Forgot your password?
typodupeerror
Security Privacy

Laser Sniffing Captures Typed Keystrokes From 50-100 Feet 146

Posted by timothy
from the shoot-back dept.
Death Metal writes "Chief Security Engineer Andrea Barisani and hardware hacker Daniele Bianco used handmade laser microphone device and a photo diode to measure the vibrations, software for analyzing the spectrograms of frequencies from different keystrokes, as well as technology to apply the data to a dictionary to try to guess the words. They used a technique called dynamic time warping that's typically used for speech recognition applications, to measure the similarity of signals. Line-of-sight on the laptop is needed, but it works through a glass window, they said. Using an infrared laser would prevent a victim from knowing they were being spied on." (This is the same team that was able to pick up the electromagnetic signals emitted by PS/2 keyboards.)
This discussion has been archived. No new comments can be posted.

Laser Sniffing Captures Typed Keystrokes From 50-100 Feet

Comments Filter:
  • by MyLongNickName (822545) on Thursday March 26, 2009 @04:26PM (#27347453) Journal

    I would have had first post, but I had to close my blinds to avoid anyone spying on my leet Slashdot posting skills.

    • by mcgrew (92797)

      You misspelled 133t, 14m3r!

      • by cromar (1103585) on Thursday March 26, 2009 @04:44PM (#27347823)
        n00b. 17'5 5p3113d \/\/17# 4 "7." 17'5 5p3113d "1337." 101
        • by RulerOf (975607) on Thursday March 26, 2009 @05:12PM (#27348355)

          n00b. 17'5 5p3113d \/\/17# 4 "7." 17'5 5p3113d "1337." 101

          Oh. My. God... I could read that.

          I'm going to go get laid ASAP, burning sun be damned!

          • n00b. 17'5 5p3113d \/\/17# 4 "7." 17'5 5p3113d "1337." 101

            Oh. My. God... I could read that.
            I'm going to go get laid ASAP, burning sun be damned!

            Eerily, not only could I read it, but so could my wife and our teenage kids!

          • by cromar (1103585)
            101. 7#47'5 pR06461y 4 g00d 1d34 ;-) 631/3v3 /\/\3, u 5#0u1d 63 g14D 5145#d07 d035/\/'7 4110\/\/ un/c0d3 c#4R5 0r 7#15 c0u1d g37 pr377y kR4zY, Y0u k/\/0\/\/?
            • 101. 7#47'5 pR06461y 4 g00d 1d34 ;-) 631/3v3 /\/\3, u 5#0u1d 63 g14D 5145#d07 d035/\/'7 4110\/\/ un/c0d3 c#4R5 0r 7#15 c0u1d g37 pr377y kR4zY, Y0u k/\/0\/\/?

              Who uses a "6" for a "B"? I always used an "8".
              Plus, you're interchangeably using "1" for both "i" and "L", which is confusing. (I know, tricky when both letters are in the same word). That's why I prefer "|_" for "L"> ;-)

              That should read:
              101. 7#47'5 pR0848|_y 4 g00d 1d34 ;-) 83|_13v3 /\/\3, u 5#0u1d 83 g|_4D 5|_45#d07 d035/\/'7 4|_|_0\/\/ un/c0d3 c#4R5 0r 7#15 c0u|_d g37 pr377y kR4zY, Y0u k/\/0\/\/

              God. I can't believe I can read this stuff either. Scary.

          • by VagaStorm (691999)
            Lol, that was my first thought to :)
          • by mcgrew (92797)

            I'm going to go get laid ASAP, burning sun be damned!

            You'll need this. [slashdot.org]

        • by Ihmhi (1206036)

          Incidentally, I wonder how much fun we could have with this sentence. Just start showing it to random people.

          ----

          Me: "It's the supposed formula for cold fusion."

          Physics Student: "I mean, as a chemistry formula it makes sense, but in some ways it doesn't... # isn't even a chemistry symbol! Unless..." -proceed with four hours of rambling-

          ----

          Me: "It's a diagram of a portion of the circuitry that's in the new iPhone. I think it's like, some Chinese system of mapping out electrical stuff.:

          Electrical Eng

    • Except it wouldn't work. The sound would still reach the glass and be picked up by the laser mic.
  • Let's... (Score:5, Funny)

    by Roadkills-R-Us (122219) on Thursday March 26, 2009 @04:27PM (#27347475) Homepage

    dynamic time warp again!

