Laser pens can hack your computer

Shadow of hand on keyboard

Remote devices, such as laser pens, can be used by hackers to obtain your details according to researchers.

Andrea Barisani, chief security engineer at Inverse Path and hacker Daniele Bianco today told the Metro newspaper that an adapted laser pen could read keystrokes on a laptop from 100ft away due to the frequencies of different keys that the pen can detect.

This in turn means that hackers could establish what you are typing, be it addresses, emails or even bank details from online purchases.

IT PRO contacted the pair who sent us a presentation of their theories. "Microphones can be used for monitoring sounds at a great distance. Why not pointing the laser microphone directly at the laptop and sample vibrations?" it said.

"We aim the beam directly at the laptop case, generally the LCD display lid. Aiming at the top of the lid catches more resonant vibrations [and] aiming closer to the hinges produces better results."

This technique is commonly known as Transmitted Electro-Magnetic Pulse/Energy Standards & Testing (TEMPEST). It can also do this through windows or walls and if an invisible infrared laser is used, the hacked party would be oblivious to the intrusion.

Apart from changing your typing position or misspelling words, there is no protection from this new information theft technique. However, in their presentation the researchers did say that "misspelling can be compensated".

It was also reported that another test Barisani and Bianco had carried out showed with only 50 of equipment they could read numbers from a keypad not unlike one on a cash machine.

Barisani explained to the Metro that the latter test was possible because: "Information leaks to the electric grid. It can be detected on the power plug, including nearby ones sharing the same electric line."

Andrew Jaquith, senior analyst at Forrester Research, said: "Neat stuff. But it's more of a neat party trick than a lethal attack that will put company assets at risk."

"On a serious note this technique does have some serious science behind it. TEMPEST attacks have a long history, beginning with the intelligence services in the 1970s."

He added: "This will not be the computer security equivalent of the swine flu. You aren't going to start seeing a rash of data theft because of it."

Last week, during Infosecurity 2009, it was concluded that there was a real lack of understanding of cyber crime. However. with the formation of the Police Central e-Crime unit in the UK and the launch of President Obama's cyber security strategy in the US, things are slowly improving.

Jennifer Scott

Jennifer Scott is a former freelance journalist and currently political reporter for Sky News. She has a varied writing history, having started her career at Dennis Publishing, working in various roles across its business technology titles, including ITPro. Jennifer has specialised in a number of areas over the years and has produced a wealth of content for ITPro, focusing largely on data storage, networking, cloud computing, and telecommunications.

Most recently Jennifer has turned her skills to the political sphere and broadcast journalism, where she has worked for the BBC as a political reporter, before moving to Sky News.