Keystroke inference attack
Keystroke inference attacks are a class of privacy-invasive technique that allows attackers to infer what a user is typing on a keyboard.[1][2][3][4][5][6][7][8]
History[edit]
The origins of keystroke inference attacks can be traced back to the mid-1980s when academic interest first emerged in utilizing various emanations from devices to deduce their state. While keystroke inference attacks were not explicitly discussed during this period, the declassified introductory textbook on TEMPEST standards, NACSIM 5000, alluded to keyboards as potential sources of data leakage.[9] In 1998, academic papers explored defenses similar to those described in TEMPEST standards, suggesting that emissions from keyboards could be used to track keystrokes, though without practical demonstrations. In 2001, researchers discovered a timing side channel in the SSH protocol that could be exploited to leak keystroke data.[10] The concept gained more attention in 2002 when a Computerworld opinion piece described the "keyboard trick," where recorded keyboard sounds were analyzed to reconstruct keystrokes, a technique the author claimed to have known since the 1980s.[11][9] Formal academic research on sound-based keystroke detection began in 2004, with IBM researchers demonstrating that each keystroke produces a unique sound and developing an algorithm to translate these sounds into keystrokes. This work was refined in 2006 and in 2009, enhancing the attack's reliability.[10] In 2009, Vuagnoux et al. revealed that modern keyboards emit electromagnetic signals that can be used to infer keystrokes.[1]
References[edit]
- ^ a b Sabra, Mohd; Maiti, Anindya; Jadliwala, Murtuza (2021). "Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks". NDSS Symposium. Internet Society. doi:10.14722/ndss.2021.23063. ISBN 978-1-891562-66-2.
- ^ Chen, Yimin; Li, Tao; Zhang, Rui; Zhang, Yanchao; Hedgpeth, Terri (2018-05-01). "EyeTell: Video-Assisted Touchscreen Keystroke Inference from Eye Movements". IEEE Symposium on Security and Privacy. IEEE: 144–160. doi:10.1109/SP.2018.00010. ISBN 978-1-5386-4353-2.
- ^ Li, Mengyuan; Meng, Yan; Liu, Junyi; Zhu, Haojin; Liang, Xiaohui; Liu, Yao; Ruan, Na (2016-10-24). "When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals". ACM CCS. ACM: 1068–1079. doi:10.1145/2976749.2978397. ISBN 978-1-4503-4139-4.
- ^ Halevi, T.; Saxena, N. (2012-05-02). "A closer look at keyboard acoustic emanations: random passwords, typing styles and decoding techniques". ACM CCS. ACM: 89–90. doi:10.1145/2414456.2414509. ISBN 978-1-4503-1648-4.
- ^ Marquardt, Philip; Verma, Arunabh; Carter, Henry; Traynor, Patrick (2011-10-17). "(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers". ACM CCS. ACM: 551–562. doi:10.1145/2046707.2046771. ISBN 978-1-4503-0948-6.
- ^ Cai, Liang; Chen, Hao (2011). "{TouchLogger}: Inferring Keystrokes on Touch Screen from Smartphone Motion". USENIX HotSec'11.
- ^ Liu, Xiangyu; Zhou, Zhe; Diao, Wenrui; Li, Zhou; Zhang, Kehuan (2015-10-12). "When Good Becomes Evil: Keystroke Inference with Smartwatch". ACM CCS. ACM: 1273–1285. doi:10.1145/2810103.2813668. ISBN 978-1-4503-3832-5.
- ^ Ali, Kamran; Liu, Alex X.; Wang, Wei; Shahzad, Muhammad (2015-09-07). "Keystroke Recognition Using WiFi Signals". ACM CCS. ACM: 90–102. doi:10.1145/2789168.2790109. ISBN 978-1-4503-3619-2.
- ^ a b Asonov, D.; Agrawal, R. (2004). "Keyboard acoustic emanations". IEEE Symposium on Security and Privacy. IEEE: 3–11. doi:10.1109/SECPRI.2004.1301311. ISBN 978-0-7695-2136-7.
- ^ a b Vuagnoux, Martin; Pasini, Sylvain (2009-08-10). "Compromising electromagnetic emanations of wired and wireless keyboards". Proceedings of the 18th conference on USENIX security symposium. SSYM'09. USA: USENIX Association: 1–16.
- ^ "Secrecy Is an Illusion". Computerworld. 2002. Retrieved 2024-05-19.
 | This computer security article is a stub. You can help Wikipedia by expanding it. |