The Raw Feed
Where technology and culture collide

Friday, March 20, 2009

Hackers can read keystrokes via laptop vibration

A security specialist and "hardware hacker" named Andrea Barisani and Daniele Bianco, respectively, have demonstrated an $80 device they've cobbled together than can read which letters are being typed by measuring the vibration of a laptop. The system uses a laser beam and photo diode to shine and read the reflections of light trained on the laptop. They found that each key on the keyboard creates a unique vibration signature. The device works from up to 100 feet away. I want one.

Comments:

Anonymous Tim Lewis said...

While I find this technically interesting, I highly doubt it would work in real life scenarios. I could be wrong, but it seems like way too much work to put in when there are still people still falling for Nigerian scammers and stuff like that. There was another method of seeing what was typed or on screen by analyzing the reflection of people's eyeball itself. These methods are interesting that such a method is possible, but I really doubt it will be feasible in 99% of real life situations anytime in the near future.

Saturday, March 21, 2009 3:23:00 PM  
Anonymous Anonymous said...

owned ^^

Saturday, March 21, 2009 4:43:00 PM  
Anonymous Anonymous said...

I'm officially switching to Dvorak. Actually, I might make my own keyboard layout... your vibration monitoring will prove futile!!!

Saturday, March 21, 2009 7:33:00 PM  
Anonymous Anonymous said...

Don't you mean necessary not, feasible?

Saturday, March 21, 2009 7:44:00 PM  
Anonymous Anonymous said...

Yay for the hackers. Now, are the vibrations consistent from laptop to laptop? If not, useless.

Saturday, March 21, 2009 8:24:00 PM  
Anonymous Anonymous said...

Seems like it would also pick up tons of background noise so the "works up to 100 feet" may not be so accurate...

Sunday, March 22, 2009 10:40:00 AM  
Anonymous Anonymous said...

There is another method of this kind of surveillance of which I've heard called Van Ech phreaking where a device reads the electromagnetic radiation given out from the computer screen.

Sunday, March 22, 2009 12:23:00 PM  
Anonymous Anonymous said...

background noise? it uses a laser to read the vibrations, unless the laser beam is interrupted, where's the background noise come from?

Sunday, March 22, 2009 12:57:00 PM  
Blogger Jonathan said...

There's only one solution: OLED screens build into each key on the keyboard, randomly changing the key after every key stroke.

Either that or just one key which cycles through the alphabet at random time intervals: you simply press it on the right letter.

Who gives a crap about productivity, as long as they can't read my comments on random blogs I "stumbled upon"!

:)

Sunday, March 22, 2009 9:53:00 PM  
Blogger Michael Callahan said...

Background noise here is a term used to describe the stimulus generated by other objects that might report vibrations back to the device. In astronomy, the lights from a city interfering with equipment would be background noise as well.

Sunday, March 22, 2009 11:58:00 PM  
Anonymous Anonymous said...

why bother wasting time with some "vibration reading device" when a really intelligent hacker can just do a little social engineering and some slippery GNU based code? For that matter, why not just walk over and jack the mother-fucker and take his laptop home?

Monday, March 23, 2009 2:37:00 AM  
Blogger Insanity540 said...

"reflection of people's eyeball" > does that count for those of us that can touch type?

Monday, March 23, 2009 2:50:00 AM  
Anonymous Anonymous said...

I have no doubt it could work, but not in real life

Monday, March 23, 2009 10:54:00 AM  
Blogger Vinas said...

I use a brail monitor. Now what?

Monday, March 23, 2009 11:10:00 AM  
Anonymous Anonymous said...

You'd probably have to assume the person is also using the laptop on a solid surface and not...on the top of their lap. Otherwise the laptop probably vibrates more or less or is moving so the laser would have to be readjusted, etc.

Monday, March 23, 2009 11:18:00 AM  
Blogger John Pezzetti said...

hard to imagine that the vibrations would be consistent through different models of laptops.

>>There is another method of this kind of surveillance of which I've heard called Van Ech phreaking where a device reads the electromagnetic radiation given out from the computer screen.

