Researchers work to counter a new class of coffee shop hackers (opens in new tab)

(news.gatech.edu)

40 pointskhare_ashwini11y ago39 comments

39 comments

38 comments · 14 top-level

parktheredcar11y ago· 5 in thread

http://en.wikipedia.org/wiki/Van_Eck_phreaking

127001brewer11y ago

This is also talked about in the book, "Silence on the Wire".

http://www.amazon.com/Silence-Wire-Passive-Reconnaissance-In...

parktheredcar11y ago

Thanks for sharing, that looks like an interesting read.

There was also this paper (linking to summary) about figuring out how to decode the audio of someone typing on a keyboard.

https://freedom-to-tinker.com/blog/felten/acoustic-snooping-...

1 more reply

korethr11y ago

I recall that being a plot point in Neil Stephenson's Cryptonomicon. It sounded plausible enough that it didn't break my willing suspension of disbelief, but I never gave it much thought after I finished reading the book. I'm thinking now I should revisit the topic and try to evaluate how bad the emissions of my own equipment is, and what I can/should do about it, if anything. For example, should this affect my rotation policy for encryption keys?

wtallis11y ago

> "[...] should this affect my rotation policy for encryption keys?"

Only if you're in the habit of displaying them or typing them in or otherwise transmitting them over leaky I/O channels. If all they do is get loaded from your internal SSD to RAM, then they're pretty safe. Your passwords are what's really at risk, and any secrets that you put on screen.

therealdrag011y ago

Which makes an appearance in the always recommended novel Cryptonomicon.

http://www.amazon.com/Cryptonomicon-Neal-Stephenson/dp/00605...

Zikes11y ago· 5 in thread

The title needs changed, as the article doesn't actually address wifi hacking.

Morphling11y ago

Also there doesn't seem to be anything that is actually "countering" anything at the moment

parktheredcar11y ago

I feel like with most security research the only way to get $INDUSTRY to take things seriously is if there's an easy tool for anyone to use that exposes the weakness, like firesheep with https. For individuals driven by money, you need to get their customers riled up. So in a way, developing open tools to exploit weaknesses is a way of countering the weaknesses in the long run.

Zikes11y ago

I'm surprised the article doesn't suggest increasing side-channel noise as a crude interim counter.

Certainly it would be a big power drain, but for the security conscious it sounds like a reasonably easy short-term solution. That, and not accessing sensitive data in public, of course.

CoderOnWelfare11y ago

and truthfully WIFI at any cafe is easily spoofed so customers data can be routed thru your fake repeater pretending to be the original WIFI source.

This is like securing your windshield in your car, and not worrying about the car door locks.

The people who know how to snarf your information this way, probably can hack you a dozen other ways too.

sctb11y ago

Thanks, we changed it to the original article title.

gregrata11y ago· 4 in thread

"typed by intercepting side-channel signals produced by the first laptop’s keyboard software, which had been modified to make the characters easier to identify."

So they modified the keyboard to make it easy to detect what was typed? Not saying side-channel isn't a issue, but that's kinda silly :)

unreal3711y ago

Actually, this shows that intercepting the password entered from either audio or electronic signals from the other side of a wall is possible. It's just a matter of perfecting the technology to intercept it.

Like, if I can read Chinese as long as the strokes are clearly made, you can say that I can read Chinese. Now it's just a matter of increasing error correction to remove the qualifier.

It's only a matter of budget to be able to read the keyboard characters without modifying the driver.

stewartbutler11y ago

> keyboard software

Sounds to me like they modified the driver so that it had some kind of emissions pattern they could track. Driver could be modified via a virus or something.

unreal3711y ago

Let's say your computer emits a inaudible signal at 4.127Hz when the A key is pressed, 4.131Hz when the B key is pressed, etc. There is a unique signal emitted for each key.

It sounds like they just modified the driver to make those signals easier to detect. (i.e. A became 4Hz, B became 4.1Hz, etc.) If they had more sensitive detectors, maybe they wouldn't need to modify the driver.

My guess.

clearf11y ago

If you could modify the driver, you may not need to rely on the subtlety of the emissions patterns...

peterwwillis11y ago· 4 in thread

The information about side channel attacks is really interesting, and useful to defend against real attackers. But there are no coffee shop hackers. Nobody is sitting at Starbucks trying to break into your Facebook account or glean the secrets of the bake sale you're organizing next week.

It would be really nice if reporting news didn't constantly require praying on the unfounded fears people have of things they don't understand.

chatmasta11y ago

Are you sure about that? Many people log into their bank accounts while online at coffee shops. A passive attacker could tape an old android phone to the bottom of a table, with a custom sniffing program running in the background.

It sounds like a stretch now, but could become a more common threat if some code is released to the script kiddies.

peterwwillis11y ago

If a hacker wants money they can go online and buy 100 credit cards for less than $10. If they want bank accounts, they can take over someone's sloppily-admined botnet that's already collected thousands of accounts. Even script kiddies know this stuff; those are usually the people who run botnets or make money off spam.

