Stealing Data Via Electrical Outlet 208
Ponca City, We love you writes "NetworkWorld reports that security consultants Andrea Barisani and Daniele Bianco are preparing to unveil their methodology at the Black Hat USA conference for stealing information typed on a computer keyboard using nothing more than the power outlet to which the computer is connected. When you type on a standard computer keyboard, electrical signals run through the cable to the PC. Those cables aren't shielded, so the signal leaks via the ground wire in the cable and into the ground wire on the computer's power supply. The attacker connects a probe to a nearby power socket, detects the ground leakage, and converts the signal back into alphanumeric characters. So far, the attack has proven successful using outlets up to about 15 meters away. The cost of the equipment to carry out the power-line attack could be as little as $500 and while the researchers admit their hacking tools are rudimentary, they believe they could be improved upon with a little time, effort and backing. 'If our small research was able to accomplish acceptable results in a brief development time (approximately a week of work) and with cheap hardware,' they say, 'Consider what a dedicated team or government agency can accomplish with more expensive equipment and effort.'"
laser pointer (Score:3, Insightful)
If 'they' really want to spy on you ... (Score:4, Insightful)
If the cops or feds really want to spy on you, you will have a hard time preventing it. My advice is not to attract their attention in the first place.
If you're someone like the mafia, you can't use electronic devices and you can't write anything down. Each of your clandestine conversations has to be in a different noisy location so they can't set up a directional microphone or bug. You also have to prevent them from getting a deaf person to lip read you. (I don't have direct experience with criminal gangs but anyone can observe that they usually aren't brought down by wiretaps. The big prosecutions of mafia bosses usually resulted from getting an underling to rat on his boss.) The point is that anyone worried about being spied on can and will take measures to prevent it.
Spying on someone is expensive. Spying on someone's key clicks is particularly expensive and probably won't produce great results. Someone tried an experiment of bugging an office by shining a laser on the window. The results were disappointing. The vast majority of the conversation was uninteresting. The experimenters decided that no useful information would have been gathered.
Tapping telephones and data links is relatively easy (compared with sniffing keystrokes). Stealing someone's laptop is usually also easy. Unless I'm taking measures against those kinds of spying, I'm not worried about having my keystrokes sniffed. If I were at danger of being spied on, I would be much more worried about being betrayed by a 'friend', associate, or employee.
Re:Mechanical Solution (Score:3, Insightful)
But it wouldn't be cheaper, and it would definitely be less secure. With a mechanical low-pass filter, you have one central node you have to maintain. You have a big capital outlay, but once built, the motor-generator combo is very, very reliable, and needs little maintenance. It is practically impossible for a lone attacker to compromise it. With electronic low-pass filters at each outlet, you have hundreds (if not thousands) of nodes to monitor and maintain (consider the ongoing expense of that), and it becomes very easy for a single person to compromise one of those nodes using just a screwdriver.
Good security is never just a matter of money. It's a matter of understanding how attackers behave, knowing how people and equipment can be compromised, and then spending money wisely, even if not frugally.
Re:Mechanical Solution (Score:3, Insightful)
But it wouldn't be cheaper, and it would definitely be less secure. With a mechanical low-pass filter, you have one central node you have to maintain. You have a big capital outlay, but once built, the motor-generator combo is very, very reliable, and needs little maintenance. It is practically impossible for a lone attacker to compromise it. With electronic low-pass filters at each outlet, you have hundreds (if not thousands) of nodes to monitor and maintain (consider the ongoing expense of that), and it becomes very easy for a single person to compromise one of those nodes using just a screwdriver.
Good security is never just a matter of money. It's a matter of understanding how attackers behave, knowing how people and equipment can be compromised, and then spending money wisely, even if not frugally.
But the mechanical barrier is so big and expensive that you can only afford to have them at major barriers. That still leaves all the devices on the "trusted" side of the barrier as running on what's essentially a big, trusted data bus.
If someone can sneak a sniffer into the secure area and plug it into an unmonitored electrical outlet that's electrically near a secure system, then you have a problem.
So I guess the question is, do you trust all the people on the inside? And do you adequately scrutinize all devices they bring inside, including everything that might have a tiny microchip?
Of course, that's not safe either. (Score:3, Insightful)
While I'm sure you were jesting (though someone is liable to believe you!), wireless keyboards aren't [hackaday.com] safe either [zdnet.com].
Re:Done that (Score:4, Insightful)