BGU Cracks Next-Level Keyboard Hacking
June 7, 2019
ZDNet – A new form of cyberattack has been developed by Ben-Gurion University’s researchers which is able to mimic a user’s identity through their keystrokes.
The continual evolution of cyberattacks and their increasing sophistication has led to a situation where signature-based antivirus products are no longer enough.
A multi-layered approach to personal security — including two-factor authentication (2FA) — is slowly becoming commonplace in order to reduce our reliance on passwords alone.
The idea of verifying our identity through behavioral patterns, such as through keystrokes or mouse movements, is also being explored, but researchers at BGU’s David and Janet Polak Family Malware Lab have revealed that no single security solution is foolproof.
The team said they have developed a new form of attack, dubbed Malboard, which is able to evade detection products “that are intended to continuously verify the user’s identity based on personalized keystroke characteristics.”
It is not just the speed of keystrokes which can be used to verify a user — how we respond to typographical errors and whether or not we tend to mistype particular characters are behavioral elements which can be used to verify our identity, too.
In a paper published in the academic journal Computer and Security, BGU showed how a compromised keyboard can be used to generate and send malicious keystrokes which mimic its victim.
The paper also proposes detection modules which could be used to improve keyboard-based verification, including power consumption monitoring, keystroke sounds and typographical error detection.
“Each of the proposed detection modules is capable of detecting the Malboard attack in 100 percent of the cases, with no false positives,” Dr. Nir Nissim, head of BGU’s David and Janet Polak Family Malware Lab, adds. “Using them together as an ensemble detection framework will ensure that an organization is immune to the Malboard attack as well as other keystroke attacks.”