You spend more time trying to pilfer anything useful than would ever be useful. Then there's the whole getting caught bit; most hackers are prison-averse. The only hacking you will see at Starbucks is benign proof-of-concept stuff and research.

driverdan11y ago

Using an absolute like "there are no coffee shop hackers" isn't accurate. It's probably not common but there are some.

I've thought about why you'd target people in coffee shops / public places. There's a coffee shop in Austin near the capitol that's frequented by politicians and their associates. They often have meetings there or sit and work on their laptops. I think the reasons you'd target them are obvious.

peterwwillis11y ago

Again, not the right target, and not an efficient attack. If you're targeting specific people, phishing works 200 times better. Politicians generally leave the tech-savvy business to their pages, anyway, and use blackberries for communication. Heck, in DC you can find out more secret intel just riding the subway around certain specific stops and keeping your ears open.

kefka11y ago· 3 in thread

Hmm. I never really thought about it until now. I used to be a hacker (not so nice one), but those days are long gone.

One idea with this is using a microphone array with HARK(http://www.hark.jp/). I would be able to listen to any arbitrary keyboard press, and map them to a 3d scene. Assuming a bit of jitter, I could probably reproduce what you typed on your keyboard.

A smartphone with touchscreen would be impractical with this setup. I'm unsure regarding buttoned smartphones (slide out keyboard).

I've been working with 3d scene generation and voice decoding. I'm making a board room auto-transcripter. It would map where people are, and attach who says what, when. It also has uses also in the courtroom where a mic array could also overhear whispers the jurors say in open court, to potentially catch issues that would cause a mistrial.

Of course, this could also be taken to the 'listen to everything in the area and decode semi-private actions'.

3pt1415911y ago

This is already an established attack vector. Furthermore, even if you have sound proofed the room high quality DSLRs can pick up enough vibration from things like plants to reenact the sound.

Edit: Also it goes beyond just password interception. By following patterns of key presses you can detect things like language and even application.

EvilSockMonster11y ago

There's already been a lot of research done on acoustic attacks. For example: http://www.inf.ed.ac.uk/publications/thesis/online/IM100855....

skizm11y ago

Would a mechanical keyboard be more vulnerable to that microphone type of attack since it is louder?

Not that many people are busting out a mechanical keyboard in a coffee shop. I'm just curious.

surlyadopter11y ago· 2 in thread

Someone has been reading too much Neal Stephenson...

matthewmcg11y ago

Shh---now they know to check for blinking keyboard LEDs.

127001brewer11y ago

ACHTUNG! ... ZO RELAXEN UND WATSCHEN DER BLINKENLICHTEN.

http://en.wikipedia.org/wiki/Blinkenlights

keithpeter11y ago· 1 in thread

"The processor draws different amounts of current depending on the operation, creating fluctuations that can be measured. Saving data to memory also requires a large amount of current, creating a “loud” operation."

Could you not recompile a kernel or something to make enough side channel 'noise' to jam the cpu/memory related 'signal' from your actual typing? Like the cook banging two saucepans together as Utz and the Critic talked in that flat in Prague? (Utz by Bruce Chatwin).

Heavy on battery, and might not address the pure keyboard side channel signal if I have understood the article correctly.

korethr11y ago

Though a fictitious example, in the book Cryptonomicon, the protagonist did a similar trick to try to counter the emissions from his computer being read. I don't know how practical that would be IRL, however. I use Gentoo on my daily driver, and even I am not compiling all the time. And a compile job small enough to run in an infinite loop without impacting your ability to get other work done might not make enough making noise, or might have enough of a pattern to it that it could be filtered out.

TheGrassyKnoll11y ago

Dammit, now I've gotta take the tin foil off my head and wrap it around my laptop...

Kielbasacasa11y ago

“If somebody is putting strange objects near your computer, you certainly should beware,” best line of the article

wwweston11y ago

See also Melissa Elliott's Defcon 2012 talk "Exploring Unintentional Radio Emissions":

   http://www.youtube.com/watch?v=5N1C3WB8c0o

(I actually bought a cheap SDR dongle after watching it, to see what I could pick up. So far I've found that the antenna it comes with makes tuning into FM radio difficult :/, and when I went to use it to do some investigation about WiFi signal traffic I was reminded they have a limited range on the spectrum...)

TheGrassyKnoll11y ago

Also also on Hacker News today/recently:

A $10 USB charger that steals MS keyboard strokes (arstechnica.com)

http://arstechnica.com/security/2015/01/meet-keysweeper-the-...

jkot11y ago

Wit old CRT screens one could reconstruct entire image in black&white just from radio emissions.

psykovsky11y ago

Do Android keyboards play the same sound for all keys? I know that the space key has a very different sound. I wonder if sonic differences not perceptible to the human ear are already being used to intercept key presses using only a microphone or if someone already investigated it.

modzu11y ago

TEMPEST SECURED

j / k navigate · click thread line to collapse

39 comments

38 comments · 14 top-level

parktheredcar11y ago· 5 in thread

http://en.wikipedia.org/wiki/Van_Eck_phreaking

127001brewer11y ago

This is also talked about in the book, "Silence on the Wire".

http://www.amazon.com/Silence-Wire-Passive-Reconnaissance-In...

parktheredcar11y ago

Thanks for sharing, that looks like an interesting read.

