They also presented it at CanSecWest back in March. There were two different types of attacks that they demonstrated there.. one was sniffing the PS/2 keystrokes from the power leakage... and the second (and cooler IMHO) one was remote sniffing of keystrokes using lasers.
Basically they use a laser being reflected off the lid of a laptop as a remote microphone and measuring vibrations, a technique which apparently has been previously documented.. then they combine that with the ability to use the "sound" of your typing to determine what key you're striking. When I type, each letter has a very slightly different sound due to variations such as how fast I hit it, how hard I hit it, differences in the physical keys etc. So once you can tell the signature of each different key.. then just take a long sample of keystrokes and compare them to a dictionary to map each signature to the correct key. The nice thing is all of that could be done offline, once you gather the recording of the session. After I saw this, I immediately changed my password from "111111111" to include some other numbers as well... you know, to throw them off. Plus they had a killer presentation with "frickin laserbeams".. Cool stuff. Slide deck from cansec is here: http://cansecwest.com/csw09/csw09-barisani-bianco.pdf On Mon, Jul 13, 2009 at 11:43 AM, Jack Daniel <[email protected]> wrote: > The presentation was done at Shakacon, and is available on the Risky > Business 2 podcast, along with an interview with the guys who > presented it. I'm looking forward to seeing their preso live at BH or > DC. > > Jack > > > On Mon, Jul 13, 2009 at 1:10 PM, > kajigga<[email protected]<kajigga%[email protected]>> > wrote: > > kajigga saw this story on the BBC News website and thought you > > should see it. > > > > > > > > ** Snooping through the power socket ** > > Whatever you type on a keyboard leaks via the power socket and can be > eavesdropped upon, find security researchers. > > < http://news.bbc.co.uk/go/em/fr/-/2/hi/technology/8147534.stm > > > > > > > ** BBC Daily E-mail ** > > Choose the news and sport headlines you want - when you want them, all > > in one daily e-mail > > < http://www.bbc.co.uk/email > > > > > > > ** Disclaimer ** > > The BBC is not responsible for the content of this e-mail, and anything > written in this e-mail does not necessarily reflect the BBC's views or > opinions. Please note that neither the e-mail address nor name of the sender > have been verified. > > > > If you do not wish to receive such e-mails in the future or want to know > more about the BBC's Email a Friend service, please read our frequently > asked questions. http://news.bbc.co.uk/1/hi/help/4162471.stm > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