  • looks like it's time to stock up on tinfoil and old reflective (mainly old aol) cds.

    imagine what the govt can do if regular scientists can do this with regular lasers (not including with sharks)

    • by causality (777677)

      looks like it's time to stock up on tinfoil and old reflective (mainly old aol) cds.

      imagine what the govt can do if regular scientists can do this with regular lasers (not including with sharks)

      Consider that around 1980, they (the US Gov't) admitted to having spy satellites that could photograph a vehicle's license plate from orbit. That's what they were willing to admit to back then; you can bet that their most advanced technologies were kept secret. Then the stealth bomber was kept a secret for about thirty years. Anyone who saw one back when it was secret would have probably called it a UFO since, well, it's a flying object that couldn't be identified without proper security clearances. At

      • by dattaway (3088) *

        admitted to having spy satellites that could photograph a vehicle's license plate from orbit.

        I still have yet to see a picture of a license plate (horizontal OR vertical) from space. If they can take a picture of a flat object mounted 90 degrees at any distance from the source, I would certainly be impressed.

      • If you think about it, what if you would point something like a modern hubble at the earth instead of the stars? I bet you would see *much* more than just license plates.

    • by langelgjm (860756)
      This [xkcd.com] seems apposite.
  • It's time to switch to a DVORAK keyboard [wikipedia.org]. Let them sniff that.

    • by srussia (884021)

      It's time to switch to a DVORAK keyboard [wikipedia.org]. Let them sniff that.

      Actually, Dvorak users tend to be the most sniffable, in the literal olfactory sense of the term.

    • Re: (Score:2, Insightful)

      by srollyson (1184197)
      I don't know if that's a good enough defense. TFA says that the laser sniffing method is "analyzing the spectrograms of frequencies from different keystrokes." Once you've got a signature for each key and a large enough typing sample, your problem is reduced to a simple substitution cipher.
      • by langelgjm (860756)

        Clearly the solution is to type all your work in Esperanto, on a chorded keyboard. Let them sniff that.

      • by adavies42 (746183)
        how about the morse-code-on-the-spacebar hack from cryptonomicon? would that be sufficiently confusing?
      • Actually, it's not even that complicated.

        The whole system uses statistical information to determine which key is being pressed, the same way cryptographers break basic ciphers by counting the number of occurrences of each letter. They likely will never realize the typist is using dvorak, and it won't matter.

        The attacker effectively solves the dvorak/qwerty substitution cipher by listening to which keys are being pressed, not their physical location.

        I don't know if they are using timing (some key combinatio

    • by IQgryn (1081397)
      It'll work just as well as any keyboard layout. Unless you manage to switch layouts every few minutes, they will simply come up with a different map of sounds to letters. It will still be successfully analyzed, since you're using the same map of keys to letters.
      • by nschubach (922175)

        I wonder if it were possible to have the laptop generate random sounds of key presses on key down. Since the speakers on a laptop are built in, any subtle noise should be able to mess with the detection.

  • Bummer.
    My favorite keyboards are always the loudest ones.

    • Bummer.
      My favorite keyboards are always the loudest ones.

      And your recorded keyboard sounds of innocuous typing will become your new favorite background music.

    • Make an MP3 of random key press noise and music mixed... and play it loud. Better yet write a program to play back individual key stroke noises randomly based on your normal typing speed. I too like the old click clack keyboards, I've even got spares.
  • Just type with l33t text or other slang what words ain't on the dictionary and they just cant find out what you are typing.

    Even school kids knows this and thats why they write short messages with their cell phones and for tests so the kid on the next bench can not copy what they write....

    • by SkyDude (919251)

      Just type with l33t text or other slang what words ain't on the dictionary and they just cant find out what you are typing.

      I'll just pull my tinfoil hat down over my eyes and face - that'll stop 'em.

    • Just type with l33t text or other slang what words ain't on the dictionary and they just cant find out what you are typing.

