New Acoustic Keyboard Side Channel Attack Let Attackers Steal Sensitive Data

In recent years, personal data security has surged in importance due to digital device usage. Side-channel attacks exploit system side effects to gather information. 

Electronic emissions are a known vulnerability to such attacks. Acoustic side-channel attacks are particularly threatening. In this attack, threat actors utilize the device’s sound emissions to extract sensitive data.

Cybersecurity researchers, Alireza Taheritajar and Reza Rahaeimehr from Augusta University recently discovered a new acoustic keyboard side-channel attack that lets hackers steal sensitive data.

Acoustic Keyboard Side Channel Attack

Keyboard acoustic side-channel attacks enable threat actors to remotely capture keystroke sounds through microphones and analyze waveforms to determine sensitive information like timing and intensity.

They exploit this data despite background noise challenges, utilizing techniques like statistical analysis, machine learning, signal processing, acoustic triangulation, and Time Difference of Arrival (TDoA).

This made some past studies to limit environmental conditions or ignore irregularities that could interfere with the results. 

However, noise from the surroundings and typing habits of a user are among those factors that are often not considered though they can change how people use keys leading to variations in recognition accuracy.

number of letters on the success rate

This is further complicated by interactions between models and other attributes of emissions that do not have uniform patterns, as well as their dependence on environmental circumstances. 

It also provides an opportunity for keyboard models themselves to spoil up algorithms when altered due to special sound features.

In recent times deep learning approaches bring further complexity to obtaining consistent outcomes. 

In this paper, researchers proposed another approach aimed at eliminating these drawbacks.

It consists of capturing keystroke audio, extracting timing data, training a statistical model for prediction, testing on unknown recordings, and enhancing results with an English dictionary. 

The interface of the data gathering software (Source – Arxiv)

The proposed method analyses typing patterns so as to be able to predict words even in real environments where there is noise and without limiting the keyboard models used.

Researchers’ method assumes identifying the victim, but ours isn’t limited to specific keyboard brands.

They expect victims to work in quiet rooms, allowing noise control through signal processing. 

They gather typing samples, text, and ambient noise to train statistical models.

Analysts assume an oracle can split audio into word files, which is realistic as users often generate distinct sounds by pressing the Enter or Space keys after typing.

A Windows app written in C# by experts to record keystroke sounds under three conditions:- 

  • Users just typing
  • Researchers typing sentences
  • Developers using normal words

Different sentences and words were chosen to represent various styles and trends of English typing.

Researchers conducted an IRB-approved study to collect typing patterns from 20 adult users, ensuring confidentiality and anonymity. 

Datasets included common English words to measure word length’s impact on prediction accuracy.

Visual representation in Figure 5 shows success rates increasing with word length up to six letters, then plateauing.

The researchers are trying to reduce reliance on environmental conditions in their approach, but accurately capturing the keyboard sounds is very important for precise keystroke identification. 

Acoustic detection methods rely on the production of sufficient sound by keyboards in order to overcome challenges with softer keys that may lower the accuracy. 

The technique supposes that users maintain consistent and recognizable typing patterns when constructing datasets. 

In this way, it is possible to deduce whether a certain key was pressed or not based on the variance between different key presses on the same computer.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Tushar Subhra

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Microsoft Patches Multiple Vulnerabilities Allow Attackers to Elevate Privileges

Microsoft has recently released patches addressing multiple vulnerabilities that could enable attackers to elevate privileges…

27 minutes ago

Why the MITRE ATT&CK Evaluation Is Essential for Security Leaders

In today’s dynamic threat landscape, security leaders are under constant pressure to make informed choices…

14 hours ago

Lazarus Hackers Exploits macOS Extended Attributes To Evade Detection

The xattr command in Unix-like systems allows for the embedding of hidden metadata within files,…

16 hours ago

ProjectSend Authentication Vulnerability Exploited in the Wild

ProjectSend, an open-source file-sharing web application, has become a target of active exploitation following the…

18 hours ago

NVIDIA UFM Vulnerability Leads to Privilege Escalation & Data Tampering

NVIDIA has released a critical security update addressing a significant vulnerability in its Unified Fabric…

21 hours ago

Junior School Student Indicted for Infecting Computers With Malware

Fukui Prefectural Police have indicted a 15-year-old junior high school student from Saitama Prefecture for…

23 hours ago