2023-03-20
When I teach Learning Tree’s Cyber Security introduction, participants are often amazed at the ways bad actors can eavesdrop on computers. Most of them are aware of software that can be planted by bad actors that can capture keystrokes, for instance. Still, few are aware that noises from keystrokes, the vibration of a notebook, and even power fluctuations can be used to capture keystrokes.
A little history
We’ve known for a long time that computers leak information through the radio waves the electronics put out. The waves are very low power but can be detected. Wired ran an article about this over a decade ago.
In his book Spycatcher, former spy Peter Wright explains how a telephone near a classified teleprinter had been modified, so its microphone was always on. The mic listened to the sounds the printer made when a message arrived. Because each letter made a unique sound, the audio could be decoded, showing the secret messages!
Powerlines and lasers
Tim Greene of Network World reports how the attacks work in How to use electrical outlets and cheap lasers to steal data. In the first attack, researchers watched a signal leak to the ground line of a power outlet when the keys of a keyboard were pressed. Next, the researchers pressed the keys on a keyboard and watched the small signals generated on the ground wire. Each generated a unique signal pattern. They then typed a password on the keyboard and noted which signal patterns appeared. From that, they were able to discover the password.
The researchers shone a small laser onto a laptop during the laser attack. Each keypress vibrated the
laptop differently and caused the reflection of the laser to change with the vibration. From that, they could discern which key was pressed and discover what was being typed.
Using the microphone
Two interesting attacks are using a device’s microphone. The first is quite complex. In it, researchers used the microphone to listen to the noises produced by a monitor’s power supply. The virtually inaudible sounds changed based on what was being displayed! With some AI software, the researchers could decode the sounds with surprising accuracy. In addition, the attack could be carried out from over thirty feet away with the proper type of microphone. Details of the attack are reported in ArsTechnica.
Another interesting acoustic attack impacts mobile devices. For this attack, the researchers listened to the sound of a finger typing different virtual keys on the mobile device’s on-screen keyboard. They found that the sounds – particularly on devices with stereo microphones – could be used to identify the location of the finger press, and hence the virtual key being “pressed.”
All of these are what are called “side-channel attacks.” That is, they attack a device or the system implementation, not some weakness in the algorithm (such as a piece of software) itself. There are many more side-channel attacks than the ones I’ve mentioned here, of course. I wanted to illustrate that an attacker may not need to plant software on a device to compromise it to some extent. While some of these attacks may be difficult to detect (and challenging to implement, to be sure), others may be doable in a crowded area. High-security organizations have defenses for these, although the details may be classified. For the rest of us, awareness and diligence are the best tools.
To your safe computing,
John
This piece was originally posted on Oct 28, 2021, and has been refreshed with updated styling.