This has been a week of crazy hacking announcements. CIO.com reports that Andrea Barisani and Daniele Bianco, a pair of researchers for network security consultancy Inverse Path, will demonstrate two new attacks that can be used to record keystrokes entered on a computer at the upcoming Black Hat USA 2009 conference.
The first requires access to a power outlet on the same circuit as the target computer. Because the data wire within the keyboard cable is unshielded, the signals leak into the ground wire in the cable, and from there into the ground wire of the electrical circuit. Bit streams generated by the keyboards that indicate what keys have been struck create voltage fluctuations in the grounds, they say. The attacker then filters out other ground signals and is left with the keystrokes entered.
The second attack points cheap lasers at shiny portions of a laptop, like its lid or even the surface of the table near the device and measures the vibration caused by hitting the various keys. The researchers claim that each key has a distinct vibration pattern and by knowing the language used by the typist, the keys entered can be determined. They found the attack works best when pointing at the lid of the laptop, either at a shiny logo or at a spot near the hinges.
The cost of the tools needed for the electrical outlet attack cost around $500 US and the cost of the laser attack cost around $100 US and took about a week to test. While the researchers admit that their tools are currently rudimentary, they feel that given their minimal time committment and relative cheapness of the tools illustrate the potential for expansion by a dedicated team or government entity.