This is indeed true...cryptonomicon is a great book...but I believe you have to have a receiving signal within 4 or 5 feet of the screen to use this method, not nearly as versatile as 100ft.

Monday, March 23, 2009 12:20:00 PM  
Anonymous Anonymous said...

As long as you know which language the typist uses, and the keyboard is on a rigid surface this tech should work. Every language has its own most used keys, and there for you should only have to capture some 100 keystrokes and you knew which key had which vibration.
Layout changes don't help at all, unless they are random.

Monday, March 23, 2009 2:36:00 PM  
Anonymous Anonymous said...

Ok, what about different sized keyboards (netbook vs. laptop), or different typing surfaces, as already commented on. Or, different weight of the laptop. Or, different kinds of feet in contact with the surface (my laptop has little rubberized feet on the bottom of it). Not to mention the fact that you may notice A FREAKING LASER POINTED AT YOU.

Tuesday, March 24, 2009 1:36:00 AM  
Anonymous Anonymous said...

Blogger Insanity540 said...

"reflection of people's eyeball" > does that count for those of us that can touch type?


er... yes, it kind of usually appears on the screen.

Tuesday, March 24, 2009 4:51:00 AM  
OpenID Anupum said...

not at all possible, I hit some keys hard sometime. not everyone is a typist.

Tuesday, March 24, 2009 7:19:00 AM  
Anonymous Anonymous said...

"er... yes, it kind of usually appears on the screen."
no, i think it uses where your looking in refrence to the keys, those tiny movements you dont really notice.

Tuesday, March 24, 2009 10:18:00 AM  
Anonymous Anonymous said...

Anon not all lasers show in visible light, there are ones that the human eye cannot see.

Tuesday, March 24, 2009 10:37:00 AM  
Anonymous Anonymous said...

maybe it work maybe it doesnt. Im wondering how they would compinsate for the fact that i bounce my leg almost constantly when im sitting at the computer. My whole desk shakes around because of it. ADD FTW???

Tuesday, March 24, 2009 11:31:00 AM  
Blogger James said...

Well, years ago they came up with software that could tell what you are typing by the sound each key made. This is basically the something but using a device that can't be drowned out by ambient noise. Of course they would have to figure out each keyboard separately. It is based on the fact that there are slight difference in each key. So it really does no good, although they made be able to tell using a standard laptop type

Tuesday, March 24, 2009 7:08:00 PM  
Anonymous Anonymous said...

^^Not to mention the fact that you may notice A FREAKING LASER POINTED AT YOU.

Maybe an infrared laser would be impossible to see . . . then again, I don't know how you'd aim it. Special glasses?

Tuesday, March 24, 2009 7:52:00 PM  
Anonymous Anonymous said...

not possible in real life. they conducted experiments in controlled environments. In practical life hacker would have to "tune" their software and calibrate it according to unique user(we all have diffrent keystroke patterns that fluctuate by diffrent degrees).

Wednesday, March 25, 2009 5:54:00 AM  
Anonymous Linc said...

Does it work with ..ahem... one handed typing?

Wednesday, March 25, 2009 4:36:00 PM  
Anonymous Anonymous said...

yea, certainly, how much $$$, each key will have to have it's frequency identified or taught to the software for identification, the laptop will have to have a fairly reflective spot with angulation suitable to reflect the beam back to the photocell collector
which will be close to the laser device, oh, use an infrared laser or a red dot will show up on the surface of the laptop somewhere. How about a shotgun microphone with some dspsquelch type noisegate, ...

Wednesday, March 25, 2009 5:54:00 PM  
Anonymous Anonymous said...

I remember the method where they record the sound of each keystroke. As I recall, the layout and type of laptop would not matter because they record a huge sample over time, then compare your most frequently pressed and least pressed keys to the commonly used letters. So whichever keypresses happen most are probably RSTLNE or whatever and least X and Z.

They use that for a 'best guess' at which key is which letter, then they just have to see how close they are to making words from the letters they guessed and make a few fixes to finish mapping out your keyboard to vibrations.

