back to article You can hack a PC just by looking at it, say 3M and HP

Top security minds at HP have discovered that if you look at a PC, you can read what's on its screen. And if you're not the intended reader of that screen, it constitutes “visual hacking”, a terrifying menace that Must Be Stopped. The good news is it Can Be Stopped With This One Amazing Sheet Of Plastic, aka a 3M “Privacy …

  1. David Knapman

    Is this "our screens have poor viewing angles, so we're going to make them worse and call it a feature?"

    1. g e

      This is far cheaper...

      https://www.youtube.com/watch?v=zL_HAmWQTgA

      1. Anonymous Coward
        Anonymous Coward

        Re: This is far cheaper...

        True, but that's harder to take with you when you're travelling and I expect it's only going to take someone wearing polarised sunglasses to undo your security..

        1. Anonymous Coward
          Anonymous Coward

          Re: This is far cheaper...

          "True, but that's harder to take with you when you're travelling and I expect it's only going to take someone wearing polarised sunglasses to undo your security.."

          I plan to start a Kickstarter for a mobile phone secure screen that consists of two sheets of polarising material glued together with the polarisations 90 degrees apart. I've just tested it and it seems to work admirably.

      2. Geoff Johnson

        Re: This is far cheaper...

        That would look better if the screen was black without the goggles. Working at a monitor that looks off would really confuse people.

        EDIT: before anyone mentions it, I know it wouldn't work that way, but it would look cool if it did.

    2. Nolveys Silver badge
      Devil

      Call it a feature?

      They had to figure out some way to market that batch that was made of nothing but glass and black.

    3. Anonymous Coward
      Anonymous Coward

      dave +1

      Do you work in marketing ?

    4. joed

      I was going to say the same thing. HP's laptops are pain to look at straight, and forget about trying to see anything from any side.

  2. saif
    Linux

    Firewall

    And unencrypted verbal communications can be easily intercepted by any one in the same room. Ultimately what is required is a firewall at the universal ports not just at the the digital to analogue transformation layer...the interface between man and machine. We need the firewall between man and man. Speaking gibberish or Welsh might do it.

    1. knarf

      Re: Firewall

      I think PMs already use a secret language that means nothing to nobody, not even each other most of the time,

    2. Alien8n Silver badge

      Re: Firewall

      My father in law used to work at NatWest and they had an issue with their Swansea branch many years ago, so they sent one of their head honchos over to sort the branch out. Every time he walked into a room the staff would switch from English to Welsh so he couldn't understand what they were talking about. Imagine their horror when on the final day he says goodbye to them in fluent Welsh. Turned out that despite no longer having the accent he was Welsh as well...

      1. Bota

        Re: Firewall

        I had a very similar situation where our contractors were Portuguese, and I picked it up many moons ago from an ex. Was quite interesting what they wanted to do to the girls in accounting lol

        1. Yet Another Anonymous coward Silver badge

          Re: Firewall

          >Was quite interesting what they wanted to do to the girls in accounting lol

          Migrate them onto a cloud platform despite the inherent security risks ?

    3. Steve Evans

      Re: Firewall

      I believe the solution to this is encrypting it at source.

      A few hours in the local pub should do it... Now where do I apply for the research grant?

    4. chivo243 Silver badge

      Re: Firewall

      @saif

      I work in The Netherlands, Welsh, Dutch... it's all greek to me.

      1. Anonymous Coward
        Coat

        Re: Firewall

        ..and english is the linguia franka, pity I know no latin

    5. tony2heads
    6. TitterYeNot
      Coat

      Re: Firewall

      "And unencrypted verbal communications can be easily intercepted by any one in the same room"

      This is known in the black-hat trade as aural hacking.

      Definitely not to be confused with oral hacking, which is something else entirely (and may or may not involve someone wearing a poorly fitted dental brace.)

    7. Yet Another Anonymous coward Silver badge

      Re: Firewall

      That's why the police need to ban all those forms of encrypted voice communication known as "speaking foreign"

    8. Bill M

      Re: Firewall

      I know a lot of people who speak gibberish, but only 1 who speaks Welsh.

    9. HonestAbe

      Re: Firewall

      That's why I always conduct meetings in the original audio-signal VPN, igpay atinlay.

    10. Trigonoceps occipitalis

      Re: Firewall

      Navaho shirley.

      1. PNGuinn
        Holmes

        Re: Firewall

        "Navaho shirley."

        Indeed. I call Bulls**t

        I bet you've never met a navaho called Shirley.

