Optical Espionage: Using Lasers to Hear Keystrokes Through Glass Windows

Presented at DEF CON 32 (2024), Aug. 9, 2024, 2 p.m. (45 minutes).

Sashay away from this talk with the knowledge to perform state-of-the-art espionage, no technical background required. In the realm of privilege escalation and data exfiltration, the physical world quietly screams secrets. We'll demystify the fascinating physics behind signals and how various forms of energy--infrared, visible, and ultraviolet light, radio, ultrasound, audible sound, mechanical vibration, and temperature--can be interpreted as waves that unintentionally leak information, even in air-gapped (non-networked) systems. We'll observe how air is in fact not an effective gap or barrier as radio, light, sound, and vibration excitedly travel through it. We'll explore how all electrical signals radiate electromagnetism (light or radio) that can be intercepted and how we can reverse this process, producing electromagnetism to inject desired electrical signals into our target. We'll delve into historical and seminal side-channel/TEMPEST attacks from our friends at the NSA, KGB, and past DEF CON pioneers. You'll learn about the essential electrical and optical components combined for cutting-edge eavesdropping, including what our target is typing from a distance. While others believe they're obtaining noise, we will extract signal, and you'll leave this talk hearing the world in a new light. - [1985] Electromagnetic radiation from video display units - Wim van Eck - Bunnie [link](https://www.bunniestudios.com/blog/hacking-the-pic-18f1320/) - DEFCON 17: Sniff Keystrokes With Lasers/Voltmeters - Andrea Barisani, Daniele Bianco - DEF CON 23 - Colin Flynn - Dont Whisper my Chips: Sidechannel and Glitching for Fun and Profit - DEF CON 24 - Marc Newlin - MouseJack: Injecting Keystrokes into Wireless Mice - DEF CON 25 - Matt Wixey - See no evil, hear no evil: Hacking invisibly & silently with light & sound - DEF CON 31 - Video Based Cryptanalysis Extracting Keys from Power LEDs - Ben Nassi, Ofek Vayner - Georgi Gerganov - kbd-audio [link](https://github.com/ggerganov/kbd-audio) - Lest We Remember: Cold Boot Attacks on Encryption Keys - Halderman et al [link](https://www.usenix.org/legacy/event/sec08/tech/full_papers/halderman/halderman.pdf) - RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis - Daniel Genkin, Adi Shamir, Eran Tromer [link](https://cs-people.bu.edu/tromer/acoustic/)

Presenters:

• samy kamkar
  Samy Kamkar is a security researcher, sometimes known for creating The MySpace Worm, the fastest spreading (non-biological) virus of all time. As a teenager, this led to a raid by the Secret Service and a court-ordered ban from computers, the Internet, and MySpace. After years of virtuous, upstanding behavior and a legal technological reinstatement, he now attempts to develop and illustrate terrifying vulnerabilities with playfulness, where his exploits have been branded: “Controversial” -The Wall Street Journal “Horrific” -The New York Times “Now I want to fill my USB ports up with cement” -Gizmodo Samy's open source software, hardware, and research highlight insecurities and privacy implications in everyday technologies. From NAT Slipstreaming and Evercookies, which bypass firewalls by simply visiting a web page and produce virtually immutable respawning cookies, to RollJam and SkyJack, a cryptography-agnostic radio-based car exploitation device and drones that wirelessly hijack and autonomously control swarms of other drones within wireless distance. His work has been cited by the NSA, triggered hearings on Capitol Hill, and is the basis for security advancements across nearly all major web browsers, smartphones, and vehicles.

Similar Presentations:

• DEF CON 30 (2022) / Panel - "So It's your first DEF CON" - How to get the most out of DEF CON, What NOT to do.
• DEF CON 31 (2023) / DEF CON 101 - Welcome to DEF CON Panel
• DEF CON 32 (2024) / DEF CON Academy: Cultivating M4D SK1LLZ In the DEF CON Community