Researchers Find New Ways to Spy on PCs

Data Theft Researchers have developed two new techniques-which seem ripped from the pages of spy novels-for stealing data from a computer.

Researchers at Saarland University in Saarbrucken, Germany, read computer screens from their tiny reflections on glasses, teapots and other objects. A team at the University of California, Santa Barbara, found a way to analyze a video of hands typing on a keyboard to guess what was being written.

Computer security research tends to focus on the software and hardware inside the PC, but this kind of "side-channel" research looks at the physical environment. Much of this work has been top secret. But side-channel hacking has been in the public eye too.

In fact, if you've seen the movie Sneakers, then the University of California's work will have a familiar ring. A minor plot point in this 1992 Robert Redford film about security geeks was the inspiration for its work. Redford's character tries to steal a password by watching video of his victim entering it into a computer. Redford's character never gets the password, but the UC researchers' ClearShot tool might have, says Marco Cova, a graduate student at the school.

ClearShot analyzes video of hand movements on a keyboard and transcribes them into text. The software, which uses a webcam, is accurate about 40 per cent of the time.

The Saarland University team trained telescopes on targets that might catch a computer monitor's reflection: teapots, glasses, bottles and spoons. They got some amazingly clear pictures. All it took was a $500 telescope trained on a reflective object in front of the monitor. Michael Backes, a professor at Saarland's computer science department, says he's already demoed his work for a government agency, one that he declined to name. "It was convincing to these people," he says.

The Saarland researchers are working out new image-analysis algorithms and are training astronomical cameras on their subjects in hopes of getting better images from even more difficult surfaces, such as the human eye.

-Robert McMillan

Operation Broadband U.S.A.

A group including FCC member Jonathan Adelstein as well as several high-profile technology executives and industry advocates have launched an initiative to make broadband access a national priority.

Called InternetforEveryone.org, the initiative aims to foster public dialogue on how to set a national broadband policy. Industry luminaries supporting the effort include Stanford University law professor Larry Lessig and Google Chief Technology Evangelist Vint Cerf, one of TCP/IP's developers.

Broadband advocates have complained that the US government has not made widespread broadband adoption a priority and, according to the Information Technology and Innovation Foundation, lags behind several nations in purchasing broadband access.

Adelstein says a lack of a national policy directly contributes to its citizens trailing other countries in the adoption of broadband and potentially in other social, educational and economic endeavors. "The [US] government has had a policy of benign neglect, and we're falling faster and faster behind," he says.

Lessig, an outspoken critic of government Internet policies, says lawmakers have allowed a "Neanderthal policy" to govern access to broadband for the past eight years. While he says the private business sector has a central role in ensuring that people have access to broadband, the Internet touches so many parts of American life that the government can no longer take a backseat to creating policy that fosters adoption among its citizens. Some of the key problems surrounding giving everyone in the U.S. access to broadband are the price and lack of access in rural areas.

-Elizabeth Montalbano