        1. Anonymous Coward
          Anonymous Coward

          Re: Firewall

          I did, bach when I was six and running rampant with the Chief's eldest son.

  3. Anonymous Coward
    Anonymous Coward

    I keep my laptop screen secure by not opening the lid, 100% secure and free. Beat that HP.

  4. Warm Braw Silver badge

    As an alternative

    You could get out your knitting needles,

  5. Alister Silver badge

    the unintended consequence of making it harder to gather around a PC to check out that really funny new thing on YouTube.

    ...and the further unintended consequence that the number of internal emails suddenly rises, as people send each other the link to the new You Tube Funny, instead of gathering round one notebook...

    1. Alien8n Silver badge

      One company I worked at one of the senior managers came in complaining that his laptop was really slow. A quick search for all emails with attachments confirmed the issue was the thousands of emails containing videos and pictures. Including a rather inordinate amount of porn that was being emailed to him by one of the machine operators. We hit delete and told him not to be so stupid again or he'd be losing his redundancy pay (the only reason they weren't reported to HR was the fact that both he and the operator were leaving 2 months later on redundancy and the redundancy pay was in the 4 to 5 figure range). Same company had another user who we didn't report for downloading music and movies from file sharing sites. Turned out the IT manager had his download folder set up as a network share to save him from downloading the same files...

    2. Michael Strorm

      Please... won't someone think of Corbis?

      Don't they realise that this would decimate stock image libraries' investment in office types crowding round a corporate laptop?

      (Fact: Such images constitute approximately 47% of all stock photos in existence. Another 35% consists of groups of socialising woman apparently laughing at something highly amusing one of them has just said, while showing off their perfect white teeth and- in a very odd coincidence- none of them happen to have their eyes shut nor have been caught in an awkward-looking mid-expression change, like always happens when anyone normal tries taking such a photo).

  6. xeroks

    virtual monitors

    A more effective solution might be the use of an occulus/hololens type device to present the data to a single user.

    I don't believe anything out there is capable enough as a monitor replacement, but I wonder if HP have any devices like this in the pipeline. This might be the first step in a bigger marketing campaign.

    Or a cheap trick to make a quick buck.

    1. Anonymous Coward
      Anonymous Coward

      Re: virtual monitors

      Not yet, but they are improving. There are Oculus prototypes that are full 1080p, plus for business purposes you don't need stereoscopy; a single screen, even a Cardboard solution with a sufficiently-high-res smartphone will suffice.

      1. Yet Another Anonymous coward Silver badge

        Re: virtual monitors

        for business purposes - you could leave out the phone and just have a cardboard hat with a single powerpoint slide with "leverage synergy" and "dynamic growth potential" printed on a distracting background

      2. Cryo

        Re: virtual monitors

        "Not yet, but they are improving. There are Oculus prototypes that are full 1080p, plus for business purposes you don't need stereoscopy; a single screen, even a Cardboard solution with a sufficiently-high-res smartphone will suffice."

        The VR headsets like the Oculus Rift, HTC Vive, and other upcoming models that have been getting attention lately probably wouldn't be great as monitor replacements for at least the near future, simply because they're designed more for spreading their resolution out over a wide field of view. You don't need a 100+ degree viewing angle for a virtual monitor, so under that usage scenario, much of their resolution would be wasted. For a privacy-minded head-mounted display that isn't concerned with putting people in immersive 3D environments, a much narrower field of view with pixels more tightly packed together would probably be ideal.

        And even if you're not sending different images to each eye, you'll still need a separate display for each eye (or half of a larger display dedicated to each eye) since optics aren't going to let you view the entirety of a screen right in front of your face with both eyes at once. And again, the design of these headsets that use a single smartphone screen divided in two are more suited to providing a wide field of view than they are a sharp central resolution. And of course, you probably won't want to be using a bulky solution with a screen much larger than you need for any considerable length of time.

        For "business purposes" you would be better off with a headset that makes use of two much-smaller screens that could be optimally positioned in front of each eye. And if you plan to use the thing in a public place, you'll probably prefer an augmented reality solution to something designed for virtual reality. What good is the security gained from using the headset if you're getting pickpocketted in the process?

        I agree that the tech is improving though, and within a few years or so, there may be AR headsets that are not much bulkier than a pair of glasses, that can provide dual-screen output suitable as a proper monitor replacement.

        1. Anonymous Coward
          Anonymous Coward

          Re: virtual monitors

          "And even if you're not sending different images to each eye, you'll still need a separate display for each eye (or half of a larger display dedicated to each eye) since optics aren't going to let you view the entirety of a screen right in front of your face with both eyes at once."

