The laser microphone trick is old news - published at least ten years ago, maybe more. So far, the IT world hasn't come crashing down around our ears - possibly because so many people have sound-insulating double glazing. Although there are valid reasons why secure installations don't have windows. It's just that the overwhelming majority of PCs can be cracked in easier ways, without having a van parked outside your building, attracting attention.

The stuff about minute electrical currents - yeah, well. I think I'll wait until the "can" in the article has been translated into "here's a video of it being done".

Until then, I'll keep my PS2 keyboards (and mouse) plugged in. I'm not planning on moving away from my window either.

... Its just that these blokes have not identified a hack. In principle hacking USB is not really different to PS2.

Getting PS2 keystrokes should be relatively easy since the PS2 keyboard sends a clocked data stream. That should be relatively easy to pick up so long as there are few other noise sources nearly. Of course, like with any RF or magnetic signals, it would also be almost trivial to design a jammer that just spits out a stronger RF signal sending out "Mary Has A Little Lamb...", perhaps there is a maket opportunity for selling jammer keayboards or dongles to the tinfoil-hat brigade.

"Imagine what a determined government agency can do."

...Waste millions of dollars on failed contracts and public enquires?

More likely USB is immune because it uses differential signaliing and any bounce it creates on the power supply is identical for a '1' or a '0'. PS2 is single ended.

They're not talking about detecting RF in the second method, that's from the other linked article, but about presumably some kind of cross talk due to the way the device is powered from the PC. Hence USB is immune.

For electrical signals, just stick a low pass filter on your power input - like you should anyway - a decent surge arrestor would probably do. Audio? I invest in the protection of Van Halen and AC/DC - or just use an on-screen keyboard for the critical stuff.

I rather like the poetic flow of this headline, like a fragment from some odd ballad:

"Boffins sniff keystrokes with lasers, oscilloscopes - they must love the smell of those keys.

Genius weaklings with new styles of phreaking will see all your data set free..."

All you need are sharks with frikken' laser beams attached to their heads. This time, ill-tempered mutated sea-bass just won't do.

Hasn't the EM technique been known for many years? I can certainly remember seeing demos of it, and I think there was even a TV programme demonstrating some of the techniques, although I think that was more biased towards seeing what was on a screen. However, all electronic equipment radiates, which is what the TEMPEST standard was intended to address for sensitive military and intelligence operations.

I bet you can get a USB keyboard to play, but you'd need to analyse what the microprocessor in the keyboard was doing rather than what was on the cable, so it's a bit harder.

I only ever type my password in the dark, with the radio turned up full and the monitor off. Unfortunately, I can't touch type, so it's been about four years since I managed to log in.

Is it? Who ( genuinely into tech /hacking,older than say 15 ) didn ' t know that this was possible? In fact I' m fairly certain phrack covered thi s topic about 5 years ago. .. Ah well, fun anyway ...

PC power supplies are switch mode items that are heavily filtered before the power gets to the motherboard. I am very doubtful that sending keyboard keystroke data would cause any significant or detectable variation in current taken along the mains power lead. They say that the power grid pickup works at a distance of 15 metres so this sounds like an RF pickup method rather that a mains current consumption monitoring method.

Geesh. If you have access to the PC, then simply reach behind the PC and insert the discreet little USB keyboard recorder gadget with 4GB of embedded storage into the keyboard circuit, and then drop by the following week to retrieve it.

USB is not immune because it uses differential signalling.

The benefit of using differential signalling is that higher data rates can be achieves because noise is reduced by utilising the high common mode rejection ratio of a differential input amplifier on the receiver end of the cable, any radiated noise received in the cable is common to both positive and negative signal lines because of their close proximity and twisting.

That is, the differental signalling concept is used to increase the speed of transmission.

You're still going to get radiated emissions from the cable.

The detection techniques rely on two principles:

radiated noise in the form of RF

conducted noise back up the power cable.

I think you'll find you will still get high frequency noise superimposed on the power line, albeit very small in amplitude. Sure, the power supply contains inductors, and if in series with the power line will provide a high impedance path to high frequency signals, but it's a high impedance which results in attenuation, it's not infinite attenuation.

You'd need to start adding appropriately designed filters on the power lines to suppress the conducted emissions.

If you really want to prevent people spying on you using the techniques then you need to start adopting TEMPEST principles and taking to the extreme, everything would be house in a Faraday cage, a big metal box, ie..a room with no windows, metal doors with berillium copper finger strips space close together down the edges of the doors to provde 100% continuity of screening.

"everything would be house in a Faraday cage, a big metal box, ie..a room with no windows..."

Sounds like my old company...

I've already seen workmates complaining about the aircon not working, and that was when we were technically still in winter!

Poor buggers... Glad I left!

The idea that you can sniff keystrokes by their sound is all well and good under lab conditions, but the real world is a very different place.

Firstly you would need line of site to the keyboard, hitting a surface is simply not good enough if there is more than one keyboard in the room.

Secondly it relies on people's typing technique being consistent, I'm sure this is fine for trained typists but real people are completely inconsistent in their technique - most of us don't even hit the same key with the same finger every time.

So yes I'm sure it's possible under very specific conditions, but it looks like a headline grabbing excercise to me and it's not something I'll be worrying about.