Espiar lo que tecleamos en una videoconferencia
En This horrifying Zoom hack will deter you from ever side-chatting again nos contaban cómo un grupo de investigadores de la Universidad de Texas en San Antonio pueden adivinar lo que estamos tecleando en nuestra sesión de videoconferencia con una precisión del 93%.
Researchers from the University of Texas at San Antonio and the University of Oklahoma have demonstrated something terrifying: They can read what people are typing during video calls on Zoom, Skype, and Google Hangouts with up to 93% accuracy.
Y no se refieren a la típica metedura de pata de tener otra cámara, o que la que tenemos apunte a donde no debe o, que escribamos la contraseña por error en el chat.
We’ve all side-chatted, saying one thing to the camera, and another on the side. Maybe it was a joke over Gchat at a coworker’s expense. Maybe it was just multitasking some emails. Maybe it was entering a password into another site.
¿Cómo lo hacen? Observando e interpretando los movimientos de nuestra espalda.
Without using any special machine learning or artificial intelligence techniques, Jadliwala’s team figured out how to read the subtle pixel shifts around someone’s shoulders to make out their basic cardinal movements: north, south, east, and west.
Por ejemplo, para escribir CAT (gato) parece que primero escribirmos la ‘C’, nos movemos a la izquierda, hacia la ‘A’ y, finalmente, hacia la derecha para teclear la ‘T’.
Applied to a keyboard, these four directions actually mean a lot. If you are typing “cat,” you start with the C, move west to the A, then back east to the T.
Es suficiente con registrar los movimientos de la espalda y relacionarlos con un diccionario de palabras habituales.
Once researchers figured out how to read these directions through shoulder movements, they were able to create software that could cross-reference them with what they call “word profiles” built with an English dictionary, which turned the maze of directions into meaningful words.
El problema es que los proveedores no pueden hacer mucho para defendernos, tal vez emborronar nuestro contorno un poco.
But our research is not Zoom or Google specific. They cannot do anything about it at the software level in some sense.”
Las formas en que nos pueden atacar son múltiples, y cada vez hay personas más igeniosas.