Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Stolen. Show all posts
Password
AI Privacy Credentials Stolen CyberCrime CyberThreat Data Breach Data Stolen Datasafety Password

Global Data Breach Uncovers 23 Million Stolen Credentials

 


As a consequence of the fact that a single set of login credentials can essentially unlock an individual's financial, professional, and personal life, the exposure of billions of passwords represents more than just a routine cybersecurity concern today- it signals a global crisis in the trust of digital systems and data security. 

Cybernews has recently reported a staggering number of 19 billion passwords that circulate on underground criminal forums right now, according to their findings. According to experts, this massive database of compromised credentials, which is one of the most extensive collections of credentials ever recorded, is intensifying cyberattacks around the globe in an attempt to increase their scale and sophistication. 

As opposed to isolated breaches of the past, this latest leak seems to have come from years of data breaches, reassembled and repurposed in a way that enables threat actors to launch highly automated and targeted attacks that can be used by threat actors. Not only is the leaked data being used to breach individual accounts, but it is also allowing credential stuffing campaigns to run on a large scale against banks, corporations, and government systems, involving automated login attempts using the leaked credentials. 

Due to this rapid development of the threat landscape, cybersecurity professionals are warning that attacks will become more personal, more frequent, and harder to detect in the future. Considering the sheer number of compromised passwords, it is evident that it is essential to implement more comprehensive digital hygiene practices, such as multi-factor authentication, regular password updates, and educating the public about the dangers associated with reused or weak credentials. Today's hyperconnected world is a powerful reminder that cybersecurity isn't an optional issue. This development serves as a strong reminder of the importance of maintaining strong digital hygiene.

As the threat posed by infostealer malware continues to grow, a thriving underground economy of stolen digital identities will continue to thrive as a result. Infections are silently carried out by these malicious programs that harvest sensitive information from devices. These details include login credentials, browser-stored data, and session cookies. These data are then sold or traded between cybercriminals. With billions of compromised records currently circulating within these illicit networks, it is alarming to see the scale of this ongoing data theft. 

One example of this was when a massive dataset, referred to as "ALIEN TXTBASE", was ingested into the widely trusted breach monitoring service, Have I Been Pwned, by cybersecurity expert Troy Hunt, known for being a very prominent case study. In the dataset, 1.5 terabytes of stealer logs are included, which contain approximately 23 billion individual data rows. These logs comprise 1.5 terabytes in total. According to the researchers, over 284 million distinct email accounts around the world were impacted by these breaches, which accounted for 493 million unique combinations of websites and email addresses. This trove of disclosed information underscores the magnitude of these breaches as they are becoming increasingly widespread and indiscriminate.

A malware program known as Infostealer does not target specific individuals but rather casts a wide net, infecting systems en large and stealing personal information without the knowledge of the user. As a result, there is an ever-increasing number of compromised digital identities that are constantly growing, which is a significant contributor to the global increase in the risks of account takeovers, fraud, and phishing attacks, as well as long-term privacy violations. 

It is common for individuals to believe they are unlikely targets for cybercriminals simply because they do not feel that they are "important enough." This belief is very, very false, and it is not possible to find a way to change it. In reality, modern cyberattacks are not manually orchestrated by hackers selecting a specific victim; instead, they are driven by automated tools capable of scanning and exploiting vulnerabilities at a large scale using automated tools. Regardless of whether a person has a professional or personal online presence, anyone can potentially be at risk, no matter what their profession, profile, or perceived importance is. 

The worst part is that, based on recent data, about 94% of the 19 billion leaked passwords were reused on multiple accounts in a way that makes the situation even more concerning. Cybercriminals can successfully infiltrate others using the same credentials once one account has been compromised, increasing the chances of successful attacks. It can be extremely difficult for an individual to cope with the consequences of a successful password breach. 

They may have to give up their email accounts, social media accounts, cloud storage accounts, financial applications, and more if they are hacked. When hackers have access to their accounts, they may use them to commit identity theft, open fraudulent credit lines, or conduct unauthorised financial transactions. As a result of the exposure of sensitive personal and professional information, it is also possible to face public humiliation, blackmail, or reputational damage, especially if malicious actors misuse compromised accounts for the dissemination of misinformation or for conducting illicit activities. 

