
Researchers work to counter a new class of coffee shop hackers - khare_ashwini
http://www.news.gatech.edu/2015/01/08/researchers-work-counter-new-class-coffee-shop-hackers
======
parktheredcar
[http://en.wikipedia.org/wiki/Van_Eck_phreaking](http://en.wikipedia.org/wiki/Van_Eck_phreaking)

~~~
127001brewer
This is also talked about in the book, "Silence on the Wire".

[http://www.amazon.com/Silence-Wire-Passive-Reconnaissance-
In...](http://www.amazon.com/Silence-Wire-Passive-Reconnaissance-
Indirect/dp/1593270461)

~~~
parktheredcar
Thanks for sharing, that looks like an interesting read.

There was also this paper (linking to summary) about figuring out how to
decode the audio of someone typing on a keyboard.

[https://freedom-to-tinker.com/blog/felten/acoustic-
snooping-...](https://freedom-to-tinker.com/blog/felten/acoustic-snooping-
typed-information/)

~~~
127001brewer
...it's actually a good compliment while ( _slowly_ ) trying to complete the
challenges on [http://cryptopals.com/](http://cryptopals.com/)

------
gregrata
"typed by intercepting side-channel signals produced by the first laptop’s
keyboard software, which had been modified to make the characters easier to
identify."

So they modified the keyboard to make it easy to detect what was typed? Not
saying side-channel isn't a issue, but that's kinda silly :)

~~~
stewartbutler
> keyboard software

Sounds to me like they modified the driver so that it had some kind of
emissions pattern they could track. Driver could be modified via a virus or
something.

~~~
unreal37
Let's say your computer emits a inaudible signal at 4.127Hz when the A key is
pressed, 4.131Hz when the B key is pressed, etc. There is a unique signal
emitted for each key.

It sounds like they just modified the driver to make those signals easier to
detect. (i.e. A became 4Hz, B became 4.1Hz, etc.) If they had more sensitive
detectors, maybe they wouldn't need to modify the driver.

My guess.

------
TheGrassyKnoll
Dammit, now I've gotta take the tin foil off my head and wrap it around my
laptop...

------
peterwwillis
The information about side channel attacks is really interesting, and useful
to defend against real attackers. But there are no coffee shop hackers. Nobody
is sitting at Starbucks trying to break into your Facebook account or glean
the secrets of the bake sale you're organizing next week.

It would be really nice if reporting news didn't constantly require praying on
the unfounded fears people have of things they don't understand.

~~~
chatmasta
Are you sure about that? Many people log into their bank accounts while online
at coffee shops. A passive attacker could tape an old android phone to the
bottom of a table, with a custom sniffing program running in the background.

It sounds like a stretch now, but could become a more common threat if some
code is released to the script kiddies.

~~~
peterwwillis
If a hacker wants money they can go online and buy 100 credit cards for less
than $10. If they want bank accounts, they can take over someone's sloppily-
admined botnet that's already collected thousands of accounts. Even script
kiddies know this stuff; those are usually the people who run botnets or make
money off spam.

You spend more time trying to pilfer anything useful than would ever be
useful. Then there's the whole getting caught bit; most hackers are prison-
averse. The only hacking you will see at Starbucks is benign proof-of-concept
stuff and research.

------
kefka
Hmm. I never really thought about it until now. I used to be a hacker (not so
nice one), but those days are long gone.

One idea with this is using a microphone array with
HARK([http://www.hark.jp/](http://www.hark.jp/)). I would be able to listen to
any arbitrary keyboard press, and map them to a 3d scene. Assuming a bit of
jitter, I could probably reproduce what you typed on your keyboard.

A smartphone with touchscreen would be impractical with this setup. I'm unsure
regarding buttoned smartphones (slide out keyboard).

I've been working with 3d scene generation and voice decoding. I'm making a
board room auto-transcripter. It would map where people are, and attach who
says what, when. It also has uses also in the courtroom where a mic array
could also overhear whispers the jurors say in open court, to potentially
catch issues that would cause a mistrial.

Of course, this could also be taken to the 'listen to everything in the area
and decode semi-private actions'.

~~~
3pt14159
This is already an established attack vector. Furthermore, even if you have
sound proofed the room high quality DSLRs can pick up enough vibration from
things like plants to reenact the sound.

Edit: Also it goes beyond just password interception. By following patterns of
key presses you can detect things like language and even application.

------
Kielbasacasa
“If somebody is putting strange objects near your computer, you certainly
should beware,” best line of the article

------
keithpeter
_" The processor draws different amounts of current depending on the
operation, creating fluctuations that can be measured. Saving data to memory
also requires a large amount of current, creating a “loud” operation."_

Could you not recompile a kernel or something to make enough side channel
'noise' to jam the cpu/memory related 'signal' from your actual typing? Like
the cook banging two saucepans together as Utz and the Critic talked in that
flat in Prague? ( _Utz_ by Bruce Chatwin).

Heavy on battery, and might not address the pure keyboard side channel signal
if I have understood the article correctly.

~~~
korethr
Though a fictitious example, in the book Cryptonomicon, the protagonist did a
similar trick to try to counter the emissions from his computer being read. I
don't know how practical that would be IRL, however. I use Gentoo on my daily
driver, and even I am not compiling _all_ the time. And a compile job small
enough to run in an infinite loop without impacting your ability to get other
work done might not make enough making noise, or might have enough of a
pattern to it that it could be filtered out.

------
wwweston
See also Melissa Elliott's Defcon 2012 talk "Exploring Unintentional Radio
Emissions":

    
    
       http://www.youtube.com/watch?v=5N1C3WB8c0o
    

(I actually bought a cheap SDR dongle after watching it, to see what I could
pick up. So far I've found that the antenna it comes with makes tuning into FM
radio difficult :/, and when I went to use it to do some investigation about
WiFi signal traffic I was reminded they have a limited range on the
spectrum...)

------
TheGrassyKnoll
Also also on Hacker News today/recently:

A $10 USB charger that steals MS keyboard strokes (arstechnica.com)

[http://arstechnica.com/security/2015/01/meet-keysweeper-
the-...](http://arstechnica.com/security/2015/01/meet-keysweeper-the-10-usb-
charger-that-steals-ms-keyboard-strokes/)

------
jkot
Wit old CRT screens one could reconstruct entire image in black&white just
from radio emissions.

------
psykovsky
Do Android keyboards play the same sound for all keys? I know that the space
key has a very different sound. I wonder if sonic differences not perceptible
to the human ear are already being used to intercept key presses using only a
microphone or if someone already investigated it.

------
surlyadopter
Someone has been reading too much Neal Stephenson...

~~~
matthewmcg
Shh---now they know to check for blinking keyboard LEDs.

~~~
127001brewer
_ACHTUNG! ... ZO RELAXEN UND WATSCHEN DER BLINKENLICHTEN._

[http://en.wikipedia.org/wiki/Blinkenlights](http://en.wikipedia.org/wiki/Blinkenlights)

------
modzu
TEMPEST SECURED

------
Zikes
The title needs changed, as the article doesn't actually address wifi hacking.

~~~
Morphling
Also there doesn't seem to be anything that is actually "countering" anything
at the moment

~~~
parktheredcar
I feel like with most security research the only way to get $INDUSTRY to take
things seriously is if there's an easy tool for anyone to use that exposes the
weakness, like firesheep with https. For individuals driven by money, you need
to get their customers riled up. So in a way, developing open tools to exploit
weaknesses is a way of countering the weaknesses in the long run.

