A whitehat hacker has demonstrated the use of an invisible laser beam to detect what a MacBook user is typing, from a distance, through a window, without being able to see the keyboard …
The principle of using a laser beam to detect and decode soundwaves has long been demonstrated. You can, for example, shine a laser at a window, and decode the microscopic movements of the glass caused by people talking to reveal what they are saying.
Samy Kamkar, who runs the YouTube channel Applied Hacking, wanted to see how far he could push this technique. What he set out to do was:
- Use an invisible (ie. infrared) laser beam, instead of a visible-light model
- Shoot it through a window to the back of a MacBook
- Detect the vibrations in the MacBook casing caused by keystrokes
- Decode the individual keystroke sounds to identify each key
- From that, work out what was being typed
Wired reports that Kamkar has been wanting to do this for a long time.
Kamkar says he’s been determined to build his own laser-based spy setup since he watched a Defcon talk 15 years ago, in which a pair of hackers demonstrated some rudimentary detection of keystrokes with a laser pointed at a laptop from across a room.
“It blew my mind. ‘I want to do this,’” Kamkar says he remembers thinking. “But I also wanted to improve the attack. Can I make it work from outside, from far away? Can I do it with an infrared laser so the target can’t see it? And can I also hear what’s happening in the room, such as by bouncing the laser off a window?” The answers: Yes to all the above.
The results aren’t perfect, but are certainly good enough to make it a practical spying method. The top section is what was typed, while the bottom is what the system detected:
MacBooks turned out to be the perfect target for the attack, because it works best when you have a very reflective surface to use as the laser target – and the Apple logo on the back of a MacBook screen has an almost mirror-like finish.
Check out the full Wired piece for more.
Screengrab: Samy Kamkar
FTC: We use income earning auto affiliate links. More.
Comments