Home / Blogs

The Growing Security Concerns… Don't Have Nightmares

Bill Thompson

Anyone concerned about the security of their computers and the data held on them might sleep a little uneasily tonight.

Over the past few weeks we've heard reports of serious vulnerabilities in wireless networking and chip and pin readers, and seen how web browsers could fall victim to 'clickjacking' and trick us into inadvertently visiting fake websites.

The longstanding fear that malicious software might start infecting our mobile phones was given a boost when the Information Security Center at US university Georgia Tech outlined how phone software could be hijacked to create 'botnets' and allow handsets to be remotely controlled.

And now a group of researchers at the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne in Switzerland have shown that you can read what is typed on a keyboard from twenty metres away (also a related video).

It takes some sophisticated equipment to do it, but with the right antennae and a bit of luck it seems you can detect the radio emissions coming from the wires that connect keyboards to computers and tell just what someone is typing.

Web addresses, usernames and passwords are all visible, as well as the content of letters, emails and Facebook updates.

These aren't wireless keyboards, which are clearly vulnerable to snooping, but the good old USB or PS/2 keyboards we all use every day.

And even though the kit you need isn't the sort of stuff that your average credit-card skimmer is going to have lying around their flat, it shows that there are many unexpected vulnerabilities to be discovered.

The researchers suspect that cheaper keyboards with poor shielding are to blame, so government departments and hospitals may have to find a better supplier if even more of our sensitive data is not to leak out.

This is a good example of how lack of foresight can lead to security problems when faster hardware catches up with the assumptions made by system designers, and it also lies behind the newly-emerged vulnerability that affects secure wireless networks.

Many encryption tools are susceptible to brute force attacks, for example, where a program simply tries all the possible keys until it finds the right one. The developers believe that this will take too long for it to be useful, ideally some significant proportion of the age of the observable universe.

However the latest version of a password recovery tool from Elcomsoft takes advantage of the astonishing processing power of the latest range of Nvidia graphics processing units (GPUs) to crack both WPA and WPA2 wireless security in a matter of hours or even minutes, rendering most commercial wireless networks open to attack.

Since it was a wireless vulnerability that allowed criminals to break into the corporate network of TK Maxx's parent company and steal details of forty-five million credit cards, this is a threat to be taken seriously.

A few years ago these problems would only have been reported in the computer trade press or in the technology sections of the more serious newspapers, where they were unlikely to bother the majority of network users.

Now they get more widespread attention and are often presented as marking an imminent internet apocalypse.

It is, of course, important that all net users appreciate the importance of protecting their computer and know how to avoid malicious websites, phishing scams and other attempts to subvert their online activities, but it can go too far.

Last week I gave a talk to a group of people in Blockley, Gloucestershire, where I was trying to persuade those who were somewhat skeptical about the usefulness of the Internet in their lives that the network has opened up new and incredibly beneficial opportunities for sharing, interaction and education.

It was one of the increasingly rare occasions when I can lower the average age of those present by entering the room, and I wanted to convince those present that it was worth spending time online.

There was a lot of concern over inappropriate content and how we ensure that children are kept safe, but I also had to field questions about the security of online banking and how to protect computers from viruses and other malware.

These concerns are reasonable, but not if they stop people going online or using the net to the full. The dangers that face us, both the ones we know about already and the ones being discovered by security researchers every day, are not a reason to stay offline, they are a reason to be cautious when going online.

When Nick Ross presented Crimewatch on BBC television he would conclude his litany of tales of crime, violence and disorder by exhorting viewers not to have nightmares.

Perhaps we need something similar to accompany the growing number of warnings over net fraud, wireless security and broken encryption. It may be bad out there, but it isn't quite broken.

By Bill Thompson, Journalist, Commentator and Technology Critic. More blog posts from Bill Thompson can also be read here.

Related topics: Malware, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Sponsored Topics

Afilias

DNS Security

Sponsored by
Afilias
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services
Port25

Email

Sponsored by
Port25
Verisign

Security

Sponsored by
Verisign