As a result, cybercrime is becoming more sophisticated and sophisticated, thereby making everyone, regardless of their digital literacy, vulnerable without proper cybersecurity measures in place. Cybercrime risks are no longer theoretical—they are becoming a reality daily. Several leaked records reveal the inner workings of infostealer malware, offering a sobering insight into how these threats function in such a precise and stealthy manner. 

While traditional data breaches are focused on large corporate databases, infostealers typically infect individual devices without the user's knowledge and take a more insidious approach, often without the user being aware of it. In addition to extracting data such as saved passwords, session cookies, autofill entries, and browser history, these malicious tools can also extract a wide range of sensitive data as soon as they are embedded. 

Once the data is stolen, it is then trafficked into cybercriminal circles, leading to a vicious cycle of account takeovers, financial fraud, and identity theft. It has recently been reported that the ALIEN TXTBase dataset, which has received much attention because of its huge scope and structure, is a notable example of this trend. There is a misconception that this dataset stems from a single incident, but in fact, it is actually a compilation of stealer logs from 744 different files that were derived from a single incident. 

It was originally shared through a Telegram channel, where threat actors often spread such information in a very unregulated and open environment. Each entry in the dataset follows the same format as a password—URL, login, and password, which provides an in-depth look at the credentials compromised. Troy Hunt, a cybersecurity researcher, gathered these fragments and compiled them into one unified and analysed dataset, which was then incorporated into Have I Been Pwned, a platform that can be used to identify a user's vulnerability. 

It is important to note that only two sample files were initially reviewed; however, as it became clear that the extent of the leak was immense, the whole collection was merged and analysed to gain a clearer picture of the damage. By aggregating this data methodically, cybercriminals are demonstrating that they aren't merely exploiting isolated incidents; they're assembling vast, cumulative archives of stolen credentials that they're cultivating over time. By sharing and organising this data in such a widespread manner, the reach and effectiveness of infostealer campaigns can be accelerated, presenting a threat to both personal privacy as well as organisational security for many years to come.

Act Without Delay 


As a result of the recent security breaches of passwords, individuals can still protect themselves by taking action as soon as possible to protect themselves and their devices. Procrastination increases vulnerability as threats are rapidly evolving. 

Strengthen Passwords


Creating a strong, unique password is essential. Users should avoid using common patterns when writing their passwords and create passphrases that include uppercase, lowercase, numbers, and symbols, in addition to letters and numbers. Password managers can assist in creating and storing complex passwords securely. 

Replace Compromised Credentials


Changing passwords should be done immediately if they are reused across different websites or remain unchanged for an extended period, especially for sensitive accounts like email, banking, and social media. Tools like Have I Been Pwned can help identify breaches faster. 

Enable Multi-Factor Authentication 


A multi-factor authentication system (MFA) reduces the risk of a security breach by reducing the need to upload multiple authentication credentials. App-based authenticators such as Google Authenticator provide better security than SMS-based authenticators, which are still preferable. 

Use Privacy Tools

Several platforms like Cloaked provide disposable email addresses and masked phone numbers, which minimise the possibility of sensitive information being breached and the exposure of personal information. 

Stay Vigilant and Informed

It is critical to monitor account activity regularly, revoke untrusted entry to accounts, and enable alerts on untrusted devices. Staying informed through a trusted cybersecurity source and educating others on how to protect themselves will further enhance collective security. The growing threat of credential theft can be combated by raising awareness, taking timely action, and establishing strong security habits. 

Protecting a person's digital identity is an ongoing responsibility which requires vigilance, proactive measures, and continuous awareness. As a result of recent credential leaks of unprecedented scale and sophistication, it has become increasingly imperative for individuals as well as organisations to take additional measures to ensure their cybersecurity posture is as secure as possible. Proactive and continuous vigilance must become an integral part of all organisations' cybersecurity practices, incorporating not just robust password management and multi-factor authentication, but also regular security audits and real-time monitoring of digital assets. 

As a precautionary measure against exploitation, companies should implement comprehensive cybersecurity frameworks, which include employee training, threat intelligence sharing, and incident response planning. It is equally important that users adopt privacy-enhancing tools and remain informed about emerging threats to stay ahead of adversaries who continually change their tactics, thereby protecting themselves against the relentless attacks of cyber adversaries. 

