Dailydave mailing list archives
RE: Shoulder Surfing becomes Shoulder Listening...
From: "Jeremy Richards" <jrichards () ncircle com>
Date: Fri, 16 Sep 2005 11:17:03 -0700
I am simply amazed at the amount of press this is getting right now... So far I've seen it in Schneier's blog, Slashdot, various forums and now, DD? This type of attack has been well documented and proven long ago. This article, for example, was released a year and a half ago: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci9 63348,00.html <http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci 963348,00.html> ...ok, to make this (hopefully) an informational post rather then a rant, here are some additional 'cool' readings: 1) Acoustic Cryptanalysis. http://www.wisdom.weizmann.ac.il/~tromer/acoustic/ <http://www.wisdom.weizmann.ac.il/%7Etromer/acoustic/> "Adi Shamir, Eran Tromer have done some remarkable research into a side channel attack that is able to extract private RSA keys just by monitoring the sound output of your computer!" 2) Power Analysis. http://www.cryptography.com/resources/whitepapers/DPA.html <http://www.cryptography.com/resources/whitepapers/DPA.html> "DPA is a powerful tool that allows cryptanalysts to extract secret keys and compromise the security of smart cards and other cryptographic devices by analyzing their power consumption." 3) LED Leakage. http://portal.acm.org/citation.cfm?doid=545186.545189 <http://portal.acm.org/citation.cfm?doid=545186.545189> "A previously unknown form of compromising emanations has been discovered. LED status indicators on data communication equipment, under certain conditions, are shown to carry a modulated optical signal that is significantly correlated with information being processed by the device....Experiments show that it is possible to intercept data under realistic conditions at a considerable distance. Many different sorts of devices, including modems and Internet Protocol routers, were found to be vulnerable." Regards, dyn ------------------------------------------ dyngnosis.blogspot.com ------------------------------------------ _____ From: Hackling, Matthew (AU - Melbourne) [mailto:mhackling () deloitte com au] Sent: Thursday, September 15, 2005 7:56 PM To: dailydave () lists immunitysec com Subject: [Dailydave] Shoulder Surfing becomes Shoulder Listening... Well here's some james bond type stuff... We all remember tempest and EMR interception......well wait for it! Researchers were able to identify text typed by listening and analysing the noise that the keyboards made... With twenty trials they captured: 90% of 5 character passwords 77% of 8 character passwords 69% of 10 character passwords I can see the spooks loving this, using their laser listening devices to capture logons/passwords etc. http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_Emanations_Re visited/preprint.pdf http://www.electromax.com/laser.html Matthew Hackling B.Sc. (Security) CISSP Client Manager Security Services Group Deloitte Direct: +61 3 208 6610 Fax: +61 3 208 7001 Mobile: +61 402288599 mhackling () deloitte com au www.deloitte.com.au 180 Lonsdale Street Melbourne Victoria This email and any attachments to it are confidential. You must not use, disclose or act on the email if you are not the intended recipient. Liability limited by a scheme approved under Professional Standards Legislation. Deloitte is a member of Deloitte Touche Tohmatsu (a Swiss Verein). As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other's acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names "Deloitte", "Deloitte & Touche", "Deloitte Touche Tohmatsu", or other related names. Services are provided by the member firms or their subsidiaries and affiliates and not by the Deloitte Touche Tohmatsu Verein.
Current thread:
- Shoulder Surfing becomes Shoulder Listening... Hackling, Matthew (AU - Melbourne) (Sep 15)
- Re: Shoulder Surfing becomes Shoulder Listening... Gadi Evron (Sep 15)
- Re: Shoulder Surfing becomes Shoulder Listening... miah (Sep 16)
- <Possible follow-ups>
- RE: Shoulder Surfing becomes Shoulder Listening... Jeremy Richards (Sep 16)
- Re: Shoulder Surfing becomes Shoulder Listening... Gadi Evron (Sep 15)