Is this "our screens have poor viewing angles, so we're going to make them worse and call it a feature?"
You can hack a PC just by looking at it, say 3M and HP
Top security minds at HP have discovered that if you look at a PC, you can read what's on its screen. And if you're not the intended reader of that screen, it constitutes “visual hacking”, a terrifying menace that Must Be Stopped. The good news is it Can Be Stopped With This One Amazing Sheet Of Plastic, aka a 3M “Privacy …
COMMENTS
-
-
-
-
Thursday 15th October 2015 16:06 GMT Anonymous Coward
Re: This is far cheaper...
"True, but that's harder to take with you when you're travelling and I expect it's only going to take someone wearing polarised sunglasses to undo your security.."
I plan to start a Kickstarter for a mobile phone secure screen that consists of two sheets of polarising material glued together with the polarisations 90 degrees apart. I've just tested it and it seems to work admirably.
-
-
-
-
Thursday 15th October 2015 07:55 GMT saif
Firewall
And unencrypted verbal communications can be easily intercepted by any one in the same room. Ultimately what is required is a firewall at the universal ports not just at the the digital to analogue transformation layer...the interface between man and machine. We need the firewall between man and man. Speaking gibberish or Welsh might do it.
-
-
Thursday 15th October 2015 08:24 GMT Alien8n
Re: Firewall
My father in law used to work at NatWest and they had an issue with their Swansea branch many years ago, so they sent one of their head honchos over to sort the branch out. Every time he walked into a room the staff would switch from English to Welsh so he couldn't understand what they were talking about. Imagine their horror when on the final day he says goodbye to them in fluent Welsh. Turned out that despite no longer having the accent he was Welsh as well...
-
Thursday 15th October 2015 12:54 GMT TitterYeNot
Re: Firewall
"And unencrypted verbal communications can be easily intercepted by any one in the same room"
This is known in the black-hat trade as aural hacking.
Definitely not to be confused with oral hacking, which is something else entirely (and may or may not involve someone wearing a poorly fitted dental brace.)
-
-
-
Thursday 15th October 2015 08:28 GMT Warm Braw
As an alternative
You could get out your knitting needles,
-
Thursday 15th October 2015 08:32 GMT Alister
the unintended consequence of making it harder to gather around a PC to check out that really funny new thing on YouTube.
...and the further unintended consequence that the number of internal emails suddenly rises, as people send each other the link to the new You Tube Funny, instead of gathering round one notebook...
-
Thursday 15th October 2015 08:50 GMT Alien8n
One company I worked at one of the senior managers came in complaining that his laptop was really slow. A quick search for all emails with attachments confirmed the issue was the thousands of emails containing videos and pictures. Including a rather inordinate amount of porn that was being emailed to him by one of the machine operators. We hit delete and told him not to be so stupid again or he'd be losing his redundancy pay (the only reason they weren't reported to HR was the fact that both he and the operator were leaving 2 months later on redundancy and the redundancy pay was in the 4 to 5 figure range). Same company had another user who we didn't report for downloading music and movies from file sharing sites. Turned out the IT manager had his download folder set up as a network share to save him from downloading the same files...
-
Thursday 15th October 2015 13:01 GMT Michael Strorm
Please... won't someone think of Corbis?
Don't they realise that this would decimate stock image libraries' investment in office types crowding round a corporate laptop?
(Fact: Such images constitute approximately 47% of all stock photos in existence. Another 35% consists of groups of socialising woman apparently laughing at something highly amusing one of them has just said, while showing off their perfect white teeth and- in a very odd coincidence- none of them happen to have their eyes shut nor have been caught in an awkward-looking mid-expression change, like always happens when anyone normal tries taking such a photo).
-
-
Thursday 15th October 2015 08:32 GMT xeroks
virtual monitors
A more effective solution might be the use of an occulus/hololens type device to present the data to a single user.
I don't believe anything out there is capable enough as a monitor replacement, but I wonder if HP have any devices like this in the pipeline. This might be the first step in a bigger marketing campaign.
Or a cheap trick to make a quick buck.
-
-
Saturday 17th October 2015 04:07 GMT Cryo
Re: virtual monitors
"Not yet, but they are improving. There are Oculus prototypes that are full 1080p, plus for business purposes you don't need stereoscopy; a single screen, even a Cardboard solution with a sufficiently-high-res smartphone will suffice."
The VR headsets like the Oculus Rift, HTC Vive, and other upcoming models that have been getting attention lately probably wouldn't be great as monitor replacements for at least the near future, simply because they're designed more for spreading their resolution out over a wide field of view. You don't need a 100+ degree viewing angle for a virtual monitor, so under that usage scenario, much of their resolution would be wasted. For a privacy-minded head-mounted display that isn't concerned with putting people in immersive 3D environments, a much narrower field of view with pixels more tightly packed together would probably be ideal.