In the end, protecting digital identities is a continuous commitment that requires both awareness and action; if you fail to perform these responsibilities, you expose your business and personal data to relentless cybercriminals. Stakeholders need to cultivate a culture of security, mindfulness,sadandeverage advanced protective measures. This will reduce their vulnerability in the increasingly interconnected digital ecosystems of today, preserving trust and resilience to overcome the challenges presented by cybersecurity threats.
Read more »
Seattle Port
Airport Cyber Attacks Data Stolen Ransomware Rhysida Seattle Port

Port of Seattle Battles Ransomware Attack, Refuses to Pay

 



The Port of Seattle and Seattle-Tacoma International Airport have corroborated that the major system outages which took place late August were caused by a ransomware attack. On August 24, a cyberattack partially disrupted the critical operations at the airport with websites, emails, and phone services down and even affected some services at the airport. The attack was immediately detected and in response, the IT team decided to shut the entire system in order to prevent further damage.

Ransomware attack, by the criminal group, Rhysida, into the computer systems at the airport accessed unauthorised and encrypted some parts of their data. The spokesperson to the airport, Perry Cooper said that IT noticed some malicious activities in the system on the day of the attack and took immediate actions to stop the spread of malware. The Port of Seattle said the measures by its staff, including forensic experts and law enforcement, were effective in thwarting the attack since no further unauthorised activity was detected following the breach.

Operational Disruptions

Even with these measures being put into place, the attack had a great impact on the day-to-day running of Sea-Tac Airport. Passengers were denied the luxury of getting information on arrival and departure flight schedules from the reader boards for the past several days. The airlines at the airport could not use the digital systems and had to revert back to the old method of pen and paper for marking baggage. In addition to the others, critical services such as check-in kiosks, lost and found, Wi-Fi, and reserved parking were affected too, leaving many of both airline customers and employees greatly inconvenienced.

Its official website, portofseattle.org, is still unavailable, leaving travellers to rely on an alternate website, washingtonports.org, for information and updates. These services have been returning to normal gradually, but the attack affected a number of different parts of airport and port operations across the board.

Port of Seattle Refuses to Pay Ransom

Even at this advanced stage, the Port of Seattle has categorically rejected the ransom demands from the attackers. The executive director of the Port Steve Metruck stated in a public statement that to grant the ransom demand would go against the very purpose of the values of the Port and add nothing to its responsibility to protect the money that the taxpayer entrusts to the Port. The Port is alert to the fact that Rhysida may upload all the stolen data on the dark web in the name of retaliation, but it has been faithfully committed to not paying any ransom to criminals.

Although the nature and extent of the stolen data remain unknown, the Port has vowed to inform any employee or passenger whose personal data may have been compromised that their data was stolen.

Securing a Brighter Tomorrow

Over the past few months, other than trying to regain its systems following an attack, the Port of Seattle is also fortifying its defences against future attacks. On its part, the organisation has taken further actions to fortify its cybersecurity to prevent a future version of such attacks. Metruck says, "This has been a learning experience for us and lessons derived from this attack will be instrumental in building on a more resilient IT infrastructure." Apart from that, Port is working with partners to secure business and critical infrastructure.

Despite the hold-up caused by the attack, Port of Seattle officials assured the public that it is still safe to travel from Sea-Tac Airport and to make use of its maritime facilities. This shows commitment to maintaining the safety and the efficiency of its operations, including response and continued recovery.




Read more »
Ransomware attack
brain cipher Cyber Attacks data security Data Stolen Data Theft Financial Security Olympics Ransomware attack

Ransomware Group Brain Cipher Targets French Museums During Olympics

 

The ransomware group Brain Cipher has claimed responsibility for a cyberattack on several French National Museums that took place during the Olympic Games earlier this month. The attack, which targeted institutions managed by the Réunion des Musées Nationaux – Grand Palais (RMN-GP), allegedly compromised 300 GB of data from a system used to centralize financial information. 

