Score: 2, Funny

Nah. The trick is to memorize a 4096-bit RSA keypair and encrypt your typing.
Simple. Encrypted keyboard. by Karganeth · 2009-03-26 09:17 · Score: 2, Funny

Use a keyboard which changes the entire key layout every time you press any key.
Get Smart! by Scrameustache · 2009-03-26 09:51 · Score: 3, Funny

And the keystroke that was planted in my brain
Still remains
Within the cone... of silence.

--
You can't take the sky from me...
They're filled with N2, Ar or plain air. by Xenographic · 2009-03-26 11:07 · Score: 5, Informative

Parent post is correct. I work for a window manufacturer and our IG units are only ever filled with normal air, nitrogen, or argon.
("IG units" are insulated glass units, AKA double pane windows, and consist of two lites of glass with a spacer between them. They are sealed shut with PIB and silicone.)
It's possible that they're confused by part of the manufacturing process where the IG units go through a vacuum chamber which removes all the air, before filling the units with nitrogen or argon and sealing them. But I'm quite sure we don't make any vacuum filled units. And even if we did, I have to think that at least some sound would be transmitted through the spacer that holds the two lites of glass apart.
As if the bow wouldn't be bad enough, the vacuum would cause the windows to explode even more violently than they already do if they were broken. As someone who has seen tempered lites of glass around 6' x 9' explode, I can tell you that your living room would already be a mess of broken glass if a picture window like that broke. You really don't want a vacuum in there to make things worse. Especially given that a window that size would likely be made out of 6 mm glass...
Well, I guess if someone was crazy enough to make a window like that, they'd use laminated glass. At least, I hope they would. Our customers are always trying to push the limits of how big you can allow a lite to get before it has to be thicker ...
Re:Cooler than van-Eck phreaking by whitehatnetizen · 2009-03-27 00:15 · Score: 2, Informative

"stephenson's van-Eck phreaking"? I'm certain that it's van-Eck's van-Eck phreaking http://en.wikipedia.org/wiki/Van_Eck_phreaking