Weather | Traffic | Surf | Maps | Webcam


   
 
Forums Visitors Guide Shopping Classifieds Autos Homes Jobs Entertainment Sports Today's Paper Home

 News
 Metro | Latest News
 North County
 Temecula/Riverside
 Tijuana/Border
 California
 Nation
 Mexico
 World
 Obituaries
 Today's Paper
 AP Headlines
 Business
 Technology
 Biotech
 Markets
 In Depth
 In Iraq
 War on Terror
 Pension Crisis
 Special Reports
 Multimedia
 Photo Galleries
 Topics
 Politics
 Military
 Science
 Education
 Health | Fitness
 Features
 Solutions
 Travel
 Opinion
 Columnists
 Steve Breen
 Forums
 Weblogs
 Services
 Weather
 Traffic
 Surf Report
 Archives
 E-mail Newsletters
 Wireless | RSS
 Noticias en Enlace
 Internet Access
 Sponsored Links
More Technology news
Hackers mull physical attacks on a networked world


By Jordan Robertson
ASSOCIATED PRESS

5:04 p.m. August 8, 2008

LAS VEGAS – Want to break into the computer network in an ultra-secure building? Ship a hacked iPhone there to a nonexistent employee and hope the device sits in the mailroom, scanning for nearby wireless connections.

How about stealing someone's computer passwords? Forget trying to fool the person into downloading a malicious program that logs keystrokes. A tiny microphone hidden near the keyboard could do the same thing, since each keystroke emits slightly different sounds that can be used to reconstruct the words the target is typing.

Hackers at the DefCon conference here were demonstrating these and other novel techniques for infiltrating facilities Friday.

Their talks served as a reminder of the danger of physical attacks as a way to breach hard-to-crack computer networks. It's an area once defined by Dumpster diving and crude social-engineering ruses, like phony phone calls, that are probably easier to detect or avoid.

As technology gets cheaper and more powerful, from cell phones that act as personal computers to minuscule digital bugging devices, it's enabling a new wave of clever attacks that, if pulled off properly, can be as effective and less risky for thieves than traditional computer-intrusion tactics.

Consider Apple Inc.'s iPhone, a gadget whose processing horsepower and cellular and wireless Internet connections make it an ideal double agent.

Robert Graham and David Maynor, co-founders of Atlanta-based Errata Security, showed off an experiment in which they modified an iPhone and sent it to a client company that wanted to test the security of its internal wireless network.

Graham and Maynor programmed the phone to check in with their computers over the cellular network. Once inside the target company and connected, a program they had written scanned the wireless network for security holes.

They didn't find any, but the exercise demonstrated an inexpensive way to perform penetration testing and the danger of unexpected devices being used in attacks. If they had found an unsecured router in their canvassing, they likely would have been able to waltz inside the corporate network to steal data.

To keep the phone running, the researchers latched on an extended-life battery that lasts days on end. But they only really need a few minutes inside a building to test the network's security.

“It's like saying, once you get into Willy Wonka's Chocolate Factory, and you're in the garden where everything's edible, you have it all,” Graham said in an interview.

The attack won't work, of course, if a company's wireless network is properly secured. In that case, Graham and Maynor said there's likely no big loss: the package that had been sitting in the mailroom would probably be mailed back to them so they could try it again elsewhere.

Another talk focused on new twists to Cold War-era espionage tactics that could allow criminals to sidestep the locks on computer networks.

Eric Schmiedl, a lock-picking expert and undergraduate at the Massachusetts Institute of Technology, outlined several surveillance methods long used by government intelligence agents that have become more accessible to garden-variety criminals because of the falling price of the technologies.

For example, Schmiedl said even low-budget criminals now have a way to eavesdrop on conversations through a window. It involves bouncing a beam from a laser pointer off the glass and through a light sensor and audio amplifier.

If the people inside the room are close enough to the window, their conversation creates vibrations that the equipment can translate into a crude reconstruction of the conversation, Schmiedl said.

“We're burning the candle at both ends,” he said. “The technology is becoming easier and cheaper and anybody can do it. And at the same time there's more incentive now to do it. These are two trains on a collision course. The question is when they're going to collide.”

 Sponsored Links







Quicklinks
Restaurants Bars
Hotels Autos
Shopping Health
Eldercare Singles
Business Listings
Free Newsletters


Guides
Vegas Spas/Salon
Travel Weddings
Wine Old Town
Baja Catering
Casino Home Imp.
Golf SD North
Gaslamp

Contact SignOnSanDiego.com | Online Media Kit | Print Media Kit | Frequently Asked Questions | Make us your homepage
Contact the Union-Tribune | About the Union-Tribune | Site Index | Privacy & Copyright Policy | Your California Privacy Rights
© Copyright 1995-2008 Union-Tribune Publishing Co. • A Copley Newspaper Site