      The invisible lasers are listening. Write in codes and speak in tongues!

      Gods, we sound like madmen.

  • Looks like I'll need to buy blinds for my basement windows now.
    • Basements with windows seems slightly ridiculous.

      Of course, anything with Windows seems slightly ridiculous I guess.

      [tongue in cheek, posted from Win XP..)

    • Um. You mean shutters, not blinds. Blinds wouldn't help. Sound still hits the window, and the window still vibrates.

      I'd rather you get blinds for your bathroom windows. Nobody needs to see that. Back at The Company, we call you "Naked Shower Dance Guy"

      Besides, there's nobody watching you.

  • by Anonymous Coward

    http://www.theonion.com/content/video/apple_introduces_revolutionary

  • Everything I type on my keyboard is of great value, so of course spies will adopt sophisticated technologies to try to monitor me. They want to be wealthy and famous just as I have .. oh wait.

    • by mcostas (973159)
      Yes, this article is much more lame than it first seemed. Sniffing keystrokes is most useful for stealing passwords. But these guys actually have a horrible accuracy and need to use dictionary based prediction to guess words, which won't work for any reasonable passwords.
  • Fine, I'll just make sure I'm less that 50 feet away.

  • by dfm3 (830843) on Thursday March 26, 2009 @04:59PM (#27348165) Journal
    I hear that a pair of binoculars works well for this purpose, too. I'm told that they even work through glass.
    • by tinkerton (199273)

      Contrary to infrared lasers that have problems getting through glass...

      Well, to be fair, maybe enough gets through to make it usable.

  • by LoRdTAW (99712)

    Just try sniffing my keystrokes! I use the on screen keyboard.

  • ...thinking of. (Not very much, though.)

  • Now I need a bigger piece of tinfoil!
    • Now I need a bigger piece of tinfoil!

      Shiny side out! Take THAT, laser.
      Though a tinfoil covered laptop might get lousy wifi reception...

  • If they did this in a movie a couple of years ago, I would have called bullshit on them.

  • by Karganeth (1017580) on Thursday March 26, 2009 @05:17PM (#27348465)
    Use a keyboard which changes the entire key layout every time you press any key.
    • You said that as a joke, but this would actually be the only practical use I can think of for the Optimus Maximus.

      Obviously, it wouldn't be practical for normal use, but when you need to type passwords?

      There are PIN pads and electric door locks that randomize the layout of the keypad to prevent people from watching the movement of your fingers or just looking at which buttons have fingerprints or don't have any dust on them.

  • I seem remember reading or hearing somewhere that windows were fairly IR opaque. (Maybe it was Mythbusters?) Anyway, if that's the case, you just need to stay inside and watch your keyboard like a hawk to prevent people spying on you...
  • Well I guess we'll all have to start typing "I KNOW YOU'RE SPYING" every few minutes or so, shift held down of course (no copy-pasting!),
    That'll show them!
    See http://xkcd.com/525/ [xkcd.com] for funnies

  • Get Smart! (Score:4, Funny)

    by Scrameustache (459504) on Thursday March 26, 2009 @05:51PM (#27349019) Homepage Journal

    And the keystroke that was planted in my brain
    Still remains
    Within the cone... of silence.

  • For high-tech methods of electronic surveillance, I thought Stephenson's van-Eck phreaking in Cryptonomicon held the record. But laser microphones clearly win as far as range is concerned. :)

  • Line-of-sight on the laptop is needed, but it works through a glass window, they said. Using an infrared laser would prevent a victim from knowing they were being spied on.

    The reason greenhouses work so well is that glass does a decent job of blocking infrared light (hmmm... maybe someone can think up a catchy name for the effect).

    I'm not an optics wonk but I'd expect the infrared laser through a window trick would be tough to pull off. Especially so if the glass is low-e.

  • the world's first decent reason not to use a model m. (of course, if you do get sniffed using one, you'll have a much better chance of killing the bastards with it than you will with some rubber-dome POS from dell....)
  • This proves it, everyone out there is watching me (or my keyboard strokes)!

We are not a loved organization, but we are a respected one. -- John Fisher

Working...