Keystroke Inference Attacks

You are on an official video call. You share a joke with your coworker about your boss on private chat. You’ll both laugh and giggle over the joke. The call gets over, and you carry on with life as normal.

The next day your boss calls you, and guess what, he wants to discuss the joke you had privately shared to your coworker. You know your coworker did not snitch on you. Then how on earth did your boss know about that joke. You rack your brains and you end up with no answer.

Until one day, you come across this article. The article states that hackers can read what you are typing when you are on a video call!!

How are they finding out what you are typing when you are on a video call? Hack your system? No! Track your keystrokes? No! What they do instead is track the movement of your shoulders.

This is something that has not been given much importance to date. Until COVID struck and we all were forced to conduct official meetings via video calls.

Finding the way:

The research team from Texas which had found out that this could be done, states that the videos are in high-fidelity and the pixels convey more information than one realizes.

The team did not use any special machine learning tools or artificial intelligence to figure out how subtle movements of one’s shoulders can affect the pixels. The basic movements being tracked were North, South, East, and West.

When this was applied to a keyboard, the information being derived was tremendous. For example, to type “Ant” one starts with A, moves east to N, and then west to T.

These shoulder movements were analyzed and software was built to cross-reference these with an English dictionary to build a “word profile”.

Investigation and Demo:

The pattern recognition was 75% accurate in a lab setting, where a particular type of chair was used and only a set number of words were used.

When the test was moved to a real word setting, the team was able to accurately infer 66% of the websites typed, 21% of random English words, and a measly 18% of passwords typed, due to the increased complexity and randomness. Though these numbers are quite low right now, they are bound to increase as time passes by.

It was found that users who had long hair covering their shoulders were at lower risk of being read and so too were ones who were hunting for keys on the keyboard.

Until the video calling software are able to work out a method to blur your shoulders while you type or any such solution, maybe just let your hair grow. Or well, just don’t type while on a video call.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Leave a Reply