• Home
• Auditing
• Services
• Blogs
• Resources
• About Us

Subscribe to This Feed

Click Here to Subscribe

Recent Posts

• Flash Player as a spy system: CyberSecurity Highlights September 8th
• Hotmail suffers hours-long outage on Thursday: CyberSecurity Highlights Sept 7th
• Malware hosted on Google Code project site: Cyber Security Highlights September 3rd
• BadB now charged in RBS WorldPay ATM case: Cyber Security Highlights Sept 2, 2010
• HP holds Navy network Hostage for $3.3 billion: Cyber Security Highlights

Categories

• 20 Critical Controls
• 44th Presidency Cybersecurity efforts
• Advanced Persistent Threat
• Assurance
• Audit
• Background Checks
• CISA
• Cyber Warfare
• Cybercrime
• Data Leakage Protection (DLP)
• DHS Infrastructure Reports
• Encryption
• Free Audit Checklists
• Health Information Technology
• Information Security Awareness
• Legal & Privacy
• Malware
• Medical Identity Theft
• Microsoft Windows
• Policy
• Progressive Reforms
• SANS Institute
• Secure Development Lifecycle (SDL)
• Sharpen the Saw
• Social Engineering
• Tools
• Training
• Web 2.0
• Writing Secure Code

Attend an Event

Enclave on Twitter

« Company Wants to Keep Botmaster Criminal as SysAdmin After Time Served | Main | Security Metrics and Risk, How valuable is that dashboard report? »

Moving over Keystroke Loggers, now we have Dynamic Time Warping?

By Kelli Tarala | March 23, 2009

Researchers at InversePath announced at the Tenth Annual CanSecWest conference that they were able to detect sniff keyboard strokes and determine which letters were being typed. They were able to detect and deduce the mechanical emissions from a keyboard by pointing a laser on the reflective surface of a laptop. Security Engineer Andrea Barisani and hardware hacker Daniele Bianco presented new research in hardware hacking titled “Sniff Keystrokes With Lasers/Voltmeters - Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage“. They were able to deduce the keyboard strokes between 50 feet and 100 feet away.

Barisano and Biano used three tools to accomplish this goal:

• Created a homemade laser microphone to measure the vibrations of the key. Keyboards are spring loaded
  • Line-of-sight to the laptop is needed
  • It does work through a glass window
• Software for analyzing the spectrograms of frequencies from different keystrokes
• Data Dictionary was used to try and guess what words were being typed.

The researchers dynamic time warping, technique called that’s typically used for speech recognition applications, to measure the similarity of signals.

In a second attack method, these researchers were able to spy on the keystrokes of a computer using a PS/2 keyboard through a ground line from a power plug in an outlet 50 feet away. “Information leaks to the electric grid,” said Barisani. “It can be detected on the power plug, including nearby ones sharing the same electric line” as the victim’s computer. The researchers used a digital oscilloscope and analog-digital converter, as well as filtering technology to isolate the victim’s keystroke pulses from other noise on the power line.

 They say they only real way to mitigate against this type of spying would be to change your typing position and mistype words. No problem there!

Topics: Data Leakage Protection (DLP), Tools |

Comments are closed.