Monday, May 11, 2009

How Hackers Can Steal Secrets From Reflections

These attacks are difficult to defend against and impossible to trace

Even the best electronic security may not be enough to protect sensitive data from dogged hackers, and researchers have been able to extract information from the flashes of light-emitting diodes on network switches or the reflection of screen images off an eyeball. Swiss Federal Institute of Technology graduate students Martin Vuagnoux and Sylvain Pasini observe that commonplace radio surveillance equipment can pick up keystrokes as they are typed on a keyboard in a different room, and they are preparing a conference paper detailing four unique ways that keystrokes can be inferred from radio signals captured through walls at distances up to 20 meters.

These side-channel exploits are untraceable and very difficult to defend against, yet computer security researchers have devoted little attention to the problem. Although many of these attacks require specialized knowledge and equipment, Max Planck Institute for Software Systems fellow Michael Backes contends that reflection-based attacks can be carried out by anyone with a $500 telescope and a digital camera. Eyes and other curved surfaces are particularly useful in reading reflections as they reveal wide swathes of their surroundings. Privacy filters applied to laptop screens to prevent over-the-shoulder eavesdropping can aid reflection exploits, as the filters raise the brightness of the reflection on the viewer's eyes. It is doubtful that side-channel attacks will become as ubiquitous as spam, malware, and other network hacking tools.

As University of Cambridge Computer Laboratory scientist Markus G. Kuhn notes that "you have to be close to the target, and you must be observing while a user is actively accessing the information." These methods will probably be employed to infiltrate specially selected targets such as the computer systems of financiers and high-level corporate and government officials.

Refer here to read full coverage on this particular research.

No comments: