Source: Tom's Guide US | Keywords: Laptop, Hack, Power, Outlet, Laser | Themes: Laptops and Notebooks
A pair or researchers will demonstrate how its possible to hack a laptop via the power outlet, or by using a laser pointer device.
Is using a laptop getting dangerous? Thanks to a new exploit used by hackers, your information may not be safe out in public. In a recent article published by Network World, hackers can grab keyboard signals through its unshielded wiring; signals leak into the ground wire in a cable, and then travel into the laptop's electrical system. Bit streams generated by the keyboards that indicate what keys have been struck create voltage fluctuations in the grounds, according to the site. Thus if plugged in, hackers retrieve the information through the power outlet.
However, attackers can still gain access when laptops are unplugged. By using a cheap laser, a hacker can retrieve keystrokes by pointing the laser on a shiny part of the laptop, or a shiny object nearby. The hacker then aligns a receiver to capture the reflected light beam; the light captures to modulations stemming from vibrations caused by striking the keys.
“The only thing you need for successful attacks are either the electrical grid or a distant line of sight, no expensive piece of equipment is required,” Barisani and Bianco said. The equipment needed to carry out the power-line attack could cost as little as $500. The laser attack gear costs less: $100 if the attacker already owns a laptop with a sound card.
Both hacks will be demonstrated by Andrea Barisani and Danielle Bianco of Inverse Path later this month at the Black Hat USA 2009 security conference in Las Vegas.
-
Previous News Article
Microsoft Wants to Run Google... -
Next News Article
Hulu Video Downloader Saves...
oh noes! dont steels my useless informations!
this is very OLD! ANCIENT! news. NATO uses since many many years ago standards to avoid that kind of exploits.
and there are even better methods developed many years ago that doesn't require line of sight.
Woah this stuff sounds crazy. I thought a computer would be safe it was completely isolated from networks but through the power outlet is scary. This sounds like radical stuff.
hmm, article needs more awesome... Quick! add LAZERZZZ!!
sounds way too complicated for hacking for money unless the money is alot
This kinda stuff is possible in theory, but no need to worry about it in real life.
For the laser, a single shift of the keyboard and everything gets skewed. For the power outlet, someone turning on a lightbulb would increase load on the grid and scramble the signal.
So it is possible, but don't expect any of this in real life.
WHY DOES TOM'S GUIDE POST OLD NEWS!!! THIS IS LIKE SO 1995!!!!!
so, I challenge them to hack my unplugged laptop inside my window tinted car...
I have a better idea to steal someone's important information using a laser pointer. Shine it in their face to stun them, punch them out, grab the notebook and run!
I have a better idea to steal someone's important information using a laser pointer. Shine it in their face to stun them, punch them out, grab the notebook and run!
I have a better idea to steal someone's important information using a laser pointer. Shine it in their face to stun them, punch them out, grab the notebook and run!
I have a better idea to steal someone's important information using a laser pointer. Shine it in their face to stun them, punch them out, grab the notebook and run!
Wow, nice quadruple post. If I'm reading this correctly, the laser method just gets you the vibrations of the user typing from afar... OH NOES, SOMEBODY'S STEALING MY TYPING NOISES!! Wouldn't a parabolic microphone do the same thing without needing all of the converting-laser-back-to-sound business?
Well maybe if a hacker and a stupid Windows user (using IE of course) were sitting in an isolated enclosed room and the Windows user was REALLY stupid, it may be possible to get their useless info if the hacker was very lucky
the laser capturing vibrations is such a stupid idea...... unless i was the only person in the area on my laptop, say a cafe, there will be other people walking around causing vibrations which would interfere with the signals from my keystrokes. Even if there was nobody walking around and it's just me and my laptop causing the vibrations, I think I'd notice the weird looking guy in the corner aiming a frigging laser at me
so, I challenge them to hack my unplugged laptop inside my window tinted car...
That would actually probably make the laser work better, with more reflected light. Depends on what kind of laser you use, though.
I think, as many of you probably do too, that there are some serious problems with this set of ideas. What about the inverter on the power supply? AC in, AC out, DC internals?
What if I run my vacuum cleaner on the same 15A circuit as the laptop? I know my lights dim slightly when doing this as it is a series circuit. Run a blender (motor device)? Introduce other unshielded cables to the power cord's vicinity? Variable induction fields, magnets, etc?
Sounds very hypothetical to me.
Absolute nonsense! No way you will be able to detect any voltage fluctuations - if they even exist - over the numerous apps that are running on that computer drawing different resources, plus all the other appliances that are plugged in that building.
The Laser LOS trick is even more BS.
No if you want to do it right, a more plausible way is to find a trans-dimensional wormhole that goes back in time and send a camera through it. It's gotta work - I mean I saw Denzel Washington and Val Kilmer do it on Deja Vu.
