Malboard Attack Uses AI to Mimic Users and Evade Detection
CYBER NEWS

Malboard Attack Uses AI to Mimic Users and Evade Detection

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Malboard is a new sophisticated attack developed by security researchers at Israeli Ben-Gurion University of the Negev (BGU). The attack involves a compromised USB keyboard to generate and send malicious keystrokes that mimic user behavior.




What makes this attack sophisticated is the utilization of AI (artificial intelligence) that autonomously generates commands in the user’s style, injecting keystrokes as malicious software into the keyboard and evading detection.

The discovery is presented in a new paper titledMalboard: A Novel User Keystroke Impersonation Attack and Trusted Detection Framework Based on Side-Channel Analysis”.

In general, keystrokes generated maliciously don’t match human typing and thus, they can easily be detected. With the help of artificial intelligence, however, the Malboard attack autonomously generates commands in the user’s style, injects the keystrokes as malicious software into the keyboard and evades detection. It’s important to note that the keyboards used in the research were products by Microsoft, Lenovo and Dell.

Related: Cipher Stunting – Attackers’ Latest Evasion Technique

How was the Malboard attack tested?

30 people took three different keystroke tests against three detection mechanisms (KeyTrac, TypingDNA and DuckHunt). The researchers’ attack evaded detection in 83% to 100% of the cases, explains Dr. Nir Nissim, head of the David and Janet Polak Family Malware Lab at Cyber@BGU, and a member of the BGU Department of Industrial Engineering and Management.

Malboard was effective in two scenarios: by a remote attacker using wireless communication to communicate, and by an inside attacker or employee who physically operates and uses Malboard,” the researcher added.

Note. Both the attack and detection mechanisms were developed as part of the master’s thesis of Nitzan Farhi, a BGU student and member of the USBEAT project at BGU’s Malware Lab, The Science Daily reported.

Related: Thermanator Attack Uses Thermal Residue from Keyboards to Steal Your Passwords

Another interesting attack involving the keyboard is the so-called Thermanator attack. The attack could allow a malicious actor with a mid-range thermal camera to capture keys pressed on a standard keyboard. The discovery was by three University of California professors. In short, users’ fingers’ thermal residue on keyboard keys can be recorded by a hacker who can later use it to reveal the user’s passwords or any other text he/she has typed.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...