Jared Moya
August 8th, 2006, 11:02 PM
'JitterBugs' attached to a keyboard could be a new security threat
Researchers say that small devices called JitterBugs could piggyback onto network connections to discreetly send passwords and other sensitive data over the Internet.
Like the current keylogger hardware used by the FBI and criminals alike to record passwords and other data, JitterBugs are small devices that attach to a keyboard and record what users type. Unlike current keyloggers, which store the data to internal memory, JitterBugs do not have to be retrieved before captured data can be read.
Although no such device has been found in the wild yet, researchers have developed a working prototype, and they postulate that similar ideas may have already been used in unnoticed attacks.
In a paper titled "Keyboards and Covert Channels" (PDF format), University of Pennsylvania graduate students explain that the device could encode data in keystrokes by introducing an extra delay between when a key is pressed and when the keyboard tells the computer that the key has been pressed.
In applications such as Telnet and remote desktop, a packet is sent every time a user presses a key. By causing calculated "jitters" in keyboard input while such a program is running, a JitterBug could slightly delay data sent over the network. Certain amounts of delay could represent a one or a zero in each packet that is linked to keyboard use, allowing an attacker to send secret information in otherwise innocuous data without modifying software or initiating any new connections.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002280&source=rss_news10
http://www.djhobby.com/catalog/images/SHH40250.jpg
You know, is it just me or are these guys real idiotic assholes? I mean they're researcers who use our taxpayer money and time just to invent something that COULD potentially be used to spy on us unwitting saps and then have the bravado to publish it so that now every crook from Timbuktu to Kalamazoo now gets a great idea for his next caper and WE PAID FOR IT! It's so retarded. Do they research, but for heavens sake dont announce it to the world.
It's like after 9/11 when the newspapers would say "MAn we sure hope nobody bombs the chemical plant next to New Jersey beacuse, look there's no real security, the watchman takes a break at 10 o'clock so one could get in easy at that time, and if they bomb right here on this spot it will have the maximum impact and kill a million people." That idiotic nonsense always made me laugh. They should have just cut to the chase and mailed a copy of their newscast to Al-Qaeda.
Researchers say that small devices called JitterBugs could piggyback onto network connections to discreetly send passwords and other sensitive data over the Internet.
Like the current keylogger hardware used by the FBI and criminals alike to record passwords and other data, JitterBugs are small devices that attach to a keyboard and record what users type. Unlike current keyloggers, which store the data to internal memory, JitterBugs do not have to be retrieved before captured data can be read.
Although no such device has been found in the wild yet, researchers have developed a working prototype, and they postulate that similar ideas may have already been used in unnoticed attacks.
In a paper titled "Keyboards and Covert Channels" (PDF format), University of Pennsylvania graduate students explain that the device could encode data in keystrokes by introducing an extra delay between when a key is pressed and when the keyboard tells the computer that the key has been pressed.
In applications such as Telnet and remote desktop, a packet is sent every time a user presses a key. By causing calculated "jitters" in keyboard input while such a program is running, a JitterBug could slightly delay data sent over the network. Certain amounts of delay could represent a one or a zero in each packet that is linked to keyboard use, allowing an attacker to send secret information in otherwise innocuous data without modifying software or initiating any new connections.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002280&source=rss_news10
http://www.djhobby.com/catalog/images/SHH40250.jpg
You know, is it just me or are these guys real idiotic assholes? I mean they're researcers who use our taxpayer money and time just to invent something that COULD potentially be used to spy on us unwitting saps and then have the bravado to publish it so that now every crook from Timbuktu to Kalamazoo now gets a great idea for his next caper and WE PAID FOR IT! It's so retarded. Do they research, but for heavens sake dont announce it to the world.
It's like after 9/11 when the newspapers would say "MAn we sure hope nobody bombs the chemical plant next to New Jersey beacuse, look there's no real security, the watchman takes a break at 10 o'clock so one could get in easy at that time, and if they bomb right here on this spot it will have the maximum impact and kill a million people." That idiotic nonsense always made me laugh. They should have just cut to the chase and mailed a copy of their newscast to Al-Qaeda.