In association with heise online

30 July 2009, 12:00

Black Hat: Intercepting PINs at the socket

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

At the Black Hat security conference currently being held in Las Vegas, Italian security researchers Andrea Barisani and Daniele Bianco presented a PS/2 protocol keyboard sniffer. The sniffer can read key strokes on a PS/2 keyboard from the mains grid's earth lead. According to Barisani, the team managed to retrieve the PINs entered at cash machines in Italy simply from a mains socket, without using a camera or other method. Potentially, this represents a new method for skimming attacks.

The term skimming refers to a Man-in-the-Middle attack that aims at spying out the magnetic stripe and PIN information of credit and bank cards. A widely used method is to attach additional hardware for retrieving the magnetic stripe information to the cash machine's card slot. PINs are often filmed while being entered by a miniature camera temporarily attached above the keypad.

The security researchers also demonstrated how to spy out keyboard strokes by reading a notebook's vibrations with a laser microphone and subjecting the results to a probability evaluation using stochastic analysis.

The Black Hat presentations will be available in the online archive two weeks after the event.

(Lukas Grunwald)


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit