The Growing Threat of Side-Channel Attacks  No, this is not about the brown field mouse you saw in the garage yesterday. We are talking about the high-end laser mouse, common in the gaming world. Iain Thomson (The Register) reported on a study from UC Irvine, entitled “Invisible Ears at Your Fingertips,” which demonstrates how a modern optical mouse can be exploited to capture human speech. On some surfaces, our voices create vibrations that a supersensitive mouse interprets as movement. Operating systems store such movement data routinely, and it isn’t particularly secure. The researchers found that bad actors could manipulate most operating systems (MacOS included) to capture such data using basic malware, run it through a few sophisticated filters (with artificial intelligence), and eventually discern spoken words. While still imperfect, the concept is sound – literally. See (and hear) for yourself in this demo video produced by the researchers: And it isn’t just voices. Footsteps, coughs, and whatever the person in the room happens to be watching on their phone or computer, can be detected. Keystrokes are especially noteworthy – each one emits a slightly different sound. This kind of attack could be used to detect what someone is typing. (For the time being, we can only wonder why it was deemed necessary to give keystrokes unique audio signatures in the first place.) As Malwarebytes notes, such hacks are classic examples of side-channel attacks, which steal secrets “not by breaking into software, but by observing physical clues that devices give off during normal use.” Because such information is just a natural byproduct rather than an anomaly, no alarms are set to go off. After all, you don't prepare defenses for attacks you can't imagine in the first place. The good news is that the UC Irvine researchers have informed 26 manufacturers of vulnerable mouse models about their findings. We take more comfort in that approach than Vice’s tongue-in-cheek recommendation: “To hell with those people who told you to buy a gaming mouse.” But the whole thing leaves us – once again – shaking our heads while wondering aloud, “AI can do that?!” Because if it can, then before long, the sky’s the limit. We need robust policy to keep this burgeoning technology firmly grounded in the public interest. Otherwise, this technology is the Tower of Babel in reverse – making varied human communications too comprehensible. Comments are closed.
|
Categories
All
|
RSS Feed