[Cryptography] More speculation on cryptographic breakthroughs.

Ray Dillinger bear at sonic.net
Fri Apr 29 20:04:38 EDT 2016 


http://www.computerworld.com/article/3058020/security/hackers-only-need-your-phone-number-to-eavesdrop-on-calls-read-texts-track-you.html

So, I'm sure this is no news to anyone here, but it's recently
been demo'd (again) that if you have somebody's phone number
you can go through the telco's billing systems to track and
eavesdrop on them.

And we already know that mobile phones can be used as passive
microphones/cameras without their owners' knowledge or consent.

So it leads me to wonder how many surveillance targets sit down
with their cell phone in their pocket and type passphrases to
decrypt things.  In fact, many might speak or whisper the
passphrase out loud as they're typing it, but that's not necessary
for this to work.

Give me a decent recording of a keyboard in use for a few minutes,
then let somebody type a passphrase on that keyboard and I bet I
can take the sound of that typing and tell you what it is.  Give
me decent recordings of a few thousand keyboards in use for a few
minutes each, and I bet I don't even have to get a baseline for
the exact keyboard in use first.

But remember, this crypto breakthrough is supposedly working in
favor of an organization known to like collecting "big data".

So give me audio recordings of millions of people using their
computers every day, and I'm betting it wouldn't take more than
a few afternoons to train a machine learning system that recognizes
which bits of the recordings are people entering their passwords
and stores the audio in a giant database.

The "major crypto breakthrough" that we keep hearing about, may
be just a giant database of audio recordings of people typing
passwords.  Everybody's passwords.  From terrorists to truckers
and from robbers to ranchers. It would explain most of the
claimed effects.

				Bear


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160429/136b58cd/attachment.sig>

More information about the cryptography mailing list