maemo.org - Talk
Page 3 of 3 12 3
Show 40 post(s) from this thread on one page

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Off Topic (https://talk.maemo.org/forumdisplay.php?f=19)
-   -   nothing is safe .... (https://talk.maemo.org/showthread.php?t=30263)

sjgadsby 2009-07-15 16:44
Re: nothing is safe ....
 
Quote:
Originally Posted by Benson (Post 304583)
...for many scenarios rubber-hose cryptanalysis is easier than any password sniffing...
There's no need for that sort of...unpleasantness.

Benson 2009-07-16 11:29
Re: nothing is safe ....
 
Quote:
Originally Posted by deeteroderdas (Post 304591)
Sorry, still don't get it. If I install an On Screen Keyboard, and click the characters with a mouse, AT or PS/2, how are those characters getting transmitted across the serial link?
They aren't, at least not directly; the mouse movements are. But since the computer can translate the data coming over the mouse line into characters, the only question is: what state information is your computer using to make that translation that the attacker doesn't have, and how hard is it for them to guess?

Initial cursor position, but that's controlled once the user has made a move long enough to bump one edge of the screen. Screen resolution, as mentioned, matters, but in practice can be reduced to a short list instead of all possible dimensions. I guess acceleration could mess things up, if you use it, but odds are trying various minimum and maximum settings from different desktops would get it. So you've got absolute positions of all clicks. (How to know when you've got these accurate? Analyze patterns; for example, the Windows taskbar is normally at the bottom of the screen, and you should see some activity there if you've got the height right. Compare ones that bounced off the bottom limit to ones coming directly from the top limit; they should match up. In general, look for clustered clicks coming from the top, and corresponding clusters from the bottom, and similarly left and right.)

Now to convert the click-list to keypresses, the entire code of the OSK in use is involved, but given only a handful of these in common use, you can assume they have that, and just need to guess which one is running. Location on-screen, and (if configurable) key pitch? You can estimate these from a bunch of click data, and the results will help confirm the OSK & layout; frequency analysis of the proposed keys will allow you to distinguish geometrically similar layouts (e.g. QWERTY vs. Dvorak). Now you should be able to translate large periods of of the click-list into text, some of which should be identifiable natural language; at this point, you know you've got everything right; start looking for passwords or whatever sensitive info was desired.

deeteroderdas 2009-07-16 12:03
Re: nothing is safe ....
 
Benson,

Thanks for the explanation!


All times are GMT. The time now is 02:45.
Page 3 of 3 12 3
Show 40 post(s) from this thread on one page

vBulletin® Version 3.8.8