The first requires access to a power outlet on the same circuit as the target computer. Because the data wire within the keyboard cable is unshielded, the signals leak into the ground wire in the cable, and from there into the ground wire of the electrical circuit. Bit streams generated by the keyboards that indicate what keys have been struck create voltage fluctuations in the grounds, they say. The attacker then filters out other ground signals and is left with the keystrokes entered.

The second attack points cheap lasers at shiny portions of a laptop, like its lid or even the surface of the table near the device and measures the vibration caused by hitting the various keys. The researchers claim that each key has a distinct vibration pattern and by knowing the language used by the typist, the keys entered can be determined. They found the attack works best when pointing at the lid of the laptop, either at a shiny logo or at a spot near the hinges.

The cost of the tools needed for the electrical outlet attack cost around $500 US and the cost of the laser attack cost around $100 US and took about a week to test. While the researchers admit that their tools are currently rudimentary, they feel that given their minimal time committment and relative cheapness of the tools illustrate the potential for expansion by a dedicated team or government entity.

CIO.com – How to Use Electrical Outlets and Cheap Lasers to Steal Data

Related posts:

1. Build an under-the-cabinet kitchen PC Lifehacker is on a laptop recycling kick recently. Last week...
2. Hacking the Dot-Matrix Printer It sounds like something out of a bad spy movie,...

It sounds like something out of a bad spy movie, but researchers at Saarland University have published a paper on a new hack targeted at those old trusty dot-matrix printers. These researchers discovered that by recording the sounds the printers made and running them through a speech-recognition algorithm, they were able to extract the words printed on the page.  They were even successful in running their tests inside an actual doctor’s office – with permission of course, so this is not something that only works in the lab.

So what? No one still uses these dinosaurs, right? Not so fast, in a survey conducted by the same university, 30% of the banks, and 58.4% of doctor’s clinics still use them. In many cases, these devices were used to print out semi-sensitive information like receipts and prescription information.

And why do businesses still use dot-matrix printers? Well, for fairly standard reasons – they cost less then more modern printers, are very durable, and work with older hardware and computer systems. One company I talked to about this study said that it was cheaper to keep these old printers working then to upgrade the systems and software that utilized them.

After reading the paper, it seems the attack would have to be tailored to a particular model of printer, but even with that limitation, some interesting possibilities are available. Will the next Mission Impossible movie include a scene with Tom Cruise planting a recording device in a bank to get account numbers of his target? And what will we find out next, that the contents of a CRT or LCD can be replayed by measuring the radiation output? Oh wait….

Original study: How Printers Can Breach Our Privacy: Acoustic Side-Channel Attacks On Printers

Related posts:

1. Use Electrical Outlets or Lasers to capture keystrokes? This has been a week of crazy hacking announcements. CIO.com...
2. Do you know who your friends are? It sounds like a plot out of one of a...
3. Buy a used hard drive on eBay, get government secrets for free! Imagine it, you purchased a computer on eBay, plug it...

• Internet Explorer 8 Released. Improvements include: Smart Address Bar, Tab Groups, and Find in Page is now a task bar (finally).
• Microsoft Support Flooded with Complaints after IE 8 released. Top issues reported include: website printing, image positioning, slow boot times, and a bug dragging images into Facebook.
• Microsoft Released new security assesment tool. The new tool, dubbed !exploitable Crash Analyzer, is considered a “game changer” by Dan Kaminsky, a well-known security researcher.
• Insiders hacked Russian ATMs? Diebold released a software patch to Opteva line after it was discovered that several machines were infected by a card skimming trojan.
• Diebold admits flaw in voting machines that causes vote tallies to be lost. Admission called a “disturbing revelation” by security auditor.

Related posts:

1. Another Internet Explorer Vulnerability (…sigh) Well, here we are again. A few weeks after Microsoft...
2. Tech News: Seesmic Desktop Edition Seesmic Desktop Beta available: Thanks to the great video podcast,...
3. Microsoft asks users to abandon IE6, kinda Much has been written about the recent hack targeting Google,...