And even if you're not sending different images to each eye, you'll still need a separate display for each eye (or half of a larger display dedicated to each eye) since optics aren't going to let you view the entirety of a screen right in front of your face with both eyes at once. And again, the design of these headsets that use a single smartphone screen divided in two are more suited to providing a wide field of view than they are a sharp central resolution. And of course, you probably won't want to be using a bulky solution with a screen much larger than you need for any considerable length of time.
For "business purposes" you would be better off with a headset that makes use of two much-smaller screens that could be optimally positioned in front of each eye. And if you plan to use the thing in a public place, you'll probably prefer an augmented reality solution to something designed for virtual reality. What good is the security gained from using the headset if you're getting pickpocketted in the process?
I agree that the tech is improving though, and within a few years or so, there may be AR headsets that are not much bulkier than a pair of glasses, that can provide dual-screen output suitable as a proper monitor replacement.
-
Saturday 17th October 2015 08:12 GMT Anonymous Coward
Re: virtual monitors
"And even if you're not sending different images to each eye, you'll still need a separate display for each eye (or half of a larger display dedicated to each eye) since optics aren't going to let you view the entirety of a screen right in front of your face with both eyes at once."
True. That's why Cardboard positions the phone several inches in front of you, thus putting it within the view of both eyes (either directly or by half-silver optics). It's also IIRC less disorienting than a dual-screen solution since you can have screen mismatch as well as the extremely close-up focus that can strain eyes.
-
-
Thursday 15th October 2015 15:56 GMT BlindProgrammer
Re: virtual monitors
I have the solution. As a totally blind programmer I don't even have a monitor. Nobody can hear my screen-reader through my headphones. If everybody else did the same for security's sake maybe somebody would give me a job on the back of my 25 years experience and not care about my blindness
-
-
-
Thursday 15th October 2015 12:33 GMT Kubla Cant
Would be useful if they integrated this into screens, allowed sections of it to be turned on and off by software and then turned it on over password fields only.
Useful, but only when you're logging in to a system that displays the password characters. If you're still using something like that then people spying on your screen is probably the least of your problems. I'd guess that the last such system became obsolete in 1980.
-
-
Thursday 15th October 2015 16:06 GMT Anonymous Coward
Re: "Or "mal-looking" as it may one day come to be known"
Hacking is entirely the wrong description of the problem - hence the ridicule.But nevertheless a real problem and if we can come up with a better solution than a grotty piece of scratched plastic that we slide over our svelte laptop screens, so much the better.
-
-
Thursday 15th October 2015 12:15 GMT Your alien overlord - fear me
I brought one of these years ago, fitted it to my laptop and removed it in under a day. The requirement to look at the screen 'at just the right angle' was a right PITA.
How many times have people be called over to crowd around a desk monitor to look at the latest funny cat video. That'll have to stop now and productivity may increase - shock horror.
-
Thursday 15th October 2015 12:21 GMT Robert McCracken
Not surprising.
Firstly how cute that they are Imarketing something that has been around for decades.
Secondly, hack just by looking, I can believe that as apparently users can break computers just by looking at them. " I didn't do touch anything" , " I don't know how that software got installed" and my favourite " no I didn't spill any coffee on the keyboard" as I pure a cup of latte out of it.
-
Thursday 15th October 2015 12:49 GMT Swiss Anton
Not secure enough for me
OMG! I need to tell my boss. We often have to look at sensitive data. However I don't think that a viewing filter is good enough. I mean, what if someone shoulder surfs me. No, I think the only thing that will work is a VR headset. (BTW, can anyone recommend a good 3d game?)
-
Thursday 15th October 2015 12:50 GMT Eclectic Man
Has anyone considered ..
... working in a secure environment? Like, umm, maybe a dedicated building with workspace facilities including a desk, chair, and maybe one of theose strange wire conneciton things for power and the interpleb?
It needs a name so I'll call it "an Office".
On second thoughts it will never fly. Why would anyone want to spend time in a comfortable, air-conditioned environment with their colleagues when they could be sitting in a railway station waiting room balancing a scalding hot coffe on one knee, a mobile on their shoulder and a laptop on the other knee?
-
-
Monday 19th October 2015 18:04 GMT Michael Wojcik
Re: Good lord ...
To be fair, 3M and HP have known about shoulder-surfing as long as all of those things have existed. This is just a case of some marketer deciding to try to turn a long-existing niche product into a USP.
The news here is just this latest bit of marketing desperation, and the coinage1 of the term "visual hacking".
The article really doesn't convey how far this particular bit of nonsense has been taken. It's a bit embarrassing, if you're in IT security, just by association.
1Or, more likely, attempt at popularization - though the Google Ngram Viewer didn't find any historical use of the phrase, thank goodness.
-
-
Thursday 15th October 2015 14:15 GMT Stevie
Bah!
You know, when Dell and HP and Compaq and IBM and Apple were announcing their push to make LCD screens more easily readable at wide angles I remember saying that it was a mistake.
I must ask Alannis Morriset if this "spend bajillions on wide screen research, then fit an aftermarket screen field of view filter" is ironic or not.
