Tom Brennan wrote: >Thanks Timothy. I've been saying this for years but this might be >the first time I've heard a top IBMer say it.
Did I just get a promotion? :-) Jon Perryman wrote: >I hear that AI is getting good results using the microphone to get >keystrokes. Yes, it seems possible that if you capture a big enough keyboard sound sample you can figure out what the password/passphrase/PIN keystrokes are with enough precision. Combine the keyboard sounds with visual observations (visible light and infrared) to boost the accuracy. Higher security systems sometimes use virtual keyboards with letters/numbers that are randomly rearranged each time. Although there's no substitute for a genuinely separate second factor. ....Or you can just insert a physical keylogger in the keyboard itself. I recall reading somewhere that the KGB installed keyloggers in foreign embassies' electric typewriters. Maybe even the manual typewriters, too. They got to read everything the embassies typed, including all the drafts and mistakes. I recently saw a video showing how an attacker had glued his/her own PIN pad on top of a gas station pump's real PIN pad. It was tough to tell the pump had been "enhanced." Apparently the idea was to capture debit card PINs at the pump and/or Zip codes (as typical with credit card payments at gas pumps) so that the attacker could steal money from bank and credit card accounts. Possibly combined with video surveillance at the pump to capture the card details since chip and NFC card reads are at least tough to capture. Or perhaps the attacker just disabled the chip reader so that the cardholder would be "encouraged" to swipe instead. (Up to you, but I wouldn't swipe any cards nowadays.) ————— Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM zSystems/LinuxONE, Asia-Pacific sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
