From the university of Michigan, university of Pennsylvania, tel aviv university in Israel, and several researchers from Columbia University last week published a research report, points out that the hacker can borrow the built-in microphone by video camera or screen, or have inventory in the video conference speech record “heard” in the user content on the screen, belongs to the new kind of bypass vulnerability.
A hacker could use a microphone to record the sound produced by a computer screen to predict its contents, the researchers said. The sounds of a computer screen are generated by the noise of a power source controlling the current. These sounds vary according to the amount of electricity required to depict the visual content of the screen. The human ear hardly hears these sounds, but ordinary microphones can detect and record them.
These sounds can be transmitted through programs like Skype or Hangouts. They can be recorded by voice-activated speakers or cell phones. Hackers with a specific purpose can even capture them remotely with parabolic microphones. Researchers showed a variety of attack scenarios, including can real-time detect the text on the screen, or user by using the virtual keyboard input text, real-time analysis when receiving audio, video meeting to determine each other whether is watching the screen or video conference is in other web site, even can judge each other which is shown on the screen of the website.
According to the researchers, this information leakage is based on the visual representation mechanism of computer screens. They tested dozens of LCD screens from Dell, Samsung, HP, ViewSonic, Philips, Soyo and Apple, made as far back as 2003 or as recently as 2017, and found the same leaks on all models, old and new.
By analyzing the spectrum of sound on these screens, a fingerprint can be established to identify what was on the screen at the time.
In the researchers’ experiments, they respectively with high-order microphone and mobile phone is responsible for the record sound, found a way to use the former collected from the predictive list of words will always contain the correct words, accuracy was 100%, and the cell phone record voice even if is not clear, there are also the accuracy of 98%, if it is used to infer 97 fingerprints of the website, The accuracy was 97.09% and 91.2%, respectively.
To prevent this kind of attack from the hardware and software can be done, on hardware can eliminate these signals, making more noise, or covering these signals, but is not easy to implement, software ease now is a more appropriate approach, mainly change the actual content on the screen in order to create consistent audio or fool to hackers.
The article was transferred from: Home of lottery Ticket APP http://jumbotex.com.tw/