Sniffing passwords with Laser beams #BlackHat

From the

‘

‘

files:

LAS VEGAS. There are all kinds of ways that attackers can ‘sniff’ a users password, but laser beams and power cords?

No it’s not Science Fiction, it’s Black Hat.

Security researchers Andrea Barisani and Daniele Bianco gave a tremendously entertaining and informative talk here about how good old PS/2 keyboard leak though power lines and oh yeaah the lasers.

But first the keyboards.

“We
attacked PS2 keyboards and they have multiple cables inside of it,”
Barisani said. “The wires are close to each other and poorly shielded
so there is a leak of information from the data wire to the ground
wire.”

Barisani noted that the signal from the
ground wire would also permeate to other electrical outlets in close
proximity.  The two researcher showed some demo screens of what the
electrical wires actually showed – at this stage they were able to make
out letters. They didn’t demo any kind of larger tool that could
actually turn all the letters into numbers and words, though they said
it was possible.

“We’re confident that more expensive equipment can lead to more precise
measurements,” Barisani said. “We’re two idiots and we did this in one week.”

Now
the laser beams is another story. The general idea is that the laser is
used as an acoustic microphone that could be used to remotely pick up
the sound vibration from a users keyboard. Somehow you can match that
acoustic vibration to words/numbers, but frankly I didn’t understand
how that actually worked.

But it is something remarkable and according to their preliminary research very real too.

So how do you defend against these attacks? Tin hats of course