A few years ago, the idea of using nothing more than a standard electrical outlet to hack into sensitive computer systems would be the stuff of Hollywood -- and far-fetched, eye-rolling Hollywood at that.
I can almost picture the scene: A wily Justin Long taps a few keys on his laptop and we watch the signal race through the power grid to his target, where a hapless government employee types his password into the ultra-secure computer at headquarters. Back with Long, we watch the password show up on his computer screen, as if by magic, thanks to his nifty hacking skills.
It sounds ridiculous.
But it turns out, well, it's basically a reality.
At the Black Hat USA conference later this month, hackers are preparing to unveil their methodology to steal information typed on a computer keyboard using nothing more than the power outlet to which the computer is connected.
The technique behind the exploit isn't as wildly high-tech as you might think, though. Old-fashioned electrical properties are the key to the trick. Here's how it works (in simple terms): When you type on a standard computer keyboard, electrical signals run through the cable to the PC. Those cables aren't shielded, so the signal leaks via the ground wire in the cable and into the ground wire on the computer's power supply.
The attacker connects a probe to a nearby power socket (perhaps in the vacant office next door or a hotel room across the hall), detects the ground leakage, and converts the signal back into alphanumeric characters. So far, the attack has proven successful using outlets up to about 15 meters away.
If you've got a wireless keyboard or are working on a laptop unplugged from the wall, which would make this attack useless, fret not: The hackers have a method for eavesdropping on you too. A simple laser beam -- better than a laser pointer, but not by much -- can be pointed a shiny object on the table where the computer sits, and the beam's reflection is captured by a receiving system. The vibration of that reflection caused by the striking of keys can be analyzed and, as with the electrical outlet system described above, reconstructed into words, since every key produces a unique vibration pattern. All this technique requires is a direct line of sight to the PC and a few hundred dollars worth of equipment.
Be safe out there, folks.
Source...
Quite frankly I'm not that worried since these techniques would require ideal world conditions which would be rarely if ever achieved. For the grounding trick to work the would need to isolate the signal from all other noise occurring on the grid. For the quarter trick they would need to ensure the quarter stays perfectly still, otherwise they would continually loose the pattern.
Anyone upset or offended by my post please follow the link and let your opinions be known.
http://www.zeropaid.com/bbs/showthread.php?t=55492
Noise from the grid is already isolated at every
step along the way from the power station as a
matter of course and this technique uses the ground
plane of the target itself, a further isolation
from the grid. The grid isn't totally blocked but
it isn't enough of a hindrance either, especially
as most people use power bars and power supplies
that attenuate all noise from the grid and shunt
all local noise down the ground plane to keep it
away from computers and other delicate equipment.
The techniques of van Eck phreaking are well
established and don't need ideal conditions in
order to work. Using the local ground plane of the
structure is probably cheaper and more reliable
than the usual directional tuneable antennas and
accompanying "DC-to-daylight" ultrawideband EM
receivers normally used for that trick, though even
those little miracles are available in single ASIC
packages since 2006 and are now affordable.
As for the quarter trick, when's the last time you
saw a show cancelled because a musician touched a
microphone? A temporary disturbance of a receiving
element, such as a quarter on a table, would induce
noise to the signal but that disturbance would have
to be constantly present and louder than the signal
being sought in order to block it. An eavesdropper
would simply shift to another object and continue
gathering data if the first object starts dancing
around on it's own and doesn't stop.
Posting Permissions
Reply With Quote
Bookmarks