1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This new attack uses the sound of your keystrokes to steal your p

    From TechnologyDaily@1337:1/100 to All on Mon Mar 18 10:45:06 2024
    This new attack uses the sound of your keystrokes to steal your passwords

    Date:
    Mon, 18 Mar 2024 10:30:46 +0000

    Description:
    Who is listening to you type? And what can they deduce from that?

    FULL STORY ======================================================================

    Two researchers from Augusta University, in Georgia, U.S., demonstrated a novel way to steal peoples passwords that would put even James Bond to shame.

    Last week, researchers Alireza Taheritajar and Reza Rahaeimehr published a paper called Acoustic Side Channel Attack on Keyboards Based on Typing Patterns which is just as weird as it sounds.

    According to the research, there is a way to deduce a persons password (or
    any other word thats typed into a computer) by simply listening to them type. Is it feasible?

    The method is not as accurate as some other side channel attacks, as the researchers suggested the accuracy of this attack is around 43%. To pull it off, all the attackers would need is a relatively small sample of the victims typing (just a few seconds, apparently), but would need more than one recording.

    Furthermore, they would need an English dictionary. The mitigating circumstance here is that the recording doesnt have to be particularly clean. It could have significant background noise, or come from multiple different keyboards, and still work.

    In theory, a threat actor could place a smartphone, or a similar microphone-equipped device, in the relative vicinity of the victim and record them typing. From that recording, they would be able to establish certain patterns, which could then be used to determine potential words. The English dictionary would help to predict which words would make most sense in the context of the sentence.

    While it sounds ominous, there are quite a few moving parts that need to
    align perfectly, for the attack to be pulled off.

    For one, the attacker needs to either be really close to the victim, have a recording device nearby (a smart speaker would suffice, apparently), or have malware installed thats capable of leveraging the computers microphone. Then, the attacker needs to type in their password, as well as a bunch of other words.

    They cannot be a professional typist, or be able to type fast in general, as that messes with the predictions. Then, the attackers can analyze the recordings and will still end up with just a 43% chance of success. More from TechRadar Pro This security flaw could affect nearly all CPUs - but it might not be all bad Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-new-attack-uses-the-sound-of-your- keystrokes-to-steal-your-passwords


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)