CAU-2007-0001: Window Transparency Information Disclosure

["I)ruid" <druid () caughq org>]

                      ____      ____     __    __
                     /    \    /    \   |  |  |  |
        ----====####/  /\__\##/  /\  \##|  |##|  |####====----
                   |  |      |  |__|  | |  |  |  |
                   |  |  ___ |   __   | |  |  |  |
  ------======######\  \/  /#|  |##|  |#|  |##|  |######======------
                     \____/  |__|  |__|  \______/
                                                     
                    Computer Academic Underground
                        http://www.caughq.org
                          Security Advisory 

===============/========================================================
Advisory ID:    CAU-2007-0001
Release Date:   04/01/2007
Title:          Window Transparency Information Disclosure
Application/OS: Windows made from silica or plastics
Topic:          Panes used in windows are usually transparent, allowing
                sensitive information to be observed from the outside.
Vendor Status:  Not Notified
Attributes:     Remote, Information Disclosure
Advisory URL:   http://www.caughq.org/advisories/CAU-2007-0001.txt
Author/Email:   I)ruid <druid (at) caughq.org> 
===============/========================================================

Overview
========

An information disclosure attack can be launched against buildings that
make use of windows made of glass or other transparent materials by
observing externally-facing information through the window.


Impact
======

Sensitive information stored on whiteboards, cork-boards, calendars,
post-it notes, or other medium which faces a window is susceptible to
being disclosed to a remote entity.


Affected Systems
================

1) Silica Windows

2) Plastic Windows


Technical Explanation
=====================

Silica-based (glass) windows have molecular structures that are very
random like a liquid yet retain the strong bond and rigidity of a solid.
Transparent and translucent plastic windows have molecular structures
wherein the long-chain molecules (polymers) in the plastic are made to
settle into a similarly random pattern.

These random patterned molecular structures have electrons that do not
absorb the energy of photons in the visible spectrum, thus allowing
visible light to traverse them.  This traversal of visible light allows
the human eye to observe an object through the window.


Solutions & Recommendations
==========================

1) Do not store sensitive information on any medium which faces a window.

2) Draw blinds or curtains over the vulnerable window so as to prevent
   remote observers from viewing any sensitive information.

3) Apply an opaquing layer to vulnerable windows.


Exploitation
============

Use the naked eye, binoculars, or a telescoping lens to peer through the
windows of your target building.  Locate information storing mediums such
as whiteboards, cork-boards, or post-it notes which face outward through
the window.  Read the medium's content.


References
==========

Howstuffworks "What makes glass transparent?"
  http://science.howstuffworks.com/question404.htm


Credits & Gr33ts
================

Computer Academic Underground
Prof. Julius Sumner Miller

-- 
I)ruid, C²ISSP
druid () caughq org
http://druid.caughq.org

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/