          True. That's why Cardboard positions the phone several inches in front of you, thus putting it within the view of both eyes (either directly or by half-silver optics). It's also IIRC less disorienting than a dual-screen solution since you can have screen mismatch as well as the extremely close-up focus that can strain eyes.

    2. Alien8n Silver badge

      Re: virtual monitors

      Wasn't this one of the original premises for Google Glass? The idea that you could "project" a screen for work which if you look slightly to the side the screen "disappears"?

    3. BlindProgrammer

      Re: virtual monitors

      I have the solution. As a totally blind programmer I don't even have a monitor. Nobody can hear my screen-reader through my headphones. If everybody else did the same for security's sake maybe somebody would give me a job on the back of my 25 years experience and not care about my blindness

      1. Anonymous Coward
        Anonymous Coward

        Re: virtual monitors

        Braille terminals are fairly discrete too.

        Not sure I could adapt to using either though, being sighted myself. (Then again, if I were to go blind, I'd have to.)

        1. Zog_but_not_the_first Silver badge
          Joke

          Re: virtual monitors

          "Braille terminals are fairly discrete too."

          I'm sorry, I'll feel that again.

          With apologises to Peter Cook.

      2. Bota

        Re: virtual monitors

        That's actually an amazing feat! I wish I had half your determination and a third of your skill!

  7. James 51 Silver badge

    Had one of these for my phone. Added advantage that it stopped glare. Only problem was that with a touch interface the coating soon wore off.

  8. deive

    Would be useful if they integrated this into screens, allowed sections of it to be turned on and off by software and then turned it on over password fields only. Until then, meh!

    1. Michael Thibault
      Mushroom

      >allowed sections of it to be turned on and off by software and then turned it on over password fields only.

      I must assume that you're of the belief that that software would remain in the nominal user's control exclusively.

    2. Kubla Cant Silver badge

      Would be useful if they integrated this into screens, allowed sections of it to be turned on and off by software and then turned it on over password fields only.

      Useful, but only when you're logging in to a system that displays the password characters. If you're still using something like that then people spying on your screen is probably the least of your problems. I'd guess that the last such system became obsolete in 1980.

  9. Anonymous Coward
    Anonymous Coward

    "Or "mal-looking" as it may one day come to be known"

    Love it.

    A well-written article, holding idiots up to ridicule - damned by their own words.

    'Visual hacking' indeed. I thought that meant poking someone's eyes out.

    1. Anonymous Coward
      Anonymous Coward

      Re: "Or "mal-looking" as it may one day come to be known"

      Hacking is entirely the wrong description of the problem - hence the ridicule.But nevertheless a real problem and if we can come up with a better solution than a grotty piece of scratched plastic that we slide over our svelte laptop screens, so much the better.

    2. Anonymous Coward
      Anonymous Coward

      Re: "Or "mal-looking" as it may one day come to be known"

      Perhaps it simply means the person looking is called "Mal"?

    3. PNGuinn
      WTF?

      Re: "Or "mal-looking" as it may one day come to be known"

      Personally, I prefer the expression usually used in Blighty - Shoulder Surfing. Somehow it seems to trigger the imagination....

  10. TeeCee Gold badge
    Facepalm

    Hmm.

    when visual hackers ply their dark art by sneaking up behind someone

    Er, surely if you've snuck up behind the user you'll have direct, on-axis LOS and this "security technology" will be defeated?

    1. DropBear Silver badge
      Joke

      Re: Hmm.

      That's only true for the 1.0 version. Mark II will include patented lightsaber technology, and the photons will stop propagating past half a meter or so from the screen...

    2. Preston Munchensonton
      Coat

      Re: Hmm.

      Er, surely if you've snuck up behind the user you'll have direct, on-axis LOS and this "security technology" will be defeated?

      Fortunately, most self-styled ninjas are more Pauly Shore than David Carradine.

      1. Anonymous Coward
        Devil

        Re: Hmm.

        werent he a Shaolin monk and not a Ninja?

    3. Yet Another Anonymous coward Silver badge

      Re: Hmm.

      Not if you are heavy enough - then the photons will be deflected by the user and be prevented from reaching the onlooker.

      I believe Americans are working on the "Big Mac Blackhole Meal Deal" as we speak

  11. adam payne Silver badge

    A load of marketing twaddle. I'll stick with my USB powered rocket launcher.

  12. Your alien overlord - fear me

    I brought one of these years ago, fitted it to my laptop and removed it in under a day. The requirement to look at the screen 'at just the right angle' was a right PITA.

