Security is harder than you think. Researchers describe a technique they developed to decipher keystrokes by recording motion detected by a nearby off-the-shelf smartphone's built-in accelerometers. If you're a programmer, that linked paper is fascinating. The main takeaway for me is this: there are many ways for information to “leak” out of a computer system, and a determined and clever bad guy could take advantage of them.
Many years ago, when I was in the U.S. Navy, there was a program called TEMPEST that I just discovered is still in place. The idea behind TEMPEST was to shield all the wiring and cabinets of electronic equipment that carried classified information, to prevent an adversary from exploiting the “emanations” of such equipment. The Naval Tactical Data System (NTDS) that I worked on used a teletype machine for human interaction and logging, and this machine was enclosed in a TEMPEST cabinet. A friend and I noticed, however, that when we had an oscilloscope nearby it, we could still see the waveforms caused by the high voltage transitions on its serial data line. While we didn't try to exploit it, it was obvious that it could be done. After reading this paper, it's equally obvious that the sounds it made could have been exploited, too – they were loud and quite different from character-to-character...
No comments:
Post a Comment