sb-as logo
Story image

Researchers create AI-enabled computer keyboard malware

11 Jun 2019

Researchers at Israel’s Ben-Gurion University of the Negev have created a proof-of-concept attack that can mimic the way people write via their computer keyboards.

The attack method, dubbed ‘Malboard’, uses a compromised USB keyboard and artificial intelligence to automatically generate keystrokes that mimic the way a normal human user would write.

Researchers demonstrated that the Malboard attack autonomously generates commands in the user’s style, injects the keystrokes as malicious software into the keyboard and evades detection. 

“In the study, 30 people performed three different keystroke tests against the tested evasion against three existing detection mechanisms including KeyTrac, TypingDNA and DuckHunt. Our attack evaded detection in 83%-100% of the cases,” explains Cyber@BGU head of the David and Janet Polak Family Malware Lab, Dr. Nir Nissim. 

“Malboard was effective in two scenarios: by a remote attacker using wireless communication to communicate, and by an inside attacker, such as an employee, that physically operates and uses Malboard.” 

The researchers were able to develop detection methods to prevent such attacks from happening in the real world, by including additional information including the keyboard’s power consumption, the keystrokes’ sound, and the way users fix typographical errors.

“Each of the proposed detection modules is capable of detecting the Malboard attack in 100% of the cases, with no false positives,” Dr. Nissim adds. 

“Using them together as an ensemble detection framework will ensure that an organisation is immune to the Malboard attack as well as other keystroke attacks.”

Commenting on the researchers’ findings, ESET cybersecurity specialist Jake Moore points out that artificial intelligence is growing smarter – something many have feared for years.

“The more data comes in, the more accurate the machine learns to produce authentic emails, which in turn can be used criminally,” says Moore. 

“Spear phishing attacks have been used for years but the biggest issue for threat actors is that it can take vast amounts of time in communicating with the victim. Using AI will, of course, reduce the amount of human interaction in such attacks and therefore will increase the number of attacks on inboxes. Naturally, the big question is how should we evade such intelligent attacks?”

“Well, there is still much to be said for timing, use caution opening it or communicating. Or better still, request further verification on unknown emails or communications out of the blue.”

BGU researchers propose using this detection framework for every keyboard when purchased and daily at the outset, since sophisticated malicious keyboards can delay their malicious activity for a later time period. Many new attacks can detect the presence of security mechanisms and thus manage to evade or disable them. 

The researchers also plan to research other USB devices including computer mouse clicks, movements, and duration of use. The BGU researchers plan to expand work on other popular USB devices, including computer mouse user movements, clicks, and how long they are used. 

Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
Five things ANZ businesses should know about storing customers’ data
Businesses need to correlate events intelligently across multiple threat surfaces, application layers, and time spans to connect event A, to event B, to event C — even if they are months apart.More
Story image
Pandemic sees organisations of all sizes and industries invest in CTI
There is opportunity for organisations to better manage their cyber-threat intelligence for greater security and threat intelligence effectiveness by adopting the right tools and processes.More
Story image
Mobile devices biggest enterprise security threat - report
Businesses have left themselves vulnerable and open to cyber criminals in the rush to ensure their workforce could operate remotely during the Covid-19 pandemic.More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Dell Technologies unveils new data protection innovations for hybrid cloud workloads
The Dell EMC PowerProtect Backup Service, powered by Druva, is designed to deliver SaaS app protection without increasing IT complexity.More