Keyboard eavesdropping
Funny thing. A technique for eavesdropping keyboards based on the sound they produce has been published:
Each key on computer keyboards, telephones and even ATM machines makes a unique sound as each key is depressed and released, according to a paper entitled “Keyboard Acoustic Emanations” presented Monday by IBM research scientist Dmitri Asonov. All that is needed is about $200 worth of microphones and sound processing and PC neural networking software. Today’s keyboard, telephone keypads, ATM machines and even door locks have a rubber membrane underneath the keys. “This membrane acts like a drum, and each key hits the drum in a different location and produces a unique frequency or sound that the neural networking software can decipher,” said Asonov.
Adi Shamir’s three laws of security
Computerworld informs about the on-line availability of the lectures given by Rivest, Shamir and Adleman when they received the 2002 ACM Turing Award.
I want to highlight Shamir’s three laws of security:
- Absolutely secure systems do not exist
- To halve your vulnerability, you have to double your expenditure
- Cryptography is typically bypassed, not penetrated
The first two points show the importance of effective risk assessment while the third one emphasizes the fact that implementation flaws (opposed to algorithm design flaws) are usually the reason why systems using cryptography are subject to security breaches.