Use Electrical Outlets or Lasers to capture keystrokes?

This has been a week of crazy hacking announcements. reports that Andrea Barisani and Daniele Bianco, a pair of researchers for network security consultancy Inverse Path, will demonstrate two new attacks that can be used to record keystrokes entered on a computer at the upcoming Black Hat USA 2009 conference.

The first requires access to a power outlet on the same circuit as the target computer. Because the data wire within the keyboard cable is unshielded, the signals leak into the ground wire in the cable, and from there into the ground wire of the electrical circuit. Bit streams generated by the keyboards that indicate what keys have been struck create voltage fluctuations in the grounds, they say. The attacker then filters out other ground signals and is left with the keystrokes entered.

The second attack points cheap lasers at shiny portions of a laptop, like its lid or even the surface of the table near the device and measures the vibration caused by hitting the various keys. The researchers claim that each key has a distinct vibration pattern and by knowing the language used by the typist, the keys entered can be determined. They found the attack works best when pointing at the lid of the laptop, either at a shiny logo or at a spot near the hinges.

The cost of the tools needed for the electrical outlet attack cost around $500 US and the cost of the laser attack cost around $100 US and took about a week to test. While the researchers admit that their tools are currently rudimentary, they feel that given their minimal time committment and relative cheapness of the tools illustrate the potential for expansion by a dedicated team or government entity. – How to Use Electrical Outlets and Cheap Lasers to Steal Data

Hacking the Dot-Matrix Printer

It sounds like something out of a bad spy movie, but researchers at Saarland University have published a paper on a new hack targeted at those old trusty dot-matrix printers. These researchers discovered that by recording the sounds the printers made and running them through a speech-recognition algorithm, they were able to extract the words printed on the page.  They were even successful in running their tests inside an actual doctor’s office – with permission of course, so this is not something that only works in the lab.

So what? No one still uses these dinosaurs, right? Not so fast, in a survey conducted by the same university, 30% of the banks, and 58.4% of doctor’s clinics still use them. In many cases, these devices were used to print out semi-sensitive information like receipts and prescription information.

And why do businesses still use dot-matrix printers? Well, for fairly standard reasons – they cost less than more modern printers, are very durable, and work with older hardware and computer systems. One company I talked to about this study said that it was cheaper to keep these old printers working than to upgrade the systems and software that utilized them.

After reading the paper, it seems the attack would have to be tailored to a particular model of printer, but even with that limitation, some interesting possibilities are available. Will the next Mission Impossible movie include a scene with Tom Cruise planting a recording device in a bank to get account numbers of his target? And what will we find out next, that the contents of a CRT or LCD can be replayed by measuring the radiation output? Oh wait….

Original study: How Printers Can Breach Our Privacy: Acoustic Side-Channel Attacks On Printers