-
Monday 19th October 2015 18:11 GMT Michael Wojcik
Re: Bah!
Sigh.
Irony, one of the four "master tropes" and arguably the root trope par excellence, simply means any situation in which an expectation is violated - even if that expectation is naive, and even if the audience expects it to be violated.1
Thus, yes, the situation with competing wide-viewing-angle and narrow-viewing-angle screens as USPs is ironic. And so are all the situations Alanis Morissette describes in her well-known and incorrectly-criticized song.
1That's not as paradoxical as it sounds. In "dramatic irony", for example, the audience is aware of some condition which a character is not; thus the character has an expectation that the audience knows is incorrect. Irony describes any skew between a narrative state and the world it purports to describe. (That's why it can be considered the root trope: all tropes are "turnings" from literal meaning to figurative, and any such turn necessarily represents some divergence from the most probable meaning, which is the literal one.)
-
-
Thursday 15th October 2015 15:39 GMT Anonymous Coward
Polarizing filters
Is it possible to design a paired polarizing filter for a screen and for glasses, so that only someone wearing the glasses can see the screen? That would be worthwhile for those who have truly confidential data, like a CEO who is forced to fly first class instead of private jet, and wants to open his laptop and get some work done.
Wouldn't want that Wall Street trader in the row behind him to see his email titled "final proposal for EMC buyout" (if I were him, I'd snap a picture of his screen if possible, so when the SEC asks why you bought a 50,000 call option contracts on EMC the day before the day was announced you can prove it was not insider trading but merely being in the right place at the right time)
-
Thursday 15th October 2015 16:59 GMT Stuart Dole
Costco...
I was in Costco (USA - California) last week and stopped at the "Wireless" kiosk to ask about phone upgrades. The tech guy went to his computer to lookup my account - indeed, the screen had that kind of shield, but you could see it OK if you were close enough to be on-axis - easy to do in the retail store the way they had the PC set up - the monitor faced the aisle.
But then during his logon process, he turned the monitor OFF. Black. He typed his login and password, and some other stuff, then switched the monitor back on. His motions were so smooth and practiced, it was like he did it hundreds of times a day and just didn't think about it. You could still see his fingers on the keyboard, but I didn't pay attention to that part - he was fast and smooth - hard to follow - sort of like trying to get Benny Goodman's clarinet fingering by watching an old Video...
-
-
Monday 19th October 2015 18:13 GMT Michael Wojcik
Re: I thought of an entirely software-based alternative.
For those with less-rigorous threat models, there are plenty of fonts available that are so painful that few attackers would put up with reading them. Start with Comic Sans and work up from there until you reach an appropriate cost to the attacker's sanity.
-
-
Thursday 15th October 2015 17:35 GMT Henry Wertz 1
Not on demand
Someone at HP doesn't know what "on demand" means. If it's integrated into the screen and can't be removed, it's not on demand since it cannot be "turned off".
Anyway... *yawn*. These have been around for decades, banks tend to use them. Why would I want to buy a computer with it built in when I can just buy the overlay from 3M if I wanted one?
-
-
Thursday 15th October 2015 18:15 GMT Anonymous Coward
Re: The 1980s called; wants to sell you a pocket TV
The trouble with those early passive LCDs was ghosting. They had a terrible refresh rate.
I tried playing pinball on a laptop with one of these screens once (circa 1996). Big mistake. I could see about 6 balls on the screen and had no idea which one was the real one.
-
-
Thursday 15th October 2015 21:12 GMT PNGuinn
Private Viewing...
I know it'll never fly, 'cos it's prior art and there's no patent dosh in it...
For years we men have had modesty barriers on some urinals. How about popout / inflatable side barriers for laptops. Should go down a treat with the airlines.
Yeah, ok, it's late and I'm taking the pi**.
Raises the interesting philosophical question though as to why some urinals are more "secure" than others. Now THERE'S an excellent subject for some arts post grad grant funding. Should be worth a couple of dozen phds at least.
-
Saturday 17th October 2015 02:12 GMT Cryo
Re: Private Viewing...
There actually are collapsible anti-glare / privacy shields like this. I think they're typically marketed more for reducing glare though, either for people working with screens in bright outdoor conditions, or for graphic artists wanting to eliminate reflections from room lighting without affecting the image quality of their display.
I suppose that if they were used in a public place though, they might attract more attention, and perhaps even encourage people to look over your shoulder to find out what you're trying to hide, whereas a screen filter would probably be more discrete.
-
Monday 19th October 2015 18:19 GMT Michael Wojcik
Re: Private Viewing...
Raises the interesting philosophical question though as to why some urinals are more "secure" than others
Y'know, somewhere years ago I saw a study that demonstrated that men's public bathrooms did indeed have significantly better throughput if there were privacy shields between urinals - not surprising, since "shy bladder" is a widely-documented condition. Yet idiot architects and designers keep leaving them out. If memory serves, the new terminal at Heathrow is an offender, and an airline terminal is a perfect example of a place where you want to avoid this problem.
-