11 comments

[ 2.7 ms ] story [ 27.8 ms ] thread
lo-tech Van Eck Phreaking, it seems
I stopped reading after the first page. It is obvious that this article goes over the top. "Reading your data by observing the flashing red LED on your network switch," nonsensical.
People have done papers on traffic-analysis breaks of secure protocols based on keystroke timing...
Hmm, go and read chapter five of lcamtuf's book "Silence on the Wire," part of which is incidentally available as a book sample:

http://www.nostarch.com/download/silence_ch05.pdf

wherein he gives this scenario a fair analysis (discussing signal encoding schemes, timing, and a DIY kit).

You can extract several bits of entropy per typed character from network traffic timing information. That's plenty to bring an exhaustive password-guessing attack down into the feasible range, if you have some way to know when a particular person is typing a particular password.

As a crude countermeasure, I leave about a second between adjacent characters in a password when I am typing the password over a network.

(comment deleted)
(comment deleted)
I find it interesting that this sort of snooping is now being attributed to 'hackers' - even making the fairly safe assumption that they mean 'crackers'.

Really, a lot of this seems to be plain old espionage of the type that you could easily imagine popping up in a 1960s spy serial. Interesting, for sure, but not really the sort of clever manipulation that you would normally ascribe to 'hackers'.

Now, the curious part of me wants to go off and think about whether this seemingly false attribution is indicative of anything more significant in the wider world... but the cynical part of me wants to seize the moment and start marketing super-high-end non-reflective eyeglasses to paranoid executives!