    How many times have people be called over to crowd around a desk monitor to look at the latest funny cat video. That'll have to stop now and productivity may increase - shock horror.

    1. Mark 85 Silver badge

      As was pointed out by another... they'll just email the URL and clog inboxes. Unintended consequences and all that.

  13. Robert McCracken

    Not surprising.

    Firstly how cute that they are Imarketing something that has been around for decades.

    Secondly, hack just by looking, I can believe that as apparently users can break computers just by looking at them. " I didn't do touch anything" , " I don't know how that software got installed" and my favourite " no I didn't spill any coffee on the keyboard" as I pure a cup of latte out of it.

  14. Swiss Anton
    Angel

    Not secure enough for me

    OMG! I need to tell my boss. We often have to look at sensitive data. However I don't think that a viewing filter is good enough. I mean, what if someone shoulder surfs me. No, I think the only thing that will work is a VR headset. (BTW, can anyone recommend a good 3d game?)

  15. Eclectic Man

    Has anyone considered ..

    ... working in a secure environment? Like, umm, maybe a dedicated building with workspace facilities including a desk, chair, and maybe one of theose strange wire conneciton things for power and the interpleb?

    It needs a name so I'll call it "an Office".

    On second thoughts it will never fly. Why would anyone want to spend time in a comfortable, air-conditioned environment with their colleagues when they could be sitting in a railway station waiting room balancing a scalding hot coffe on one knee, a mobile on their shoulder and a laptop on the other knee?

  16. jake Silver badge

    Good lord ...

    ... I'm pretty certain we were looking over the shoulders of folks with actual computer accounts back in the 1970s to steal account/passwords.

    3M and HP have only just now noticed this? Sad, that.

    1. Michael Wojcik Silver badge

      Re: Good lord ...

      To be fair, 3M and HP have known about shoulder-surfing as long as all of those things have existed. This is just a case of some marketer deciding to try to turn a long-existing niche product into a USP.

      The news here is just this latest bit of marketing desperation, and the coinage1 of the term "visual hacking".

      The article really doesn't convey how far this particular bit of nonsense has been taken. It's a bit embarrassing, if you're in IT security, just by association.

      1Or, more likely, attempt at popularization - though the Google Ngram Viewer didn't find any historical use of the phrase, thank goodness.

  17. Stevie Silver badge

    Bah!

    You know, when Dell and HP and Compaq and IBM and Apple were announcing their push to make LCD screens more easily readable at wide angles I remember saying that it was a mistake.

    I must ask Alannis Morriset if this "spend bajillions on wide screen research, then fit an aftermarket screen field of view filter" is ironic or not.

    1. Michael Wojcik Silver badge

      Re: Bah!

      Sigh.

      Irony, one of the four "master tropes" and arguably the root trope par excellence, simply means any situation in which an expectation is violated - even if that expectation is naive, and even if the audience expects it to be violated.1

      Thus, yes, the situation with competing wide-viewing-angle and narrow-viewing-angle screens as USPs is ironic. And so are all the situations Alanis Morissette describes in her well-known and incorrectly-criticized song.

      1That's not as paradoxical as it sounds. In "dramatic irony", for example, the audience is aware of some condition which a character is not; thus the character has an expectation that the audience knows is incorrect. Irony describes any skew between a narrative state and the world it purports to describe. (That's why it can be considered the root trope: all tropes are "turnings" from literal meaning to figurative, and any such turn necessarily represents some divergence from the most probable meaning, which is the literal one.)

  18. Hairy Spod

    Marketing opportunity for old gear on e-bay

    ..so basically now is a good time to pick up a load of old flat panels with poor viewing angles that no one wants and then to start flogging them as high security devices on e-bay

  19. Valeyard

    We had to use these

    At a bank I worked at they had a bank of desks in the customer area for general enquiries, these had the screen filters on so only the staff could see someone's personal and financial details in a public space

  20. DougS Silver badge

    Polarizing filters

    Is it possible to design a paired polarizing filter for a screen and for glasses, so that only someone wearing the glasses can see the screen? That would be worthwhile for those who have truly confidential data, like a CEO who is forced to fly first class instead of private jet, and wants to open his laptop and get some work done.

    Wouldn't want that Wall Street trader in the row behind him to see his email titled "final proposal for EMC buyout" (if I were him, I'd snap a picture of his screen if possible, so when the SEC asks why you bought a 50,000 call option contracts on EMC the day before the day was announced you can prove it was not insider trading but merely being in the right place at the right time)

    1. stucs201

      Re: Polarizing filters

      See the first reply to the first post...

