Andrea Barisani (Chief Security Engineer, Inverse Path)

HITB Lab Title Sniff Keystrokes With Lasers/Voltmeters – Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage

HITB Lab Abstract

TEMPEST attacks, exploiting Electro Magnetic emissions in order to gather data, are often mentioned by the security community, movies and wanna-be spies (or NSA employees we guess…). While some expensive attacks, especially the ones against CRT/LCD monitors, have been fully researched and described, some others remain relatively unknown and haven’t been fully (publicly) researched.

Following the overwhelming success of the SatNav Traffic Channel hijacking talk we continue with the tradition of presenting cool and cheap hardware hacking projects.

We will explore two unconventional approaches for remotely sniffing keystrokes on laptops and desktop computers using mechanical energy emissions and power line leakage. The only thing you need for successful attacks are either the electrical grid or a distant line of sight, no expensive piece of equipment is required.

For the first and only time we will feature our talk in a lab session style, working together with the audience teaching the underlying theories and basics for assembling and programming the necessary equipment related to the two attacks.

About Andrea Barisani

Andrea Barisani is a security researcher and consultant. His professional career began 10 years ago but all really started when a Commodore-64 first arrived in his home when he was 10. Now, 18 years later, Andrea is having fun with large-scale IDS/Firewalls deployment and administration, forensic analysis, vulnerability assessment, penetration testing, security training and his Open Source projects. He eventually found that system and security administration are the only effective way to express his need for paranoia.

Being an active member of the international Open Source and security community he’s maintainer/author of the tenshi, ftester projects as well as the founder and project coordinator of the oCERT effort, the Open Source Computer Emergency Reponse Team.

He has been involved in the Gentoo project, being a member of the Gentoo Security and Infrastructure Teams, and the Open Source Security Testing Methodology Manual, becoming an ISECOM Core Team member. Outside the community he has been a security consultant for Italian firms and he’s now the co-founder and Chief Security Engineer of Inverse Path Ltd.

He has been a speaker and trainer at PacSec, CanSecWest, BlackHat and DefCon conferences among many others, speaking about TEMPEST attacks, SatNav hacking, 0-days, LDAP and other pretty things.

** Note: Presenting with Daniele Bianco