When I teach Learning Tree’s Cyber Security introduction, participants are often amazed at the ways bad actors can eavesdrop on computers. Most of them are aware of software that can be planted by bad actors that can capture keystrokes, for instance, but few are aware that noises from keystrokes, the vibration of a notebook, and even power fluctuations can be used to capture keystrokes.
A little history
We’ve known for a long time that computers leaked information through the radio waves the electronics put out. The waves are very low power but can be detected. Wired ran an article about this over a decade ago.
In his book Spycatcher, former spy Peter Wright explains how a telephone near a classified teleprinter had been modified so its microphone was always on. The mic listened to the sounds the printer made when a message arrived. Because each letter made a unique sound, the audio could be decoded showing the secret messages!
Powerlines and lasers
In How to use electrical outlets and cheap lasers to steal data Tim Greene of Network World reports on how the attacks work. In the first attack, researchers watched a signal leaked to the ground line of a power outlet when the keys of a keyboard were pressed. The researchers pressed the keys on a keyboard and watched the small signals generated on the ground wire. Each generated a unique signal pattern. They then typed a password on the keyboard and noted which signal patterns appeared. From that, they were able to discover the password.
In the laser attack, the researchers shone a small laser onto a laptop. Each keypress vibrated the
laptop differently and caused the reflection of the laser to change with the vibration. From that, they could discern which key was pressed and discover what was being typed.
Using the microphone
There are two interesting attacks using a device’s microphone. The first is quite complex. In it, researchers used the microphone to listen to the noises produced by a monitor’s power supply. The virtually inaudible sounds changed based on what was being displayed! With some AI software, the researchers could decode the sounds with surprising accuracy. In addition, the attack could be carried out from over thirty feet away with the proper type of microphone. An article in ArsTechnica has more details.
Another interesting acoustic attack impacts mobile devices. For this attack, the researchers listened to the sound of a finger typing different virtual keys on the mobile device’s on-screen keyboard. They found that the sounds – particularly on devices with stereo microphones – could be used to identify the location of the finger press and hence the virtual key being “pressed”.
All of these are what is called “side-channel attacks”. That is they attack a device or the system implementation not some weakness in the algorithm (such as a piece of software) itself. There are many more side-channel attacks than the ones I’ve mentioned here, of course. I wanted to illustrate that an attacker may not need to plant software on a device to compromise it to some extent. While some of these attacks may be difficult to detect (and difficult to implement, to be sure), others may be doable in a crowded area. High-security organizations have defenses for these, although the details may be classified. For the rest of us, awareness and diligence are the best tools.
To your safe computing,