Despite the group’s threat to leak the stolen data, they have not yet revealed the nature of the information. The French Cybersecurity Agency (ANSSI) confirmed it was alerted to the attacks and promptly provided assistance to RMN-GP. ANSSI assured the public that the incident did not affect any systems related to the Olympic Games. Events like taekwondo and fencing, hosted by the RMN-GP, continued without disruption. RMN-GP also confirmed that there were no operational impacts, encrypted systems, or extracted data detected in connection with the attack. 

Nevertheless, the situation remains closely monitored as the countdown to the data leak continues on Brain Cipher’s blog, set to occur at 20:00 UTC. Brain Cipher is a relatively new ransomware group that first emerged in June 2023. Since then, the group has been linked to various cyberattacks targeting different sectors, including medical, educational, and manufacturing organizations, along with Indonesian government servers. Despite their activities, the group has attempted to maintain a controversial public image. 

In one case, they apologized for a cyberattack on Indonesian government servers, claiming they were acting as penetration testers rather than criminals. They even released a decryptor to restore the locked files without being pressured by the government, presenting themselves as ethical hackers or white-hat operators, although their actions and motives remain dubious. The data allegedly stolen from RMN-GP is believed to involve sensitive financial information, but no further details have been disclosed by Brain Cipher. 

The threat of releasing such a large volume of data has sparked concerns over potential exposure of confidential details, which could affect both the organization and the individuals associated with it. As the clock ticks down to the group’s proposed leak, questions are raised about the nature of the stolen data and the potential fallout from its exposure. Cyberattacks like this highlight the growing threat posed by ransomware groups to both public and private institutions worldwide. 

The incident also underscores the importance of robust cybersecurity measures, particularly during high-profile events such as the Olympic Games. Although there has been no impact on the Olympic-related systems, the attack serves as a reminder of the constant vigilance required to protect critical infrastructure and data.
Read more »
OnStar Smart Driver
Automobile Car Data Cyber Security Data Brokers data misuse Data Privacy Data Safety Data Stolen EFF GPS OnStar Smart Driver

The Hidden Cost of Connected Cars: Your Driving Data and Insurance

 

Driving to a weekend getaway or a doctor's appointment leaves more than just a memory; it leaves a data trail. Modern cars equipped with internet capabilities, GPS tracking, or services like OnStar, capture your driving history. This data is not just stored—it can be sold to your insurance company. A recent report highlighted how ordinary driving activities generate a data footprint that can be sold to insurers. These data collections often occur through "safe driving" programs installed in your vehicle or connected car apps. Real-time tracking usually begins when you download an app or agree to terms on your car's dashboard screen. 

Car technology has evolved significantly since General Motors introduced OnStar in 1996. From mobile data enhancing navigation to telematics in the 2010s, today’s cars are more connected than ever. This connectivity offers benefits like emergency alerts, maintenance notifications, and software updates. By 2030, it's predicted that over 95% of new cars will have some form of internet connectivity. Manufacturers like General Motors, Kia, Subaru, and Mitsubishi offer services that collect and share your driving data with insurance companies. Insurers purchase this data to analyze your driving habits, influencing your "risk score" and potentially increasing your premiums. 

One example is the OnStar Smart Driver program, which collects data and sends it to manufacturers who then sell it to data brokers. These brokers resell the data to various buyers, including insurance companies. Following a critical report, General Motors announced it would stop sharing data with these brokers. Consumers often unknowingly consent to this data collection. Salespeople at dealerships may enroll customers without clear consent, motivated by bonuses. The lengthy and complex “terms and conditions” disclosures further obscure the process, making it hard for consumers to understand what they're agreeing to. Even diligent readers struggle to grasp the full extent of data collection. 

This situation leaves consumers under constant surveillance, with their driving data monetized without their explicit consent. This extends beyond driving, impacting various aspects of daily life. To address these privacy concerns, the Electronic Frontier Foundation (EFF) advocates for comprehensive data privacy legislation with strong data minimization rules and clear, opt-in consent requirements. Such legislation would ensure that only necessary data is collected to provide requested services. For example, while location data might be needed for emergency assistance, additional data should not be collected or sold. 