  21. BlindProgrammer

    Gissa job then

    I'm not a security risk! I am a totally blind programmer with 25 years experience. But I can't find a job. But when I'm wearing my headphones and listening to my screen-reader with my monitor switched off or not even plugged in I could save the day!

  22. Stuart Dole

    Costco...

    I was in Costco (USA - California) last week and stopped at the "Wireless" kiosk to ask about phone upgrades. The tech guy went to his computer to lookup my account - indeed, the screen had that kind of shield, but you could see it OK if you were close enough to be on-axis - easy to do in the retail store the way they had the PC set up - the monitor faced the aisle.

    But then during his logon process, he turned the monitor OFF. Black. He typed his login and password, and some other stuff, then switched the monitor back on. His motions were so smooth and practiced, it was like he did it hundreds of times a day and just didn't think about it. You could still see his fingers on the keyboard, but I didn't pay attention to that part - he was fast and smooth - hard to follow - sort of like trying to get Benny Goodman's clarinet fingering by watching an old Video...

  23. Suricou Raven Silver badge

    I thought of an entirely software-based alternative.

    Wingdings and practice.

    1. Michael Wojcik Silver badge

      Re: I thought of an entirely software-based alternative.

      For those with less-rigorous threat models, there are plenty of fonts available that are so painful that few attackers would put up with reading them. Start with Comic Sans and work up from there until you reach an appropriate cost to the attacker's sanity.

  24. Henry Wertz 1 Gold badge

    Not on demand

    Someone at HP doesn't know what "on demand" means. If it's integrated into the screen and can't be removed, it's not on demand since it cannot be "turned off".

    Anyway... *yawn*. These have been around for decades, banks tend to use them. Why would I want to buy a computer with it built in when I can just buy the overlay from 3M if I wanted one?

  25. Kevin McMurtrie Silver badge
    Meh

    The 1980s called; wants to sell you a pocket TV

    Early models of LCDs did this naturally and it was extremely costly to fix until recently. Maybe somebody found a huge stash of old screens after buying the Palm campus.

    1. Anonymous Coward
      Anonymous Coward

      Re: The 1980s called; wants to sell you a pocket TV

      The trouble with those early passive LCDs was ghosting. They had a terrible refresh rate.

      I tried playing pinball on a laptop with one of these screens once (circa 1996). Big mistake. I could see about 6 balls on the screen and had no idea which one was the real one.

  26. Anonymous Coward
    Anonymous Coward

    Someone's life work is wasted.

    Somewhere there must be someone, or more likely lots of someones, who dedicated their life to improving the viewing angles on LCD monitors. They probably feel their toil has been wasted like the people who fit indicators on BMWs now.

    1. Michael Wojcik Silver badge

      Re: Someone's life work is wasted.

      So many inventors see their work turned to evil.

  27. PNGuinn
    Go

    Private Viewing...

    I know it'll never fly, 'cos it's prior art and there's no patent dosh in it...

    For years we men have had modesty barriers on some urinals. How about popout / inflatable side barriers for laptops. Should go down a treat with the airlines.

    Yeah, ok, it's late and I'm taking the pi**.

    Raises the interesting philosophical question though as to why some urinals are more "secure" than others. Now THERE'S an excellent subject for some arts post grad grant funding. Should be worth a couple of dozen phds at least.

    1. Cryo

      Re: Private Viewing...

      There actually are collapsible anti-glare / privacy shields like this. I think they're typically marketed more for reducing glare though, either for people working with screens in bright outdoor conditions, or for graphic artists wanting to eliminate reflections from room lighting without affecting the image quality of their display.

      I suppose that if they were used in a public place though, they might attract more attention, and perhaps even encourage people to look over your shoulder to find out what you're trying to hide, whereas a screen filter would probably be more discrete.

    2. Michael Wojcik Silver badge

      Re: Private Viewing...

      Raises the interesting philosophical question though as to why some urinals are more "secure" than others

      Y'know, somewhere years ago I saw a study that demonstrated that men's public bathrooms did indeed have significantly better throughput if there were privacy shields between urinals - not surprising, since "shy bladder" is a widely-documented condition. Yet idiot architects and designers keep leaving them out. If memory serves, the new terminal at Heathrow is an offender, and an airline terminal is a perfect example of a place where you want to avoid this problem.

  28. Zmodem

    you can`t see much of whats on a laptop screen from 10 inches away, never mind 8 feet on another coffee table

    1. Michael Wojcik Silver badge

      Keep your feet off the coffee table, please.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019