Home / Blogs

The Growing Security Concerns… Don’t Have Nightmares

Anyone concerned about the security of their computers and the data held on them might sleep a little uneasily tonight.

Over the past few weeks we’ve heard reports of serious vulnerabilities in wireless networking and chip and pin readers, and seen how web browsers could fall victim to ‘clickjacking’ and trick us into inadvertently visiting fake websites.

The longstanding fear that malicious software might start infecting our mobile phones was given a boost when the Information Security Center at US university Georgia Tech outlined how phone software could be hijacked to create ‘botnets’ and allow handsets to be remotely controlled.

And now a group of researchers at the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne in Switzerland have shown that you can read what is typed on a keyboard from twenty metres away (also a related video).

It takes some sophisticated equipment to do it, but with the right antennae and a bit of luck it seems you can detect the radio emissions coming from the wires that connect keyboards to computers and tell just what someone is typing.

Web addresses, usernames and passwords are all visible, as well as the content of letters, emails and Facebook updates.

These aren’t wireless keyboards, which are clearly vulnerable to snooping, but the good old USB or PS/2 keyboards we all use every day.

And even though the kit you need isn’t the sort of stuff that your average credit-card skimmer is going to have lying around their flat, it shows that there are many unexpected vulnerabilities to be discovered.

The researchers suspect that cheaper keyboards with poor shielding are to blame, so government departments and hospitals may have to find a better supplier if even more of our sensitive data is not to leak out.

This is a good example of how lack of foresight can lead to security problems when faster hardware catches up with the assumptions made by system designers, and it also lies behind the newly-emerged vulnerability that affects secure wireless networks.

Many encryption tools are susceptible to brute force attacks, for example, where a program simply tries all the possible keys until it finds the right one. The developers believe that this will take too long for it to be useful, ideally some significant proportion of the age of the observable universe.

However the latest version of a password recovery tool from Elcomsoft takes advantage of the astonishing processing power of the latest range of Nvidia graphics processing units (GPUs) to crack both WPA and WPA2 wireless security in a matter of hours or even minutes, rendering most commercial wireless networks open to attack.

Since it was a wireless vulnerability that allowed criminals to break into the corporate network of TK Maxx’s parent company and steal details of forty-five million credit cards, this is a threat to be taken seriously.

A few years ago these problems would only have been reported in the computer trade press or in the technology sections of the more serious newspapers, where they were unlikely to bother the majority of network users.

Now they get more widespread attention and are often presented as marking an imminent internet apocalypse.

It is, of course, important that all net users appreciate the importance of protecting their computer and know how to avoid malicious websites, phishing scams and other attempts to subvert their online activities, but it can go too far.

Last week I gave a talk to a group of people in Blockley, Gloucestershire, where I was trying to persuade those who were somewhat skeptical about the usefulness of the Internet in their lives that the network has opened up new and incredibly beneficial opportunities for sharing, interaction and education.

It was one of the increasingly rare occasions when I can lower the average age of those present by entering the room, and I wanted to convince those present that it was worth spending time online.

There was a lot of concern over inappropriate content and how we ensure that children are kept safe, but I also had to field questions about the security of online banking and how to protect computers from viruses and other malware.

These concerns are reasonable, but not if they stop people going online or using the net to the full. The dangers that face us, both the ones we know about already and the ones being discovered by security researchers every day, are not a reason to stay offline, they are a reason to be cautious when going online.

When Nick Ross presented Crimewatch on BBC television he would conclude his litany of tales of crime, violence and disorder by exhorting viewers not to have nightmares.

Perhaps we need something similar to accompany the growing number of warnings over net fraud, wireless security and broken encryption. It may be bad out there, but it isn’t quite broken.

By Bill Thompson, Journalist, Commentator and Technology Critic

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign


Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC