Researchers at the CanSecWest event in Vancouver late last week staged an equally jaw-dropping set of experiments in which they showed that it is now possible to monitor a laptop PC at a distance using bounced laser beams.
And if that process - using hardware costing around 50 pounds - doesn't work, there is also the option of monitoring the electronic signals as they pass between the keyboard and a desktop PC.
In the Inverse Path demonstration at CanSecWest, eavesdropping of laptop keyboard input proved possible at a range of up to 30 metres, using a reflected laser beam to `read' the oscillations of the keys.
Pumping the oscillation results though software originally designed for speech recognition resulted in the keyboard input being read at a distance, even when the laser beam passed through a window.
In the second cracking demonstration, the researchers were able to read the output from a desktop PS/2 keyboard, which had been grounded
to the mains, by plugging in oscilloscope-like equipment into a power socket located around 15 metres away.
Inverse Path say they were using a digital oscilloscope and an analog-to-digital converter, as well as filtering technology to isolate the PC user's keystroke pulses from other noise on the power circuit.
The good news from an IT security preventative point of view is that the demonstration had taken five days to set up, and was only able to record certain keystrokes, although the researchers say that the ability to record all keyboard input with a high degree of accuracy should be available within a few months.
The attack methodology used on the PS2 keyboard being monitored, relies on the eavesdropper being able to access the same mains power point as the eavesdroppee - i.e. both power points must normally bebehind a single electrical meter.
So far the eavesdropping attack only seems to work with PS2 keyboards and not the increasingly common USB type of PC keyboards.
http://en.wikipedia.org/wiki/Van_Eck_phreaking
http://www.inversepath.com