Vulnerabilities / Threats

Turning Sound Into Keystrokes: Skype & Type

100%
0%

BLACK HAT USA 2017 -- Be careful what you type during a Skype call. The callers on the other end could know what you're writing. Researcher Daniele Lain visits the Dark Reading News Desk to explain how the Skype & Type proof-of-concept turns sounds into keystrokes, and how it is a step up on previous attacks that use acoustic emanations.

Watch the entire two-day News Desk show and all 45 interviews at DarkReading.com/DRNewsDesk.

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for more info and to register.

Comment  | 
Print  | 
Comments
Threaded  |  Newest First  |  Oldest First
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/27/2017 | 9:37:56 AM
Laser keyboards
Brookstone sells a nifty device that projects a "laser" keyboard onto your desk/whatever surface, and then picks up on your "keystrokes" from there. I wonder to what extent this would help.
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12735
PUBLISHED: 2018-06-25
SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI.
CVE-2017-9312
PUBLISHED: 2018-06-25
Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately.
CVE-2018-10956
PUBLISHED: 2018-06-25
IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal.
CVE-2018-11039
PUBLISHED: 2018-06-25
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vuln...
CVE-2018-11040
PUBLISHED: 2018-06-25
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser request...