Keystroke inference attack
Keystroke inference attacks are a class of privacy-invasive technique that allows attackers to infer what a user is typing on a keyboard.[1][2][3][4][5][6][7][8]
History
[edit]The origins of keystroke inference attacks can be traced back to the mid-1980s when academic interest first emerged in utilizing various emanations from devices to deduce their state. While keystroke inference attacks were not explicitly discussed during this period, the declassified introductory textbook on TEMPEST standards, NACSIM 5000, alluded to keyboards as potential sources of data leakage.[9] In 1998, academic papers explored defenses similar to those described in TEMPEST standards, suggesting that emissions from keyboards could be used to track keystrokes, though without practical demonstrations. In 2001, researchers discovered a timing side channel in the SSH protocol that could be exploited to leak keystroke data.[10] The concept gained more attention in 2002 when a Computerworld opinion piece described the "keyboard trick," where recorded keyboard sounds were analyzed to reconstruct keystrokes, a technique the author claimed to have known since the 1980s.[11][9] Formal academic research on sound-based keystroke detection began in 2004, with IBM researchers demonstrating that each keystroke produces a unique sound and developing an algorithm to translate these sounds into keystrokes. This work was refined in 2006 and in 2009, enhancing the attack's reliability.[10] In 2009, Vuagnoux et al. revealed that modern keyboards emit electromagnetic signals that can be used to infer keystrokes.[1]
References
[edit]- ^ a b Sabra, Mohd; Maiti, Anindya; Jadliwala, Murtuza (2021). "Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks". NDSS Symposium. Internet Society. doi:10.14722/ndss.2021.23063. ISBN 978-1-891562-66-2.
- ^ Chen, Yimin; Li, Tao; Zhang, Rui; Zhang, Yanchao; Hedgpeth, Terri (2018-05-01). "EyeTell: Video-Assisted Touchscreen Keystroke Inference from Eye Movements". 2018 IEEE Symposium on Security and Privacy (SP). IEEE. pp. 144–160. doi:10.1109/SP.2018.00010. ISBN 978-1-5386-4353-2.
- ^ Li, Mengyuan; Meng, Yan; Liu, Junyi; Zhu, Haojin; Liang, Xiaohui; Liu, Yao; Ruan, Na (2016-10-24). "When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals". Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM. pp. 1068–1079. doi:10.1145/2976749.2978397. ISBN 978-1-4503-4139-4.
{{cite book}}
:|journal=
ignored (help) - ^ Halevi, T.; Saxena, N. (2012-05-02). "A closer look at keyboard acoustic emanations: Random passwords, typing styles and decoding techniques". Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security. ACM. pp. 89–90. doi:10.1145/2414456.2414509. ISBN 978-1-4503-1648-4.
{{cite book}}
:|journal=
ignored (help) - ^ Marquardt, Philip; Verma, Arunabh; Carter, Henry; Traynor, Patrick (2011-10-17). "(sp)iPhone: Decoding vibrations from nearby keyboards using mobile phone accelerometers". Proceedings of the 18th ACM conference on Computer and communications security. ACM. pp. 551–562. doi:10.1145/2046707.2046771. ISBN 978-1-4503-0948-6.
{{cite book}}
:|journal=
ignored (help) - ^ Cai, Liang; Chen, Hao (2011). "{TouchLogger}: Inferring Keystrokes on Touch Screen from Smartphone Motion". USENIX HotSec'11.
- ^ Liu, Xiangyu; Zhou, Zhe; Diao, Wenrui; Li, Zhou; Zhang, Kehuan (2015-10-12). "When Good Becomes Evil: Keystroke Inference with Smartwatch". Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM. pp. 1273–1285. doi:10.1145/2810103.2813668. ISBN 978-1-4503-3832-5.
{{cite book}}
:|journal=
ignored (help) - ^ Ali, Kamran; Liu, Alex X.; Wang, Wei; Shahzad, Muhammad (2015-09-07). "Keystroke Recognition Using WiFi Signals". Proceedings of the 21st Annual International Conference on Mobile Computing and Networking. ACM. pp. 90–102. doi:10.1145/2789168.2790109. ISBN 978-1-4503-3619-2.
{{cite book}}
:|journal=
ignored (help) - ^ a b Asonov, D.; Agrawal, R. (2004). "Keyboard acoustic emanations". IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004. IEEE. pp. 3–11. doi:10.1109/SECPRI.2004.1301311. ISBN 978-0-7695-2136-7.
- ^ a b Vuagnoux, Martin; Pasini, Sylvain (2009-08-10). "Compromising electromagnetic emanations of wired and wireless keyboards". Proceedings of the 18th Conference on USENIX Security Symposium. SSYM'09. USA: USENIX Association: 1–16.
- ^ "Secrecy Is an Illusion". Computerworld. 2002. Retrieved 2024-05-19.