Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Michael R. Farnum

Hitting the Security Nerve

Hacking by sound

TAGS:hacking, sounds
IT TOPICS:Personal Technology, Security

We have all heard the Nokia ring, right? That ever so recognizable tune that comes out of Nokia phones? The one where you instantly know someone has a Nokia phone (and you instantly want to find the phone and throw it in the nearest lake). Well, turns out that you should pay attention to those sounds when they are coming from electronic devices.

Here's what I mean. Russell Handorf wrote a great post about gathering information on what is going on around you electronically by just using your ears. He asks the question "What does a hacker hear?", and he explained it this way:

This question occurred to me while at a security conference when I heard a Microsoft Windows handheld device activate ActiveSync. I looked over and noticed that there was no tether in use, and speculated that the sync process must be occurring via Bluetooth. I quickly started a tool called hcidump and was astonished to watch the Bluetooth communication whiz by on the screen. I was astonished not because I was sniffing a Bluetooth communication, but in what triggered my curiosity: the sound of ActiveSync starting.

He started listening to other sounds going on around him and began to pick up clues on what devices, programs, and even operating systems the people around him were using. Windows machines put out distinctive sounds. So do some Linux OS's. By listening, a hacker can determine what exploits he might use against you.

Of course, this is all about risk. What are the chances this will ever be used against you? Well, hopefully you have your machine patched and secured. And because of the typical attack avenues used today (applications to be precise) because machines have become increasingly secure, I say the risk is a low-medium. But the chances that someone in a Starbucks has a more vulnerable machine than the attendees at a security conference should be high (should be, anyway). So the risk is likely higher at your local coffee shop that someone might be vulnerable.

So that prompts Handorf to ask if it is "worthwhile to present disinformation by intentionally using other devices startup sounds". From an OS perspective, I would say probably not. But with the security issues that come with Bluetooth, I think it would at least be advisable to mute your sounds. I've never heard of an attack happening from this angle, but that doesn't mean it has not been done or won't be done.

Email this

Digg this

iPhone hacking will have a negative effect enterprise sales

Unlock/jailbreak new iPhone 3G software with #blackra1n app

Latest threat vector: Our mobile devices

iPhone 3Gs jailbreak jeopardy: Apple pwns Dev-Team's 24kpwn

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

Get Mobile-phone Access to Your BMC Remedy Applications
Download this new White Paper today!

Top to Bottom Performance Management Excellence at the City of Chicago
View now.

IT Best Practices: To Support or Not Support Consumer Owned Smartphones
Better understand the challenges, resolutions and best practices for managing a multi-Smartphone environment.

Effectively Implementing Datacenter Automation
Effectively select and deploy the best datacenter automation solution today!

Forrester Consulting - Optimizing Users and Applications in a Mobile World
Learn how to successfully deploy a WAN optimization solution that is specifically tuned for a mobile environment!

Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.

All White Papers | All Webcasts