IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Laser pens can hack your computer

A study by two hacking experts has shown an adapted laser pen could pick up what you are typing from 100ft away.

Shadow of hand on keyboard

Remote devices, such as laser pens, can be used by hackers to obtain your details according to researchers.

Andrea Barisani, chief security engineer at Inverse Path and hacker Daniele Bianco today told the Metro newspaper that an adapted laser pen could read keystrokes on a laptop from 100ft away due to the frequencies of different keys that the pen can detect.

This in turn means that hackers could establish what you are typing, be it addresses, emails or even bank details from online purchases.

IT PRO contacted the pair who sent us a presentation of their theories. "Microphones can be used for monitoring sounds at a great distance. Why not pointing the laser microphone directly at the laptop and sample vibrations?" it said.

"We aim the beam directly at the laptop case, generally the LCD display lid. Aiming at the top of the lid catches more resonant vibrations [and] aiming closer to the hinges produces better results."

This technique is commonly known as Transmitted Electro-Magnetic Pulse/Energy Standards & Testing (TEMPEST). It can also do this through windows or walls and if an invisible infrared laser is used, the hacked party would be oblivious to the intrusion.

Apart from changing your typing position or misspelling words, there is no protection from this new information theft technique. However, in their presentation the researchers did say that "misspelling can be compensated".

It was also reported that another test Barisani and Bianco had carried out showed with only 50 of equipment they could read numbers from a keypad not unlike one on a cash machine.

Barisani explained to the Metro that the latter test was possible because: "Information leaks to the electric grid. It can be detected on the power plug, including nearby ones sharing the same electric line."

Andrew Jaquith, senior analyst at Forrester Research, said: "Neat stuff. But it's more of a neat party trick than a lethal attack that will put company assets at risk."

"On a serious note this technique does have some serious science behind it. TEMPEST attacks have a long history, beginning with the intelligence services in the 1970s."

He added: "This will not be the computer security equivalent of the swine flu. You aren't going to start seeing a rash of data theft because of it."

Last week, during Infosecurity 2009, it was concluded that there was a real lack of understanding of cyber crime. However. with the formation of the Police Central e-Crime unit in the UK and the launch of President Obama's cyber security strategy in the US, things are slowly improving.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022