Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 929
- Points
- 113
The method allows you to determine the characters entered on the virtual keyboard by the sound waves generated when you press the keys.
Keyloggers are not the only means by which attackers can find out the password of a tablet or smartphone. A team of scientists from the University of Cambridge has developed a new acoustic side-channel attack method that allows characters entered on a virtual keyboard to be determined by the sound waves generated when the keys are pressed.
The microphone(s) of a mobile device is capable of recording sound waves and “hearing” finger presses, and wave distortions make it possible to determine the location of a tap on the screen, the authors of the work explain. Thus, by recording audio through the built-in microphone, a malicious application can recognize the text entered by the user.
The team developed an Android application that captures the sound of taps and correlates it with keystrokes using a machine learning algorithm tuned to a specific smartphone or tablet model. The researchers tested the new method on LG Nexus 5 and Samsung Nexus 9 devices. The experiment, which was carried out in rooms with relatively high noise levels (a common room, a reading room and a library), involved 45 participants.
The first group of volunteers randomly entered numbers from 1 to 9 (10 attempts), the second - 200 unique four-digit PIN codes, the third - letters, and the fourth - words consisting of five letters. Using the new method, scientists were able to recognize 61% of PIN codes (in 20 attempts), 7 and 19 passwords out of 27 on Nexus 5 and Nexus 9, respectively.
According to experts, there are several ways to prevent such an attack, such as physically turning off the microphone, using microphones with a lower sampling rate, covering the screen with an additional layer of glass that absorbs the sound of pressing, or preventing sound from being recorded during data entry. However, all these measures have their own nuances that may affect the design and usability of the device, the researchers admit. Instead, they propose implementing a mechanism that blocks the microphone while the user enters a password or other sensitive data.
(c) https://www.securitylab.ru/news/498592.php
Keyloggers are not the only means by which attackers can find out the password of a tablet or smartphone. A team of scientists from the University of Cambridge has developed a new acoustic side-channel attack method that allows characters entered on a virtual keyboard to be determined by the sound waves generated when the keys are pressed.
The microphone(s) of a mobile device is capable of recording sound waves and “hearing” finger presses, and wave distortions make it possible to determine the location of a tap on the screen, the authors of the work explain. Thus, by recording audio through the built-in microphone, a malicious application can recognize the text entered by the user.
The team developed an Android application that captures the sound of taps and correlates it with keystrokes using a machine learning algorithm tuned to a specific smartphone or tablet model. The researchers tested the new method on LG Nexus 5 and Samsung Nexus 9 devices. The experiment, which was carried out in rooms with relatively high noise levels (a common room, a reading room and a library), involved 45 participants.
The first group of volunteers randomly entered numbers from 1 to 9 (10 attempts), the second - 200 unique four-digit PIN codes, the third - letters, and the fourth - words consisting of five letters. Using the new method, scientists were able to recognize 61% of PIN codes (in 20 attempts), 7 and 19 passwords out of 27 on Nexus 5 and Nexus 9, respectively.
According to experts, there are several ways to prevent such an attack, such as physically turning off the microphone, using microphones with a lower sampling rate, covering the screen with an additional layer of glass that absorbs the sound of pressing, or preventing sound from being recorded during data entry. However, all these measures have their own nuances that may affect the design and usability of the device, the researchers admit. Instead, they propose implementing a mechanism that blocks the microphone while the user enters a password or other sensitive data.
(c) https://www.securitylab.ru/news/498592.php
