New Acoustic Keyboard Side Channel Attack Allows Theft of Sensitive Data

Home/BOTNET, Compromised, Exploitation, Internet Security, Mobile Security, Security Advisory, Security Update/New Acoustic Keyboard Side Channel Attack Allows Theft of Sensitive Data

New Acoustic Keyboard Side Channel Attack Allows Theft of Sensitive Data

With the rise in digital device usage, personal data security has become increasingly important. Side-channel attacks exploit system side effects to gather information, with electronic emissions being a known vulnerability. Acoustic side-channel attacks, which use a device’s sound emissions, are particularly threatening as threat actors can extract sensitive data through them.

Cybersecurity researchers Alireza Taheritajar and Reza Rahaeimehr from Augusta University recently uncovered a novel acoustic keyboard side-channel attack enabling hackers to pilfer sensitive data.

Acoustic Keyboard Side Channel Attack

Keyboard acoustic side-channel attacks allow threat actors to remotely capture keystroke sounds via microphones and analyze waveforms to discern sensitive information such as timing and intensity. These attacks overcome background noise challenges using techniques like statistical analysis, machine learning, signal processing, acoustic triangulation, and Time Difference of Arrival (TDoA).

Some past studies have restricted environmental conditions or disregarded irregularities that might affect the results. However, factors such as ambient noise and a user’s typing habits, which can influence how keys are pressed and affect recognition accuracy, are often overlooked.

Interactions between emissions models and other attributes lack uniform patterns, complicating the analysis, particularly under varying environmental conditions.

Moreover, alterations in keyboard models due to unique sound features can disrupt algorithms. The adoption of deep learning methods adds another layer of complexity to achieving consistent results.

In this study, researchers proposed a novel approach to address these limitations, involving keystroke audio capture, timing data extraction, statistical model training for prediction, testing on unknown recordings, and augmenting results with an English dictionary.

The proposed method analyzes typing patterns to predict words accurately in noisy real environments, without restricting the keyboard models used.

Unlike researchers’ methods, ours isn’t limited to specific keyboard brands.

The method does not require victims to work in quiet rooms for noise control through signal processing.

Typing samples, text, and ambient noise are gathered to train statistical models.

The method assumes an oracle can split audio into word files, a realistic scenario as users often generate distinct sounds by pressing the Enter or Space keys after typing.

Experts developed a Windows app in C# to record keystroke sounds under three conditions:

  1. Users typing naturally.
  2. Researchers typing sentences.
  3. Developers using common words.

Distinct sentences and words were selected to capture diverse English typing styles and patterns.

Researchers gathered typing data from 20 adult users in an IRB-approved study, maintaining confidentiality and anonymity.

Datasets contained common English words to assess the impact of word length on prediction accuracy.

Success rates, depicted in Figure 5, displayed an increase with word length up to six letters before plateauing.

The researchers aim to minimize dependence on environmental conditions, emphasizing the importance of accurately capturing keyboard sounds for precise keystroke identification.

Acoustic detection methods require keyboards to produce sufficient sound to overcome challenges with softer keys, ensuring accuracy.

The technique assumes users maintain consistent typing patterns when constructing datasets, enabling deduction of key presses based on variance between presses on the same computer.

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!