Cybersecurity researchers at Ben-Gurion University of the Negev (BGU) have described a computer virus called "Malboard” that mimics a user’s typing behavior. The malicious attack program evades several detection products that are intended to monitor user identity based on the personalized keystroke characteristics.
"In the study, 30 people performed three different keystroke tests against three existing detection mechanisms including KeyTrac, TypingDNA and DuckHunt. Our attack evaded detection in 83% to 100% of the cases," says Dr. Nir Nissim, head of the David and Janet Polak Family Malware Lab at Cyber@BGU, and a member of the BGU Department of Industrial Engineering and Management. "Malboard was effective in two scenarios: by a remote attacker using wireless communication to communicate, and by an inside attacker or employee who physically operates and uses Malboard."
The study was published in the journal Computer and Security and describes a sophisticated attack that compromises a USB keyboard and generates malicious keystrokes that mimic the user's behavioral characteristics. Keyboards used in the study were by Microsoft, Lenovo and Dell.
"Each of the proposed detection modules is capable of detecting the Malboard attack in 100% of the cases, with no misses and no false positives. Using them together as an ensemble detection framework will assure that an organization is immune to the Malboard attack as well as other keystroke attacks,” says Dr. Nissim.
Current malicious software can be easily detected as it does not typically match human typing. However, Malboard attack evades detection and autonomously generates commands according to the user's style.
"Our proposed detection modules are trusted and secured, based on information that can be measured from side-channel resources, in addition to data transmission," says Nitzan Farhi, a BGU student and member of the USBEAT project at BGU's Malware Lab. "These include (1) the keyboard's power consumption; (2) the keystrokes' sound; and (3) the user's behavior associated with his or her ability to respond to typographical errors."
Source: American Associates, Ben-Gurion University of the Negev