The new method of acoustic attack demonstrates high efficiency even in imperfect conditions.
Scientists Alireza Taheritajar and Reza Rahaeimehr from the University of Augusta (Augusta University) in the United States presented a new method of acoustic attack, which allows you to determine the user's input from the keyboard by unique key sounds and typing patterns. Interestingly, the attack works successfully even in non-ideal conditions from the point of view of noise, without requiring special equipment for recording or a specific keyboard model, which makes it potentially more dangerous in real conditions.
The attack uses characteristic sound vibrations during various keystrokes and a specific type of typing recorded by specialized software.
The article discusses all possible methods of hijacking, but in the attack we consider, this can be malware, malicious websites or browser extensions, compromised applications, cross-site scripts, or even compromised USB keyboards.
Despite the fact that the average success rate of the method is only 43%, which is lower than that of other well-known methods, its application does not require controlled recording conditions. All you need to do is get print samples from the target to link specific key sounds to the text.
Audio can be recorded using separate hidden microphones, or via infected devices such as smartphones or laptops. The collected data allows you to train a statistical model that creates a profile of the user's individual printing style based on the time intervals between keystrokes.
Calculating time intervals
The technique takes into account even small deviations in printing behavior, which reduces the impact of errors or noise during recording. The accuracy of text prediction is increased by using an English dictionary to filter assumptions. A special feature of the attack is its high efficiency in noise conditions, with different keyboard models, when using a low-quality microphone, and with any type of typing of the victim.
Detecting pressed keys
This technique also has its limitations: it is difficult to profile people who rarely use a computer and have not yet developed a consistent typing style, as well as professional "printers" with very high typing speed. The results of testing on 20 subjects showed a variety of success rates from 15% to 85%, which indicates a different vulnerability of subjects to this type of attack.
The researchers also noted that using silent keyboards can make it harder to train the model and reduce the effectiveness of predicting keystrokes. However, this new approach underscores the importance of being aware of digital security and the potential threats associated with everyday use of familiar technologies.
Scientists Alireza Taheritajar and Reza Rahaeimehr from the University of Augusta (Augusta University) in the United States presented a new method of acoustic attack, which allows you to determine the user's input from the keyboard by unique key sounds and typing patterns. Interestingly, the attack works successfully even in non-ideal conditions from the point of view of noise, without requiring special equipment for recording or a specific keyboard model, which makes it potentially more dangerous in real conditions.
The attack uses characteristic sound vibrations during various keystrokes and a specific type of typing recorded by specialized software.
The article discusses all possible methods of hijacking, but in the attack we consider, this can be malware, malicious websites or browser extensions, compromised applications, cross-site scripts, or even compromised USB keyboards.
Despite the fact that the average success rate of the method is only 43%, which is lower than that of other well-known methods, its application does not require controlled recording conditions. All you need to do is get print samples from the target to link specific key sounds to the text.
Audio can be recorded using separate hidden microphones, or via infected devices such as smartphones or laptops. The collected data allows you to train a statistical model that creates a profile of the user's individual printing style based on the time intervals between keystrokes.
Calculating time intervals
The technique takes into account even small deviations in printing behavior, which reduces the impact of errors or noise during recording. The accuracy of text prediction is increased by using an English dictionary to filter assumptions. A special feature of the attack is its high efficiency in noise conditions, with different keyboard models, when using a low-quality microphone, and with any type of typing of the victim.
Detecting pressed keys
This technique also has its limitations: it is difficult to profile people who rarely use a computer and have not yet developed a consistent typing style, as well as professional "printers" with very high typing speed. The results of testing on 20 subjects showed a variety of success rates from 15% to 85%, which indicates a different vulnerability of subjects to this type of attack.
The researchers also noted that using silent keyboards can make it harder to train the model and reduce the effectiveness of predicting keystrokes. However, this new approach underscores the importance of being aware of digital security and the potential threats associated with everyday use of familiar technologies.
