A team of researchers has developed a new attack strategy that analyzes users’ typing patterns to determine keystrokes. This acoustic attack can deduce keystrokes with better accuracy by specifically deciphering the typing patterns while ignoring the noise.
New Acoustic Side-Channel Attack Analyzes Typing Patterns
Stealing keystrokes has long been a point of interest for researchers, as this data reveals loads of information to an adversary. From passwords to sensitive details, with keystrokes, an attacker may access the desired data without significant effort.
Numerous studies in the past, too, have demonstrated how an adversary may compromise and exploit nearby devices to capture keystrokes sneakily. However, there always remained some discrepancy in the results due to environmental conditions and noise. However, the recent study claims to decipher keystrokes with better accuracy, even in most real-world scenarios.
Researchers from Augusta University, USA, have devised a new acoustic attack to deduce keystrokes by analyzing typing patterns. This technique, as claimed, covers the weaknesses in the existing methods as it relies more on the users’ typing patterns, unlike most other techniques. According to the researchers, with the target users’ typing pattern in hand, it gets easier for a trained model to determine the exact keystrokes even when typed in poor conditions.
The attack involves compromising another device near the target computer, such as a smartphone or smart speaker. The researcher then uses this device to capture keystrokes from the target system and analyze the recordings for inter-keystroke time intervals and keypress timings. The data is then used to train a statistical model for predicting the recorded keystrokes from the victim users during real-world scenarios. With the target user’s typing patterns in hand, it becomes easier to predict what the victim types, even in noisy environments.
The researchers’ methodology applies to real-world scenarios and various keyboards. In their study, they collected the typing patterns of 20 users and achieved 43% success during tests. Details about this study are available in their research paper here.
Attack Limitations And Countermeasures
While this attack strategy is highly accurate, it still has limitations, which further aid in developing countermeasures. First, the attack entirely relies on precisely capturing the target users’ keystrokes. Hence, recordings for keyboards with lesser sounds can be vague and may not produce accurate results.
Secondly, this attack depends on the victim users’ typing patterns. Again, the attack may not be successful for users with inconsistent typing patterns, those who type rarely, or who type very quickly (the latter group usually produces patterns with overlapping keystrokes and intervals).
Nonetheless, for average users with consistent typing patterns, such acoustic side-channel attacks may pose a real threat, demanding the implementation of adequate cybersecurity best practices.
Let us know your thoughts in the comments.