There was also this paper (linking to summary) about figuring out how to decode the audio of someone typing on a keyboard.

https://freedom-to-tinker.com/blog/felten/acoustic-snooping-...

1 more reply

korethr11y ago

wtallis11y ago

> "[...] should this affect my rotation policy for encryption keys?"

therealdrag011y ago

Which makes an appearance in the always recommended novel Cryptonomicon.

http://www.amazon.com/Cryptonomicon-Neal-Stephenson/dp/00605...

Zikes11y ago· 5 in thread

The title needs changed, as the article doesn't actually address wifi hacking.

Morphling11y ago

Also there doesn't seem to be anything that is actually "countering" anything at the moment

parktheredcar11y ago

Zikes11y ago

I'm surprised the article doesn't suggest increasing side-channel noise as a crude interim counter.

Certainly it would be a big power drain, but for the security conscious it sounds like a reasonably easy short-term solution. That, and not accessing sensitive data in public, of course.

CoderOnWelfare11y ago

and truthfully WIFI at any cafe is easily spoofed so customers data can be routed thru your fake repeater pretending to be the original WIFI source.

This is like securing your windshield in your car, and not worrying about the car door locks.

The people who know how to snarf your information this way, probably can hack you a dozen other ways too.

sctb11y ago

Thanks, we changed it to the original article title.

gregrata11y ago· 4 in thread

"typed by intercepting side-channel signals produced by the first laptop’s keyboard software, which had been modified to make the characters easier to identify."

So they modified the keyboard to make it easy to detect what was typed? Not saying side-channel isn't a issue, but that's kinda silly :)

unreal3711y ago

Like, if I can read Chinese as long as the strokes are clearly made, you can say that I can read Chinese. Now it's just a matter of increasing error correction to remove the qualifier.

It's only a matter of budget to be able to read the keyboard characters without modifying the driver.

stewartbutler11y ago

> keyboard software

Sounds to me like they modified the driver so that it had some kind of emissions pattern they could track. Driver could be modified via a virus or something.

unreal3711y ago

Let's say your computer emits a inaudible signal at 4.127Hz when the A key is pressed, 4.131Hz when the B key is pressed, etc. There is a unique signal emitted for each key.

My guess.

clearf11y ago

If you could modify the driver, you may not need to rely on the subtlety of the emissions patterns...

peterwwillis11y ago· 4 in thread

It would be really nice if reporting news didn't constantly require praying on the unfounded fears people have of things they don't understand.

chatmasta11y ago

It sounds like a stretch now, but could become a more common threat if some code is released to the script kiddies.

peterwwillis11y ago

driverdan11y ago

Using an absolute like "there are no coffee shop hackers" isn't accurate. It's probably not common but there are some.

peterwwillis11y ago

kefka11y ago· 3 in thread

Hmm. I never really thought about it until now. I used to be a hacker (not so nice one), but those days are long gone.

A smartphone with touchscreen would be impractical with this setup. I'm unsure regarding buttoned smartphones (slide out keyboard).

Of course, this could also be taken to the 'listen to everything in the area and decode semi-private actions'.

3pt1415911y ago

This is already an established attack vector. Furthermore, even if you have sound proofed the room high quality DSLRs can pick up enough vibration from things like plants to reenact the sound.

Edit: Also it goes beyond just password interception. By following patterns of key presses you can detect things like language and even application.

EvilSockMonster11y ago

There's already been a lot of research done on acoustic attacks. For example: http://www.inf.ed.ac.uk/publications/thesis/online/IM100855....

skizm11y ago

Would a mechanical keyboard be more vulnerable to that microphone type of attack since it is louder?

Not that many people are busting out a mechanical keyboard in a coffee shop. I'm just curious.

surlyadopter11y ago· 2 in thread

Someone has been reading too much Neal Stephenson...

matthewmcg11y ago

Shh---now they know to check for blinking keyboard LEDs.

127001brewer11y ago

ACHTUNG! ... ZO RELAXEN UND WATSCHEN DER BLINKENLICHTEN.

http://en.wikipedia.org/wiki/Blinkenlights

keithpeter11y ago· 1 in thread

Heavy on battery, and might not address the pure keyboard side channel signal if I have understood the article correctly.

korethr11y ago

TheGrassyKnoll11y ago

Dammit, now I've gotta take the tin foil off my head and wrap it around my laptop...

Kielbasacasa11y ago

“If somebody is putting strange objects near your computer, you certainly should beware,” best line of the article

wwweston11y ago

See also Melissa Elliott's Defcon 2012 talk "Exploring Unintentional Radio Emissions":

   http://www.youtube.com/watch?v=5N1C3WB8c0o

TheGrassyKnoll11y ago

Also also on Hacker News today/recently:

A $10 USB charger that steals MS keyboard strokes (arstechnica.com)

http://arstechnica.com/security/2015/01/meet-keysweeper-the-...

jkot11y ago

Wit old CRT screens one could reconstruct entire image in black&white just from radio emissions.

psykovsky11y ago

modzu11y ago

TEMPEST SECURED

j / k navigate · click thread line to collapse