'JitterBugs' attached to a keyboard could be a new security threat
Researchers say that small devices called JitterBugs could piggyback onto network connections to discreetly send passwords and other sensitive data over the Internet.
Like the current keylogger hardware used by the FBI and criminals alike to record passwords and other data, JitterBugs are small devices that attach to a keyboard and record what users type. Unlike current keyloggers, which store the data to internal memory, JitterBugs do not have to be retrieved before captured data can be read.
Although no such device has been found in the wild yet, researchers have developed a working prototype, and they postulate that similar ideas may have already been used in unnoticed attacks.
In a paper titled "Keyboards and Covert Channels" (PDF format), University of Pennsylvania graduate students explain that the device could encode data in keystrokes by introducing an extra delay between when a key is pressed and when the keyboard tells the computer that the key has been pressed.
In applications such as Telnet and remote desktop, a packet is sent every time a user presses a key. By causing calculated "jitters" in keyboard input while such a program is running, a JitterBug could slightly delay data sent over the network. Certain amounts of delay could represent a one or a zero in each packet that is linked to keyboard use, allowing an attacker to send secret information in otherwise innocuous data without modifying software or initiating any new connections.
http://www.computerworld.com/action/...rce=rss_news10
You know, is it just me or are these guys real idiotic assholes? I mean they're researcers who use our taxpayer money and time just to invent something that COULD potentially be used to spy on us unwitting saps and then have the bravado to publish it so that now every crook from Timbuktu to Kalamazoo now gets a great idea for his next caper and WE PAID FOR IT! It's so retarded. Do they research, but for heavens sake dont announce it to the world.
It's like after 9/11 when the newspapers would say "MAn we sure hope nobody bombs the chemical plant next to New Jersey beacuse, look there's no real security, the watchman takes a break at 10 o'clock so one could get in easy at that time, and if they bomb right here on this spot it will have the maximum impact and kill a million people." That idiotic nonsense always made me laugh. They should have just cut to the chase and mailed a copy of their newscast to Al-Qaeda.
Just what we need, more spyware...except in hardware form. I can imagine the housewives and/or husbands that would love to know what their significant others are up to online.
-----------®N®----------
あなたをファック
How do these decode all the random text? I mean your password could be for instance "rn543i32d" but you could type the likes of this by messing with the keyboard. Surely anybody's typing on a keyboard could be completely and utterly random?
f435y4g5y5rhdfrhy66y43234r6y6435rn543i32v5y5yh54u6 y34t34tg332f23r445352423142146545645tvbferfw4tr
*
Hard to see so what do they do to find it, isn't it like a needle in a haystack? Or are there timers so the text could be like...
*
f435y4g5y5rh dfrhy66y4323 4r6y6435 rn543i32d v5y5yh54u6y34t34tg 332f23 r4453524231421465 45645tvbferfw4tr
^ It's logical really. If you examine a key log and you see the line "www.hotmail.com" you know the next two words after the URL are the user and pass.
I suggested using a keylogger to my friend who had suspicions about his wife of two months, he managed to get into her hotmail account and uncovered an affair dating back the best part of a year. They're now seperated. Harsh, but at least he knows now.
Good point. Although if the person typed out an email afterwards it would make it easy to identify because the password would be just before the "hey how are you, etc, but that that still wouldn't help much unless you knew they're user name too.
It's just about looking for clues in the text I guess.
Yhis is very bad. If my keybaord could tell on me, I'd be in some deep shit. In two states!!
Alot of keyloggers will register the program window in which the typing occured or even the webpage and it can email it to any emailaccount you want. They are very well designed and very easy to find the information you are looking for.
Anyone upset or offended by my post please follow the link and let your opinions be known.
http://www.zeropaid.com/bbs/showthread.php?t=55492
Posting Permissions
Reply With Quote
Originally Posted by thepuzzler
Bookmarks