Keyboard Sniffers to Steal Data
BBC News (10/21/08)
Doctoral students Martin Vuagnoux and Sylvain Pasini from the Security and Cryptography Laboratory at the Swiss Ecole Polytechnique Federale de Lausanne (EPFL) were able to monitor what people type by analyzing the electromagnetic signals produced by every keystroke.
The EPFL students developed four attacks that will work on a variety of computer keyboards, leading them to declare that keyboards are not safe to transmit sensitive information. Vuagnoux and Pasini tested 11 keyboards that connected to a computer through either a USB or PS/2 socket, though the attacks also work on keyboards embedded in laptops. Each keyboard tested was vulnerable to at least one of the four attacks they developed, with one of the attacks being effective at a distance of 20 meters.
The students used a radio antenna to fully or partially recover keystrokes by detecting the electromagnetic radiation emitted when keys are pressed. The research builds on previous work by University of Cambridge computer scientist Markus Kuhn, who explored ways of using electromagnetic emanations to eavesdrop and steal useful information.
Patches Pose Significant Risk, Researchers Say
SecurityFocus (04/23/08) Lemos, Robert
A team of computer scientists has developed a technique that exploits patches and updates by automatically comparing the vulnerable and repaired versions of a program and creating attack code. The technique, which the researchers call automatic patch-based exploit generation (APEG), can generate attack code for most major vulnerabilities in minutes by automatically analyzing a patch design to fix a flaw. If Microsoft does not change how it distributes patches to customers, attackers could create a system that attacks the flaws in unpatched systems minutes after an update is sent out, says Carnegie Mellon computer science PhD candidate David Brumley. The technique is built on methods used by many security researchers, who reverse engineer patches to find vulnerabilities fixed by the update. Normally the process can take a few days, or even hours, but Brumley and his colleagues were able to use APEG to create exploits in five recent Microsoft patches in under six seconds each time. The system does not create fully weaponized exploits and may not work on all types of vulnerabilities, but it shows that developing exploits from patches can be done in minutes. The researchers suggest that Microsoft could increase the likelihood that customers receive patches before attackers can reverse engineer them by obfuscating the code, encrypting the patches and waiting to distribute the key simultaneously, and using peer-to-peer networks to increase the distribution of patches.
I know I should treat all this as a challenge but I’m ready to pull my hair out. We work to keep everything patched to a safe level, which requires a lot of time. If one is using WSUS for the windows patches, that’s scheduled and pushed out on a regular basis, but that means there are gaps and the machines are vulnerable for a certain amount of time between patches. GAG. If one is letting the computer do the automatic updates, you are at Micro$oft’s mercy as to which download group the machine will be in. I’ve had 3 day gaps between machines getting the same updates pushed out. Does that sound safe?
Not so much.
Feh. I think I’ll take up painting or something and see if I can make a living from that. Umm hmm.