Black Hat: Intercepting PINs at the socket
At the Black Hat security conference currently being held in Las Vegas, Italian security researchers Andrea Barisani and Daniele Bianco presented a PS/2 protocol keyboard sniffer. The sniffer can read key strokes on a PS/2 keyboard from the mains grid's earth lead. According to Barisani, the team managed to retrieve the PINs entered at cash machines in Italy simply from a mains socket, without using a camera or other method. Potentially, this represents a new method for skimming attacks.
The term skimming refers to a Man-in-the-Middle attack that aims at spying out the magnetic stripe and PIN information of credit and bank cards. A widely used method is to attach additional hardware for retrieving the magnetic stripe information to the cash machine's card slot. PINs are often filmed while being entered by a miniature camera temporarily attached above the keypad.
The security researchers also demonstrated how to spy out keyboard strokes by reading a notebook's vibrations with a laser microphone and subjecting the results to a probability evaluation using stochastic analysis.
The Black Hat presentations will be available in the online archive two weeks after the event.