![Posted by a snivelling, miserable coward Anonymous Coward](/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/icons/comment/anonymous_48.png)
I'm not saying this is BS...
...but I'd want to hear a lot more about the specific setup and geometry they were using before assuming it isn't.
Modern Wi-Fi doesn't just give you fast browsing, it also imprints some of your finger movements – swipes, passwords and PINs – onto the radio signal. A group of researchers from the Shanghai Jaio Tong University, the University of Massachusetts at Boston, and the University of South Florida have demonstrated that analysing …
Not BS, but likely to be a minor security problem in the wild compared to other issues with WIFI. I would not be surprised that effective range for this attack is relatively short. Also, it may be easily defeated by various measures that could be implemented.
800 packets per second - that is fairly high pps. It looks like flooding the channel (more or less).
1. I do not see why they are using ICMP - that is daft - the target may notice. They just need to flood the airwaves with something - if they are in control of the AP they can encode it to another client key (even a non-existent one) and just shovel it out to get the relevant flood rate.
2. 800pps depending on packet sizes (what are they trying does not become clear from the article) looks like flooding the channel.
The attack looks plausible though - a MIMO with some good software is almost like a phased array radar :)
"a MIMO with some good software is almost like a phased array radar :)"
Indeed, though the MIMO's a bit cheaper.
At least one cellular base station vendor was looking at using the same kind of phase-variation beam-forming techniques a couple of decades ago. Then the parent company went TITSUP and I don't know if it ever came to fruition.
Meanwhile the overall group's pensioners (tens of thousands of them in the UK - rather more than the twenty thousand or so affected by the BHS pension fiasco) still don't know whether their promised pensions will ever come to fruition, but the paperpushers involved have paid themselves a couple of billion dollars in the meantime.
E.g.
http://pwc.blogs.com/press_room/2016/10/nortel-pension-scheme-settlement-announced.html
(except it's not really announced and confirmed yet, more paperpushing is required)
http://www.forbes.com/sites/danielfisher/2016/04/05/nortel-bankruptcy-fees-approach-2-billion-as-court-hears-arguments-over-assets/#26b409f1e055
This is a brilliant idea! Randomize the keyboard and use a position-sensitive authentication instead!
Using position-sensitive authentication with a randomized keyboard, the ascii values will be different for every keyboard you use, thus feeding random values to keyloggers (and-over the sholder snoopers).
I don't know why we didn';t think of this before.
Sooo what your saying is as my kid is also severely dyslexic, I better stop reading and writing, it might be considered unfair on him.
Also remember if you see somebody in a wheelchair lie down and shuffle about to get where your going..........
It would only be unfair on you if it was the only option available and was forced you to use it.
This post has been deleted by its author
... to know why I'm downvoted for advocating web accessibility. Australia at least has the Disability Discrimination Act 1992 and the UN Convention on the Rights of Persons with Disabilities states that, “… information intended for the general public to persons with disabilities in accessible formats and technologies appropriate to different kinds of disabilities in a timely manner and without additional cost”.
The convention also urges, “…private entities that provide services to the general public, including through the internet, to provide information and services in accessible and usable formats for persons with disabilities.”
Quite why some web designers have a hate-on for the less abled escapes me.
I'm not sure the quoted text is the best way of expressing the point. To me, those bits are open to quite a lot of interpretation.
I'm all for equal access, but if it's a choice between, for example, a static on-screen keyboard providing less secure access for all, or a randomized on-screen keyboard that adds additional security for 99% of customers but requires the setup/running of a telephone service (thereby meeting those Act quotes) then I'm not sure which side I'd fall.
I imagine the number of people affected by this vuln is going to be quite small. In return the "cure" would affect 100% of the visually impaired. In fact the cure is actively deceptive, so adding insult to injury as it were. I seem to remember ever so may of us commentards being angry that MS decided the red button with an X on it was equivalent to the OK button.
I'm all for equal access, but if it's a choice between, for example, a static on-screen keyboard providing less secure access for all, or a randomized on-screen keyboard that adds additional security for 99% of customers but requires the setup/running of a telephone service (thereby meeting those Act quotes) then I'm not sure which side I'd fall.
I'm not for equal access, at all. In fact, fuck equal access. I want it how I want it. Of course, the same goes for everyone else, as each of us has our own preferences, tastes, and values. This is why it's not really about equal access, but consumer choice. If enough people want voice control, then someone will figure out a way to meet that demand. If enough people only want the interface to consist of wrinkly butt cheeks, someone will figure out how to make that work. It's the producer incentives and consumer demands that are important, not equality.
P.S. Please, for the love of all things holy, do NOT produce a phone interface consisting of wrinkly butt cheeks.
It's also impressive that every time I post something that others find objectionable, I find my global downvote total rising. Glad to see that most of us aren't such massive, immature douchebags. I really don't care about downvotes, but who really gets their kicks from downvoting posts from months ago? Pfft.
"Quite why some web designers have a hate-on for the less abled escapes me."
Quite why some web designers have a hate-on for everyone who has who has the misfortune to have to use their fugly clunky state-of-the art adslinging crap infested cutting edge pos websites ....
There - FIFY.
where all the hipsters are typing away on their precious iDevices, I would guess that the sheer number of key presses would make any analysis of want any one of them is doing almost impossible.
(not that they would ever be doing anything important)
Who'd a thought that Apple users would get safety in numbers. Clearly the WTF moment for this Monday morning.
Silent drones with long range camera lenses pointing at your screen
Hypnotism to extract your password
Sensors impanted in your arms capturing tendon movements to map out your finger placements remotely
Hijacking your visual cortex with an implant to convert optical signals into radio waves
Above are about the same level of real world risk.
I'd be more worried about the ease with which malware makes it onto your phone and the amount of telemetry Android and IOS shares with their creators and the spooks.
Haha - awesome. Two thumbs down from people who find it hard to connect "This exploit has just been discovered" with "Oh shit, a hacking group has commoditised the exploit, unleashed it on every IoT device and are hiring it out to any kiddie scripter that can pay"
...which are two of the most often written articles on the Register...
You're describing how they test a phone's SAR "...for RF safety...". If the phone under test moves even a mm, the repirted results can change dramatically. So they carefully align the phone under test in a precisely aligned jig. Thus indicating that the entire SAR test concept is randomized rubbish. But those involved are too thick to realize.
They also reportedly achieve far sub-wavelength hotspots (in the test head), a result worthy of a Nobel Prize. Semiconductor manufacturers would love such focusing technology.
has no one seen the (granted) fictional TV serious Continuum? in at least one episode they used mapping of radio waves (cellular IIRC) to be able to look inside a building and even to go back and see what had happened previously... this idea came from somewhere... like the Dick Tracey comics with their communication watches (hello apple watch)...
the show came out in 2012 and stars the (beautiful) Rachel Nichols as an enforcement officer in 2077 that gets thrown back in time when some criminals escape using an experimental device...
http://www.imdb.com/title/tt1954347/
Not only in Public WiFi but since The Investigatory Powers Bill has been passed by both Houses of Parliament. Once it receives Royal Assent it will become law, we really need to worry about privacy. I think its time to get encrypted with a VPN, may be PureVPN or Ivacy will be the best