I have a better idea to steal someone's important information using a laser pointer. Shine it in their face to stun them, punch them out, grab the notebook and run!
I don't know why everyone is dissing Cubase's idea, sounds more pluasible than the other 2. I am sure the CIA has better tricks up their sleeve than measuring voltages and laser vibration measurement - which I beleive only works on sound against a glass pane - and even then you get a really crap sound reproduction.
I have a better idea to steal someone's important information using a laser pointer. Shine it in their face to stun them, punch them out, grab the notebook and run!
lol
In order to monitor the ground line and actually get a usable signal you'd need to be right at the power outlet that the machine is plugged into... it's not like some guy is going to clamp onto the ground strap outside your house and do it. It still may be useful for someone who has access to your home but it's not a particulaly useful hack compared to say a keylogger that can be remotely installed and monitored.
The laser thing doesn't make any sense... you might get a vibration but a vibration by itself only tells you a key was hit... not which one. You could conceiveably use multiple lasers to triangulate but damn that would be difficult to setup and get to work reliably.
I have a better idea to steal someone's important information using a laser pointer. Shine it in their face to stun them, punch them out, grab the notebook and run!
Blunt and to the point, not bad.
But though people moving and everything around you I doubt it would be easy to maintain a line of sight, forget that, how would you keep a laser in the same spot for multiple minutes without equipment like a tripod...little suspicious looking I would say.
I think the laser method more does NOT work than it does. If I stomp my feet on the ground,move my chair or just put my cup of tea on the table, the vibrations the laser detects make the results go haywire.
Also,the keystrokes could be captured by electrical signal only if:
1- The laptop is connected to a grounding pinn
2- The laptop that 'sends' the keystrokes is not too far away
3- There are not more than a couple of laptops in the vicinity.
4- The powersupply does not use some sort of filter, and on latest laptops,they have digital powersections. Digital powersections,and analog transformers connected to voltage filters often block these methods.
If the distance to the laptop is too great, the signal will be weakened, seeing that the grounding pin works as a resistor, or as a filter for weak signals. Every house built should have at least one grounding pin.
Yeah, this would not only work, but work well... Yeah, thanks to the awesome error correction that my notebook powersupply does, it'll check the integrity of all of the packets that are sent down the 120v outlet... It also boasts an ultra-low jitter clock to ensure that the signal is easily intelligible...
My laptop does not have a ground wire... how would that work? Also, what if you had your PC plugged into an UPS or inline power filter? If anyone has read the articles on the poor performance of Hot-Plug Networking, I doubt this would be very reliable either.
The laser concept is interesting, again I see so many obstacles to overcome. These all seem like proof of concept.
Seems Rube Goldberg'esk if you ask me.
The laser thing doesn't make any sense... you might get a vibration but a vibration by itself only tells you a key was hit... not which one. You could conceiveably use multiple lasers to triangulate but damn that would be difficult to setup and get to work reliably.
It's been demonstrated that with a long enough recording and with a fair bit of programming, you can map each key to a unique sound. This is aided by the fact that aside from the password, most users proceed to type relatively normal words out. Take the map, run it through a simple cryptanalysis tool that tests strings of symbols against a dictionary and before long you have a map of each sound to each letter on the keyboard. The relatively novel part is that they are now going to use that in conjunction with remote listening devices like laser interferometry to do this from a great distance.
Ha, have you ever listened to bad onboard audio with lots of EMI feedback from keys, mouse, programs, etc.? How is that going to translate into specific keys through a transformer? Those electrical grid LAN arrangements don't even work very well! Those laser and electrical listening techniques sound like it would take to long to isolate which key was hit.
Sounds as practical as back in the day when photocopiers had to have clean sheets of paper run through them after use, or when screens had hoods over them to keep people from reading the heat signatures!
The CIA was/is able to tell what is being typed in an IBM Selectric Typewriter by measuring the current draw, they can tell how far the internal motor moved and therefore what keys are being types. You can find this documented by several sources. Could something like this be extended to laptops and their powersupplies? Not sure.
Good luck with that 'power grid' exploit... in theory it works great, but that's assuming your laptop is the only thing plugged into that portion of the circuit (your 'scanning' device must also be plugged into that circuit somewhere but your OWN keystrokes and power draw will muddy up the current on that circuit as well.) To be successful, you need a self-powered power meter plugged into another outlet on that same circuit (where NOTHING else is running... heaven forbid not a refrigerator...) to scan the current flux. It's TOTALLY possible under ideal conditions, but like I said good luck.
BTW: You can't pick up the voltage variations on other outlets that are separated from the device by a circut breaker, power conditioner, or any other isolater or electromagnetic wave balancer.
I like how everyone here THINKS they know what they are talking about claiming all these things could mess up the methods and such. I didn't realize the people that present at the Black Hat conference were n00bs, maybe I missed a memo.
Is the Black Hat (R) USA conference ISO 9000 certified now? lol