Jun 11, 2019
New computer attack mimics user’s keystroke characteristics and evades detection
Posted by Quinn Sena in categories: cybercrime/malcode, robotics/AI
Ben-Gurion University of the Negev (BGU) cyber security researchers have developed a new attack called Malboard evades several detection products that are intended to continuously verify the user’s identity based on personalized keystroke characteristics.
The new paper, “Malboard: A Novel User Keystroke Impersonation Attack and Trusted Detection Framework Based on Side-Channel Analysis,” published in the Computer and Security journal, reveals a sophisticated attack in which a compromised USB keyboard automatically generates and sends malicious keystrokes that mimic the attacked user’s behavioral characteristics.
Keystrokes generated maliciously do not typically match human typing and can easily be detected. Using artificial intelligence, however, the Malboard attack autonomously generates commands in the user’s style, injects the keystrokes as malicious software into the keyboard and evades detection. The keyboards used in the research were products by Microsoft, Lenovo and Dell.