The only defense is to type gibberish so they can't map your keystrokes to words, but it wouldn't work instantly or without analysis either so if they only have a few minutes they won't get anywhere.

Wednesday, March 25, 2009 10:46:00 PM  
Anonymous Anonymous said...

I believe that this would work in a controlled setting, such as where they built the device. I highly doubt they've tested this device in a real-world situation. Besides all of that, I also doubt that it will be able to recognize each laptop's keyboard "audio footprint" so to speak.

Friday, March 27, 2009 9:36:00 AM  
Anonymous Anonymous said...

"'m officially switching to Dvorak. Actually, I might make my own keyboard layout... your vibration monitoring will prove futile!!!"

A frequency analysis will be able to give a pretty good guess as to what you are typing. It may not be able to guess everything, but humans are smart enough to fill in the gaps. Maybe not as useful for passwords.

Friday, March 27, 2009 4:03:00 PM  
Blogger John F said...

So kudos really to the thought process that came up with this possible device but not really practical now is it? Further with most of the banks etc no offering virtual keyboards and software packages that are voice centric, this is hardly going to be of any practical use whatsoever!

Friday, March 27, 2009 4:07:00 PM  
Blogger scikidus said...

Perhaps we should use the On-Screen Keyboard from now on? :D

Sunday, March 29, 2009 3:18:00 PM  
Anonymous Anonymous said...

These are false statements. God wouldn't create computers or laptops for evil purposes and theft of His children's privacy. Read the Bible, people! You will realize that God created everything for Man to enjoy and use in His name, and would never allow Man for an artrocity like this!

Saturday, April 04, 2009 3:22:00 AM  
Anonymous Anonymous said...

Changing the keyboard layout or making your own wouldn't help if the attacker monitored you for long enough to do some frequency analysis.

Monday, May 04, 2009 2:05:00 AM  
Anonymous Anonymous said...

um... wouldnt work... every key makes the same note, they dont have musical beeps like password vault locks or anything.. they dont go "beep, bloop, bleep, boop, deet, doot, dee, doo" every key makes the same noise... "click" or maybe a "clack"... i mean, they might be able to hear the space bar, but every key would sound the same, exept maybe the shift, enter and backspace...

Sunday, May 10, 2009 9:06:00 PM  
Anonymous Laptop Rental said...

This is alarming. The potential of personal computing to be hacked by a stranger is increased. No matter how brilliant the said project was, if it falls in the wrong hands. Surely computing experience would be a chaos.

Monday, May 18, 2009 5:29:00 AM  
Blogger Man said...

it's also possible to read out what you've written thru the vibrations that comes thru the pipes from your heater.

Thursday, May 21, 2009 3:43:00 AM  
Anonymous Anonymous said...

Two people seeking notoriety.

Saturday, May 23, 2009 3:29:00 PM  
Anonymous Anonymous said...

Tim Lewis has know it all syndrome and can't appreciate this nifty find for what it is. A nifty find. stfu tim lewis.

Sunday, November 15, 2009 7:48:00 PM  
Anonymous Anonymous said...

Isn't it great how all the naysayers are complaining about the laser technology not being feasible, when that's the only aspect given of the technology that has been tried and tested for DECADES? As per all the other issues brought up, as long as the laptop was on a hard surface (being something easily illimitable)anyone with the patience could simply recreate the situations, with an identical model of laptop on a similar hard surface, and test for the different vibrations made by each key, then match them up. If they needed this information bad enough to put the person under surveillance, this would be easy enough to accomplish. Also, laser listening devices aren't difficult to use, nor are they difficult to conceal. All they'd have to do is put it in an inconspicuous object then set it down facing the laptop. (Such as a pack of smokes on the table they're seated at.)

Sunday, January 31, 2010 12:18:00 AM  
Blogger driftfox said...

How soon until we see this technique used in the movies??

Saturday, March 13, 2010 9:14:00 AM  

Post a Comment

<< Home

 

Like The Raw Feed? Then you'll LOVE the FREE Mike's List newsletter!