Black Hat set to expose new attacks

Conference briefings show how to compromise SSL, steal keyboard activity from power lines

The Black Hat conference unfolds in Las Vegas next week with an agenda set to expose exploits as varied as tapping power outlets to capture keyboard signals and closing up holes in the use of the secure protocol that protects online bank transactions.

Black Hat's most notorious incidents
Black Hat 'supertalk' halted due to vendor concerns

Other briefings will consider the uses of lasers and analysis software to figure out what's being typed on laptops and detecting what damage has been done via attacks that leave no trace on computer hard drives.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The Black Hat conference unfolds in Las Vegas next week with an agenda set to expose exploits as varied as tapping power outlets to capture keyboard signals and closing up holes in the use of the secure protocol that protects online bank transactions.

Black Hat's most notorious incidents
Black Hat 'supertalk' halted due to vendor concerns

Other briefings will consider the uses of lasers and analysis software to figure out what's being typed on laptops and detecting what damage has been done via attacks that leave no trace on computer hard drives.

Black Hat USA 2009, considered a premier venue for publicizing new exploits with an eye toward neutralizing them, is expected to draw thousands to hear presentations from academics, vendors and private crackers.

For instance, one talk will demonstrate that if attackers can plug into an electrical socket near a computer or draw a bead on it with a laser they can steal whatever is being typed in. How to execute this attack will be demonstrated by Andrea Barisani and Daniele Bianco, a pair of researchers for network security consultancy Inverse Path.

Attackers grab keyboard signals that are generated by hitting keys. Because the data wire within the keyboard cable is unshielded, the signals leak into the ground wire in the cable, and from there into the ground wire of the electrical system feeding the computer. Bit streams generated by the keyboards that indicate what keys have been struck create voltage fluctuations in the grounds, they say.

Attackers extend the ground of a nearby power socket and attach to it two probes separated by a resistor. The voltage difference and the fluctuations in that difference – the keyboard signals – are captured from both ends of the resistor and converted to letters.

This method would not work if the computer were unplugged from the wall, such as a laptop running on its battery. A second attack can prove effective in this case, Bianco's and Barisani's paper says.

Attackers point a cheap laser at a shiny part of a laptop or even an object on the table with the laptop. A receiver is aligned to capture the reflected light beam and the modulations that are caused by the vibrations resulting from striking the keys.

Analyzing the sequences of individual keys that are struck and the spacing between words, the attacker can figure out what message has been typed. Knowing what language is being typed is a big help, they say.

Another presentation will show how confidential online connections such as banking transactions made from public wireless hotspots remain vulnerable to attacks despite improved security that was supposed to fix the problem.

The vulnerability means that attackers can lurk in the middle of what victims think are secure SSL sessions with banks, retailers and other secure Web sites, picking off passwords and other information that can be used later to steal account funds or compromise confidential business data, say the researchers, Mike Zusman, a consultant with Intrepidus, and Alexander Sotirov, an independent researcher.