Acoustic attacks on Keyboards

Caute_cautim · ‎03-17-2024

Hi All

Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise.

Though the method achieves an average success rate of 43%, which is significantly lower than other methods presented in the past, it it does not require controlled recording conditions or a specific typing platform.

https://www.bleepingcomputer.com/news/security/new-acoustic-attack-determines-keystrokes-from-typing...

These attacks are well known historically within the Technical Countermeasures category, depending on the value of the information being processed.

Regards

Caute_Cautim

Early_Adopter · ‎03-18-2024

Snap, crackle and pop of the key in the chip… not keyboards I know but acoustic cryptanalysis is also fun.🤩

Steve-Wilme · ‎03-18-2024

Oh no, all those companies that moved to home working, will need to have tempest protections at all their employees home addresses!

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS

Early_Adopter · ‎03-18-2024

@steve-Wilme… for the love of god space those ethernet cables 450mm/18 inches apart!

Hang on…What’s Wi-Fi…? 😛

Caute_cautim · ‎03-18-2024

@Early_Adopter @Steve-Wilme Why are they using keyboards, when they can use screened rooms - Faraday cages and Gen AI to dictate their messages without having to use the keys?

Regards

Caute_Cautim

denbesten · ‎03-18-2024

@Caute_cautim wrote:
acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns

Use voice typing. No keyboard to attack. 😄

Caute_cautim · ‎03-18-2024

@denbesten Then the attackers, will plant a bug in the locality and listen for the words spoken - so they would just remotely bug the location instead, if the value of the data conveyed had sufficient intrinsic value.

Or use a acoustic parabola dish to point towards the target or they would opt to for listening for vibrations or using watching the targets mouth and recording it for playback purposes etc.

You still need a secure zone or area, if you wanted to protect oneself or employees etc.

But as one of our colleagues stated revert to TEMPEST techniques and convert the monitor signal into intelligent information etc.

Regards

Caute_Cautim

Steve-Wilme · ‎03-19-2024

The obvious solution is to use telepathy instead ... oh, err, wait a minute. Is that a thing or not?

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS

Caute_cautim · ‎03-20-2024

@Steve-Wilme Yes, especially as both Russia and USA did extensive development and testing in this area.

https://foreignpolicy.com/2023/01/03/russia-western-psychic-attacks-mystics-astrology-putin-ukraine/

Regards

Caute_Cautim

Steve-Wilme · ‎03-20-2024

It reminds me of that scene in the film Scanners where Cameron Vale uses a pay phone to hack the ConSec mainframe telepathically.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS