Saturday, April 13, 2024

New Acoustic Keyboard Side Channel Attack Let Attackers Steal Sensitive Data

In recent years, personal data security has surged in importance due to digital device usage. Side-channel attacks exploit system side effects to gather information. 

Electronic emissions are a known vulnerability to such attacks. Acoustic side-channel attacks are particularly threatening. In this attack, threat actors utilize the device’s sound emissions to extract sensitive data.

Cybersecurity researchers, Alireza Taheritajar and Reza Rahaeimehr from Augusta University recently discovered a new acoustic keyboard side-channel attack that lets hackers steal sensitive data.

Acoustic Keyboard Side Channel Attack

Keyboard acoustic side-channel attacks enable threat actors to remotely capture keystroke sounds through microphones and analyze waveforms to determine sensitive information like timing and intensity.

They exploit this data despite background noise challenges, utilizing techniques like statistical analysis, machine learning, signal processing, acoustic triangulation, and Time Difference of Arrival (TDoA).

This made some past studies to limit environmental conditions or ignore irregularities that could interfere with the results. 

However, noise from the surroundings and typing habits of a user are among those factors that are often not considered though they can change how people use keys leading to variations in recognition accuracy.

number of letters on the success rate

This is further complicated by interactions between models and other attributes of emissions that do not have uniform patterns, as well as their dependence on environmental circumstances. 

It also provides an opportunity for keyboard models themselves to spoil up algorithms when altered due to special sound features.

In recent times deep learning approaches bring further complexity to obtaining consistent outcomes. 

In this paper, researchers proposed another approach aimed at eliminating these drawbacks.

It consists of capturing keystroke audio, extracting timing data, training a statistical model for prediction, testing on unknown recordings, and enhancing results with an English dictionary. 

The interface of the data gathering software (Source – Arxiv)

The proposed method analyses typing patterns so as to be able to predict words even in real environments where there is noise and without limiting the keyboard models used.

Researchers’ method assumes identifying the victim, but ours isn’t limited to specific keyboard brands.

They expect victims to work in quiet rooms, allowing noise control through signal processing. 

They gather typing samples, text, and ambient noise to train statistical models.

Analysts assume an oracle can split audio into word files, which is realistic as users often generate distinct sounds by pressing the Enter or Space keys after typing.

A Windows app written in C# by experts to record keystroke sounds under three conditions:- 

  • Users just typing
  • Researchers typing sentences
  • Developers using normal words

Different sentences and words were chosen to represent various styles and trends of English typing.

Researchers conducted an IRB-approved study to collect typing patterns from 20 adult users, ensuring confidentiality and anonymity. 

Datasets included common English words to measure word length’s impact on prediction accuracy.

Visual representation in Figure 5 shows success rates increasing with word length up to six letters, then plateauing.

The researchers are trying to reduce reliance on environmental conditions in their approach, but accurately capturing the keyboard sounds is very important for precise keystroke identification. 

Acoustic detection methods rely on the production of sufficient sound by keyboards in order to overcome challenges with softer keys that may lower the accuracy. 

The technique supposes that users maintain consistent and recognizable typing patterns when constructing datasets. 

In this way, it is possible to deduce whether a certain key was pressed or not based on the variance between different key presses on the same computer.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Website

Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Tushar Subhra Dutta
Tushar Subhra Dutta
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles