When it comes to hacking tools, you can’t but imagine its always very sophisticated bits of kit. However, researchers have identified two ways of stealing data using some unlikely everyday tools including cameras and telescopes.

In methods reminiscent of those James Bond might use researchers at Saarland University in Germany managed to read computer screens from their tiny reflections on everyday objects such as glasses, teapots, and even the human eye. Meanwhile researchers at the University of California worked out a way to analyse a video of hands typing on a keyboard to guess what was being written.

Computer security research tends to focus on the software and hardware inside the PC, but this kind of 'side-channel' research, which dates back at least 45 years, looks at the physical environment. Side-channel work in the US was kicked off in 1962 when the US National Security Agency discovered strange surveillance equipment in the concrete ceiling of a US Department of State communications room in Japan and began studying how radiation emitted by communication components could be intercepted.

Much of this work has been top secret, such as the NSA's Tempest program. But side-channel hacking has been in the public eye too.

In fact, if you've seen the movie 'Sneakers' then the University of California's work will have a familiar ring. That's because a minor plot point in this 1992 Robert Redford film about a group of security geeks was the inspiration for their work.

In the movie, Redford's character, Marty Bishop, tries to steal a password by watching video of his victim, mathematician Gunter Janek, as he enters his password into a computer. "Oh, this is good," Redford says, "He's going to type in his password and we're going to get a clear shot"

Redford's character never does get his password, but the UC researchers' Clear Shot tool may give others a fighting chance, according to Marco Cova, a graduate student at the school.

Clear Shot can analyse video of hand movements on a computer keyboard and transcribe them into text. It's far from perfect, Cova says the software is accurate about 40 percent of the time, but it's good enough for someone to get the gist of what was being typed.

The software also suggests alternative words that may have been typed and more often then not the real word is in the top five suggestions provided by Clear Shot, Cova said.

Clear Shot works with an everyday webcam, but the Saarland University team has taken things up a notch, training telescopes on a variety of targets that just might happen to catch a computer monitor's reflection: teapots, glasses, bottles, spoons and even the human eye.

NEXT PAGE: How a rounded teapot is a hacker's perfect aide

  1. Researchers utilise everyday objects in a bid to steal data
  2. How a rounded teapot is a hacker's perfect aide

Visit Security Advisor for the latest internet threat news, and internet security product reviews

Researchers have hit on novel ways of stealing data using everyday objects such as teapots and cameras. We talk to two researchers about how fiction reminiscent of a James Bond film is becoming reality

The researchers came up with this idea during a lunchtime walk about nine months ago, said Michael Backes, a professor at Saarland's computer science department. Noticing that there were a lot of computers to be seen in campus windows, the researchers got to thinking. "It started as a fun project," he said. "We thought it would be kind of cute if we could look at what these people are working on."

It turned out that they could get some amazingly clear pictures. All it took was a £250 telescope trained on a reflective object in front of the monitor. For example, a teapot yielded readable images of 12 point Word documents from a distance of 5m. From 10m, they were able to read 18 point fonts. With a £14,000 Dobson telescope, they could get the same quality of images at 30m.

Backes said he's already demoed his work for a government agency, one that he declined to name. "It was convincing to these people," he said.

That's because even though the reflections are tiny, the images are much clearer than people expect. Often, first time viewers think they're looking at the computer screen itself rather than a reflection, Backes said.

One of his favourite targets is a round teapot. Looking at a spoon or a pair of glasses, you might not get a good view of the monitor, but a spherical teapot makes a perfect target. "If you place a sphere close by, you will always see the monitor," he said. "This helps; you don't have to be lucky."

The Saarland researchers are now working out new image analysis algorithms and training astronomical cameras on their subjects in hopes of getting better images from even more difficult surfaces such as the human eye. They've even aimed their telescopes and cameras at a white wall and have picked up readable reflections from a monitor 2m from the wall.

Does Backes think that we should really be concerned about this kind of high tech snooping? Maybe, just because it's so cheap and easy to do. He said he could see some people shelling out the £250 for a telescope just to try it out on their neighbours.

So how to protect yourself from the telescopic snooper? Easy. "Closing your curtains is maybe the best thing you can do," he said.

  1. Researchers utilise everyday objects in a bid to steal data
  2. How a rounded teapot is a hacker's perfect aide

Visit Security Advisor for the latest internet threat news, and internet security product reviews