sb-nz logo
Story image

Researchers create AI-enabled computer keyboard malware

11 Jun 2019

Researchers at Israel’s Ben-Gurion University of the Negev have created a proof-of-concept attack that can mimic the way people write via their computer keyboards.

The attack method, dubbed ‘Malboard’, uses a compromised USB keyboard and artificial intelligence to automatically generate keystrokes that mimic the way a normal human user would write.

Researchers demonstrated that the Malboard attack autonomously generates commands in the user’s style, injects the keystrokes as malicious software into the keyboard and evades detection. 

“In the study, 30 people performed three different keystroke tests against the tested evasion against three existing detection mechanisms including KeyTrac, TypingDNA and DuckHunt. Our attack evaded detection in 83%-100% of the cases,” explains Cyber@BGU head of the David and Janet Polak Family Malware Lab, Dr. Nir Nissim. 

“Malboard was effective in two scenarios: by a remote attacker using wireless communication to communicate, and by an inside attacker, such as an employee, that physically operates and uses Malboard.” 

The researchers were able to develop detection methods to prevent such attacks from happening in the real world, by including additional information including the keyboard’s power consumption, the keystrokes’ sound, and the way users fix typographical errors.

“Each of the proposed detection modules is capable of detecting the Malboard attack in 100% of the cases, with no false positives,” Dr. Nissim adds. 

“Using them together as an ensemble detection framework will ensure that an organisation is immune to the Malboard attack as well as other keystroke attacks.”

Commenting on the researchers’ findings, ESET cybersecurity specialist Jake Moore points out that artificial intelligence is growing smarter – something many have feared for years.

“The more data comes in, the more accurate the machine learns to produce authentic emails, which in turn can be used criminally,” says Moore. 

“Spear phishing attacks have been used for years but the biggest issue for threat actors is that it can take vast amounts of time in communicating with the victim. Using AI will, of course, reduce the amount of human interaction in such attacks and therefore will increase the number of attacks on inboxes. Naturally, the big question is how should we evade such intelligent attacks?”

“Well, there is still much to be said for timing, use caution opening it or communicating. Or better still, request further verification on unknown emails or communications out of the blue.”

BGU researchers propose using this detection framework for every keyboard when purchased and daily at the outset, since sophisticated malicious keyboards can delay their malicious activity for a later time period. Many new attacks can detect the presence of security mechanisms and thus manage to evade or disable them. 

The researchers also plan to research other USB devices including computer mouse clicks, movements, and duration of use. The BGU researchers plan to expand work on other popular USB devices, including computer mouse user movements, clicks, and how long they are used. 

Story image
From Me to We: Partnerships & multiparty systems in the post-COVID-19 age
MPS is all about sharing data infrastructure between people and organisations - think along the lines of blockchain, distributed databases and ledgers.More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More
Story image
Cybersecurity budgets still not keeping up with threats — report
Executive teams are failing to recognise the level of damage cyber-threats pose to organisations, according to Sophos — many of them taking a ‘conservative approach’ to cybersecurity expenditure.More
Story image
Gartner: Top security and risk management trends for 2021
“CISOs are keen to consolidate the number of security products and vendors they must deal with."More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
Case study: How Pattern helped SimTutor secure online education
SimTutor provides a software-as-a-service (SaaS) solution designed for online healthcare education and e-learning content creators.More