Feeds

Teapot backdoor probed by German telescope boffins

Spoons, spectacles, even eyeballs - all security risks

Top 5 reasons to deploy VMware with Tegile

Just when you (may have) thought it was safe to log back onto your computer and do something private, German security boffins have come up with a new vulnerability.

Being a security-aware type of person - and perhaps preferring a view - your monitor doubtless faces away from the window, meaning that evilly-inclined persons with telescopes can't see what you're up to. Right? Wrong. Well, wrong if there's a teapot (or indeed any other reflective object) on or near your desk, anyway.

Michael Backes, Markus Durmuth and Dominique Unruh of Saarland University and the Max Planck Institute for Software Systems in Saarbrucken have found that hats of an opposing colour can train their telescope through the window on the adjacent reflective object, and so read everything taking place on your screen. Spherical surfaces (like the typical teapot) are especially good, because of the wide field of view they offer.

The Teutonic brainboxes' paper is called Compromising Reflections, or How to Read LCD Monitors Around the Corner, and can be read in pdf here. In it, the trio say that they were able to read 12-point Word documents off a nearby reflector from ten metres distance using a $1500 telescope. Upgrading to a more expensive $27,500 job, they could pick the info off reflectors from 30m away, as though across a street.

Apart from tea fanciers, the other big security leaks are spectacle-wearers - though it's at least marginally possible to read info directly off a user's eyeballs, apparently.

Particularly good results were obtained from reflections in a user’s eyeglasses or a tea pot located on the desk next to the screen. Reflections that stem from the eye of the user also provide good results. However, eyes are harder to spy on at a distance because they are fast-moving objects and require high exposure times ... glasses constitute an ideal target for our attack due to their less extreme curvature.

Other possible reflectors included wine glasses, plastic coke bottles and a spoon lying next to the monitor.

Don't think you're safe if you clear all the reflecting objects off your desk, either. Backes, Durmuth and Unruh are now working on reading "diffuse reflections on the user’s clothes or on a nearby wall". ®

Intelligent flash storage arrays

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Shellshock over SMTP attacks mean you can now ignore your email
'But boss, the Internet Storm Centre says it's dangerous for me to reply to you'
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.