10 Ways Your Voice and Data Can Be Spied on

Attackers seeking to do harm or mischief to networks work with an ever expanding arsenal of tools that sometimes seem to be the stuff of spy fiction, but they are all too real.

Network World — Attackers seeking to do harm or mischief to networks work with an ever expanding arsenal of tools that sometimes seem to be the stuff of spy fiction, but they are all too real.

Slideshow: 11 Security Companies to Watch

10 cutting-edge spy gadgets

Click here to find out more!

Here are 10 cloak-and-dagger ways, legal and illegal, to secretly tap

into networks and computers to capture data and conversations.

1. Wireless keyboard eavesdropping: Remote-exploit.org has released

an open source hardware design and accompanying software

for a device that captures then decrypts signals from

wireless keyboards.

The device uses a wireless receiver that can be concealed

in clothing or disguised as a common object

that could be left on a desk near a PC to pick up signals.

Called Keykeriki, the technology targets 27MHz wireless keyboards

to exploit insecurities that remote-expoit.org discovered earlier.

The company plans to build and sell the hardware.

2. Wired keyboard eavesdropping: Electromagnetic pulses that keyboards

make to signal what key is being hit travel through

the grounding system of the keyboard and the computer itself

as well as the ground for the electrical wiring

in the building where the computer is plugged in.

Probes placed on the ground for the electric wiring

can pick up these electromagnetic fluctuations,

and they can be captured and translated into characters.

The potential for this type of eavesdropping has been known

for decades, and many experts believe spy agencies have

refined techniques that make it practical.

Andrea Barisani and Daniele Bianco, researchers for

network security consultancy Inverse Path,

are presenting their quick-and-dirty research on the topic

at this year's Black Hat USA conference in the hopes

of sparking more public research of these techniques.

3. Laptop eavesdropping via lasers: Bouncing lasers off laptops

and capturing the vibrations made as keys are struck give

attackers enough data to deduce what is being typed.

Each key makes a unique set of vibrations different from

any other. The space bar makes an even more unique set,

Barisani and Bianco say.

Language analysis software can help determine which set

of vibrations correspond to which key, and if the attacker

knows the language being used,

the message can be exposed, they say.

4. Commercial keyloggers: Early keyloggers were devices attached

in-line with keyboards, but they advanced to software tools

that grab keystrokes and store or send them to an attack server.

Commercial versions have the software loaded on memory sticks that

can dump the software on a computer and then

be reinserted later to download the collected data.

5. Cell phones as remotely activated bugs: Software loaded onto

certain models of cell phones can silence the ringers and cut off

the light displays that would normally be triggered

when calls are made to them.

The caller can then listen in on conversations in the room

where the phone is located.

Click here to find out more!

According to press reports, the FBI received court permission

to use this technique to spy on

suspected Mafia members in New York.

6. Cell phone SIM card compromise: If attackers can get possession

of a cell phone briefly, they can use commercially available software

to download and read SIM cards and their store of phone numbers,

call logs, SMS messages, photos and so on.

For instance PhoneFile Pro is software on a USB stick

that claims to enable both the download and the display of the data.

7. Law enforcement wiretapping based on voice print: Phone company voice

switches include software that can search all conversations

going through it for voices that match sets of voiceprints.

Whenever the switch makes a match, it can trigger

a recording of the conversation and alert

law enforcement officials, says James Atkinson,

an expert in technical surveillance countermeasures.

The feature is designed to support communications assistance

for law enforcement (CALEA) -- the law that requires

phone companies to provide wiretapping access

under court order to specific communications traffic.

8. Remote capture of computer data: Under a sketchy technique called

Computer and Internet Protocol Address Verifier (CIPAV),

the FBI has remotely tracked down data

about individual computers.

Details of the technology have never been publicly revealed,

but they were used to track down high-school students

who sent e-mail bomb threats.

CIPAV grabs IP and MAC addresses, running processes,

visited Web sites, versions of operating systems,

registered owner and logging of computers

the target computers connect to. It is believed the software

that does this is dropped in via exploiting instant messaging.

9. Cable TV as an exploitable network: Because most cable TV networks

are essentially hubbed, any node can monitor any other node's traffic,

says James Atkinson, an expert in technical

surveillance countermeasures. By and large security is rudimentary

and the encryption used could be hacked by someone

with basic technical skills and readily

available decryption tools, he says.

10. Cell phone monitoring: Commercially available software claims

to capture cell phone conversations and texting.

Attackers need to get physical access to the phone

to upload the software that enables this.

There are several commercial brands on the market,

but there are also online complaints that the software

doesn't work as advertised or is more complicated

to use than the vendors let on.

By Tim Greene

No comments:

Post a Comment