Thinking about plugging your laptop into one of those coveted aeroplane terminal power outlets while you wait for your flight to arrive? Be careful, because a hacker could be using those energy-giving wires against you.
The technique is a form of keylogging, which is nothing new, but in an interesting twist hackers have figured out a non-traditional way to replicate the process using nothing but the electric signals created with each keystroke. Oh, and even if you aren’t plugged into a socket, they they can still log keystrokes remotely using a laser.
Called the “power-line exploit,” the two-part technique is outlined in a Network World article ominously headlined “How to use electrical outlets and cheap lasers to steal data,” and will be but one of several nefarious data-stealing methods on display at Black Hat USA 2009 in Las Vegas later this month.
Network World explains:
In the power-line exploit, the attacker grabs the keyboard signals that are generated by hitting keys. Because the data wire within the keyboard cable is unshielded, the signals leak into the ground wire in the cable, and from there into the ground wire of the electrical system feeding the computer. Bit streams generated by the keyboards that indicate what keys have been struck create voltage fluctuations in the grounds.
[If the laptop is unplugged] , attackers point a cheap laser, slightly better than what is used in laser pointers, at a shiny part of a laptop or even an object on the table with the laptop. A receiver is aligned to capture the reflected light beam and the modulations that are caused by the vibrations resulting from striking the keys.