I recall that being a plot point in Neil Stephenson's Cryptonomicon. It sounded plausible enough that it didn't break my willing suspension of disbelief, but I never gave it much thought after I finished reading the book. I'm thinking now I should revisit the topic and try to evaluate how bad the emissions of my own equipment is, and what I can/should do about it, if anything. For example, should this affect my rotation policy for encryption keys?
> "[...] should this affect my rotation policy for encryption keys?"
Only if you're in the habit of displaying them or typing them in or otherwise transmitting them over leaky I/O channels. If all they do is get loaded from your internal SSD to RAM, then they're pretty safe. Your passwords are what's really at risk, and any secrets that you put on screen.
"typed by intercepting side-channel signals produced by the first laptop’s keyboard software, which had been modified to make the characters easier to identify."
So they modified the keyboard to make it easy to detect what was typed? Not saying side-channel isn't a issue, but that's kinda silly :)
Actually, this shows that intercepting the password entered from either audio or electronic signals from the other side of a wall is possible. It's just a matter of perfecting the technology to intercept it.
Like, if I can read Chinese as long as the strokes are clearly made, you can say that I can read Chinese. Now it's just a matter of increasing error correction to remove the qualifier.
It's only a matter of budget to be able to read the keyboard characters without modifying the driver.
Sounds to me like they modified the driver so that it had some kind of emissions pattern they could track. Driver could be modified via a virus or something.
Let's say your computer emits a inaudible signal at 4.127Hz when the A key is pressed, 4.131Hz when the B key is pressed, etc. There is a unique signal emitted for each key.
It sounds like they just modified the driver to make those signals easier to detect. (i.e. A became 4Hz, B became 4.1Hz, etc.) If they had more sensitive detectors, maybe they wouldn't need to modify the driver.
The information about side channel attacks is really interesting, and useful to defend against real attackers. But there are no coffee shop hackers. Nobody is sitting at Starbucks trying to break into your Facebook account or glean the secrets of the bake sale you're organizing next week.
It would be really nice if reporting news didn't constantly require praying on the unfounded fears people have of things they don't understand.
Are you sure about that? Many people log into their bank accounts while online at coffee shops. A passive attacker could tape an old android phone to the bottom of a table, with a custom sniffing program running in the background.
It sounds like a stretch now, but could become a more common threat if some code is released to the script kiddies.
If a hacker wants money they can go online and buy 100 credit cards for less than $10. If they want bank accounts, they can take over someone's sloppily-admined botnet that's already collected thousands of accounts. Even script kiddies know this stuff; those are usually the people who run botnets or make money off spam.
You spend more time trying to pilfer anything useful than would ever be useful. Then there's the whole getting caught bit; most hackers are prison-averse. The only hacking you will see at Starbucks is benign proof-of-concept stuff and research.
Using an absolute like "there are no coffee shop hackers" isn't accurate. It's probably not common but there are some.
I've thought about why you'd target people in coffee shops / public places. There's a coffee shop in Austin near the capitol that's frequented by politicians and their associates. They often have meetings there or sit and work on their laptops. I think the reasons you'd target them are obvious.
Again, not the right target, and not an efficient attack. If you're targeting specific people, phishing works 200 times better. Politicians generally leave the tech-savvy business to their pages, anyway, and use blackberries for communication. Heck, in DC you can find out more secret intel just riding the subway around certain specific stops and keeping your ears open.
Hmm. I never really thought about it until now. I used to be a hacker (not so nice one), but those days are long gone.
One idea with this is using a microphone array with HARK(http://www.hark.jp/). I would be able to listen to any arbitrary keyboard press, and map them to a 3d scene. Assuming a bit of jitter, I could probably reproduce what you typed on your keyboard.
A smartphone with touchscreen would be impractical with this setup. I'm unsure regarding buttoned smartphones (slide out keyboard).
I've been working with 3d scene generation and voice decoding. I'm making a board room auto-transcripter. It would map where people are, and attach who says what, when. It also has uses also in the courtroom where a mic array could also overhear whispers the jurors say in open court, to potentially catch issues that would cause a mistrial.
Of course, this could also be taken to the 'listen to everything in the area and decode semi-private actions'.
This is already an established attack vector. Furthermore, even if you have sound proofed the room high quality DSLRs can pick up enough vibration from things like plants to reenact the sound.
Edit: Also it goes beyond just password interception. By following patterns of key presses you can detect things like language and even application.
"The processor draws different amounts of current depending on the operation, creating fluctuations that can be measured. Saving data to memory also requires a large amount of current, creating a “loud” operation."
Could you not recompile a kernel or something to make enough side channel 'noise' to jam the cpu/memory related 'signal' from your actual typing? Like the cook banging two saucepans together as Utz and the Critic talked in that flat in Prague? (Utz by Bruce Chatwin).
Heavy on battery, and might not address the pure keyboard side channel signal if I have understood the article correctly.
Though a fictitious example, in the book Cryptonomicon, the protagonist did a similar trick to try to counter the emissions from his computer being read. I don't know how practical that would be IRL, however. I use Gentoo on my daily driver, and even I am not compiling all the time. And a compile job small enough to run in an infinite loop without impacting your ability to get other work done might not make enough making noise, or might have enough of a pattern to it that it could be filtered out.
See also Melissa Elliott's Defcon 2012 talk "Exploring Unintentional Radio Emissions":
http://www.youtube.com/watch?v=5N1C3WB8c0o
(I actually bought a cheap SDR dongle after watching it, to see what I could pick up. So far I've found that the antenna it comes with makes tuning into FM radio difficult :/, and when I went to use it to do some investigation about WiFi signal traffic I was reminded they have a limited range on the spectrum...)
Do Android keyboards play the same sound for all keys? I know that the space key has a very different sound. I wonder if sonic differences not perceptible to the human ear are already being used to intercept key presses using only a microphone or if someone already investigated it.
I feel like with most security research the only way to get $INDUSTRY to take things seriously is if there's an easy tool for anyone to use that exposes the weakness, like firesheep with https. For individuals driven by money, you need to get their customers riled up. So in a way, developing open tools to exploit weaknesses is a way of countering the weaknesses in the long run.
I'm surprised the article doesn't suggest increasing side-channel noise as a crude interim counter.
Certainly it would be a big power drain, but for the security conscious it sounds like a reasonably easy short-term solution. That, and not accessing sensitive data in public, of course.