Security Alert: Window Transparency Information Disclosure

Submit: Add to your del.icio.us Digg This Slashdot GotNews StumbledUpon Reddit

Original advisory here
                      ____      ____     __    __
                     /        /       |  |  |  |
        ----====####/  /__##/  /  ##|  |##|  |####====----
                   |  |      |  |__|  | |  |  |  |
                   |  |  ___ |   __   | |  |  |  |
  ------======######  /  /#|  |##|  |#|  |##|  |######======------
                     ____/  |__|  |__|  ______/

                    Computer Academic Underground
                        http://www.caughq.org
                          Security Advisory 

===============/========================================================
Advisory ID:    CAU-2007-0001
Release Date:   04/01/2007
Title:          Window Transparency Information Disclosure
Application/OS: Windows made from silica or plastics
Topic:          Panes used in windows are usually transparent, allowing
                sensitive information to be observed from the outside.
Vendor Status:  Not Notified
Attributes:     Remote, Information Disclosure
Advisory URL:   http://www.caughq.org/advisories/CAU-2007-0001.txt
Author/Email:   I)ruid <druid (at) caughq.org>
===============/========================================================

Overview
========

An information disclosure attack can be launched against buildings that
make use of windows made of glass or other transparent materials by
observing externally-facing information through the window.

Impact
======

Sensitive information stored on whiteboards, cork-boards, calendars,
post-it notes, or other medium which faces a window is susceptible to
being disclosed to a remote entity.

Affected Systems
================

1) Silica Windows

2) Plastic Windows

Technical Explanation
=====================

Silica-based (glass) windows have molecular structures that are very
random like a liquid yet retain the strong bond and rigidity of a solid.
Transparent and translucent plastic windows have molecular structures
wherein the long-chain molecules (polymers) in the plastic are made to
settle into a similarly random pattern.

These random patterned molecular structures have electrons that do not
absorb the energy of photons in the visible spectrum, thus allowing
visible light to traverse them.  This traversal of visible light allows
the human eye to observe an object through the window.

Solutions & Recommendations
==========================

1) Do not store sensitive information on any medium which faces a window.

2) Draw blinds or curtains over the vulnerable window so as to prevent
   remote observers from viewing any sensitive information.

3) Apply an opaquing layer to vulnerable windows.

Exploitation
============

Use the naked eye, binoculars, or a telescoping lens to peer through the
windows of your target building.  Locate information storing mediums such
as whiteboards, cork-boards, or post-it notes which face outward through
the window.  Read the medium's content.

References
==========

Howstuffworks "What makes glass transparent?"
  http://science.howstuffworks.com/question404.htm

Credits & Gr33ts
================

Computer Academic Underground
Prof. Julius Sumner Miller
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s