Hollywood Data Theft Techniques Made Real

By Matthew Harwood

Two research teams have devised two Hollywood-esque techniques to steal data from computer users, according to

In two separate pieces of research, teams at the University of California, Santa Barbara, [UCSB] and Saarland University in Saarbrucken, Germany, describe attacks that seem ripped from the pages of spy novels. In Saarbrucken, the researchers have read computer screens from their tiny reflections on everyday objects such as glasses, teapots and even the human eye. The Santa Barbara team has worked out a way to analyze a video of hands typing on a keyboard in order to guess what was being written.

The idea for the University of California team's research actually came from the 1992 movie, Sneakers, which starred Robert Redford. In the movie, Redford's character tries to steal a password by watching someone type it out. The trick fails in the movie but UCSB's team has had limited success so far with its software program, called Clear Shot.

Clear Shot can analyze video of hand movements on a computer keyboard and transcribe them into text. It's far from perfect -- [graduate student Marco] Cova says the software is accurate about 40% of the time -- but it's good enough for someone to get the gist of what was being typed.

The software also suggests alternative words that may have been typed, and more often than not, the real word is in the top five suggestions provided by Clear Shot ...

While UCSB's team uses a normal webcam to spy a person's typing strokes, the German research team has utilized telescopes to catch the reflection of computer screens off objects as varied as teapots, walls, bottles, and even the human eye.

Distance and the telescope's quality determined the quality of the images recorded. A $500 telescope could capture clear images of 12-point font from a teapot from 16 feet away. Upgrade the quality of the telescope to a Dobson for $27,500 and someone could snatch clear images from as far away as 100 feet.

Despite the extraordinary nature of this snooping technique, said Michael Backes, a professor at Saarland's computer science department, there is a low-cost way to stymie such invasions of privacy: "Closing your curtains is maybe the best thing you can do."


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.