Consumers need to be aware of how their data is processed and have control over it. Opt-in consent rules are crucial, requiring companies to obtain informed and voluntary permission before processing any data. This consent must be clear and not hidden in lengthy, jargon-filled terms. Currently, consumers often do not control or even know who accesses their data. This lack of transparency and control highlights the need for stronger privacy protections. By enforcing opt-in consent and data minimization, we can better safeguard personal data and maintain privacy.
Read more »
Singapore
Cyber Crime Cyber Safety CyberCriminal data security Data Stolen Data Theft Database Breach Hacker attack KYC Singapore

Cybercriminals Threaten Release of Stolen World-Check Database, Exposing Millions to Financial Risk

 

A financially motivated criminal hacking group, self-identified as GhostR, has claimed responsibility for the theft of a confidential database containing millions of records from the renowned World-Check screening database. The stolen data, totaling 5.3 million records, includes sensitive information used by companies for screening potential customers and assessing their links to sanctions and financial crime.
 
World-Check, a vital tool for conducting "know your customer" (KYC) checks, enables companies to identify high-risk individuals with potential ties to money laundering, government sanctions, or other illicit activities. The hackers disclosed that they obtained the data from a Singapore-based firm with access to the World-Check database, though the specific company remains unnamed. 

A portion of the stolen data encompasses individuals sanctioned as recently as this year. The compromised records include details of current and former government officials, diplomats, politically exposed persons (PEPs), individuals associated with organized crime, suspected terrorists, intelligence operatives, and even a European spyware vendor. These individuals are deemed high-risk for involvement in corruption, bribery, or other illicit activities. 

The stolen data comprises a wealth of sensitive information, including names, passport numbers, Social Security numbers, online cryptocurrency account identifiers, bank account numbers, and more. Such a breach poses significant risks, as it could potentially expose innocent individuals to unwarranted scrutiny and financial harm. 

Simon Henrick, a spokesperson for the London Stock Exchange Group (LSEG), which oversees World-Check, clarified that the breach did not originate from LSEG's systems but involved a third party's data set. While LSEG did not disclose the identity of the third-party company, they emphasized their commitment to collaborating with the affected party to safeguard data integrity and notify relevant authorities. 

Privately operated databases like World-Check are not immune to errors, raising concerns about the accuracy and fairness of their content. Past incidents, such as the 2016 leak of an older World-Check database, underscore the potential repercussions of erroneous data, including wrongful accusations and financial repercussions for innocent individuals. 

The breach highlights the critical need for enhanced cybersecurity measures and regulatory oversight to protect sensitive personal information and mitigate the risks associated with data breaches. As investigations into the incident continue, stakeholders must prioritize transparency, accountability, and proactive measures to prevent future breaches and safeguard consumer data privacy.
Read more »
Ransomware attack
Data Breach Data Stolen Data Theft Motel One Ransomware attack

Motel One Says Ransomware Gang Stole Customer Credit Card Information

Motel One, a prominent hotel chain in Europe, recently experienced a ransomware attack, resulting in unauthorized access to customer data. The hotel is recognized for its budget-friendly accommodations and operates a network of 90 hotels across Europe and the United States. The hotel has assured that the impact of the attack was kept to a bare minimum. 

Nevertheless, it has been confirmed that the attackers were able to access specific sensitive customer credentials, including address details and the information associated with 150 credit cards. Prior to the hotel's official statement concerning the attack, the company's name appeared on the dark web leak site associated with the ALPHV ransomware gang. 

The group has stated that they successfully obtained several terabytes of data from the company, notably encompassing portions of customer information. Additionally, TechCrunch company has gained access to a segment of this data, as claimed by the ransomware gang, which is purported to contain details of both employees and specific customers. 

What measures we can take against ransomware attacks? 

1. Extensive research underlines that a significant portion of cyberattacks find their roots in phishing emails. However, through ongoing education and training in social engineering tactics, we have the power to effectively decrease the likelihood of a data breach by as much as 70%. 

2. Insufficient software updates significantly contribute to cybersecurity breaches. It is imperative to uphold a thorough system inventory, conduct comprehensive vulnerability assessments, and apply patches promptly and consistently. 

3. Promote a practice of not reusing passwords and encourage regular password changes among employees. Employing browser-based password managers can be a beneficial tool. The implementation of MFA provides an additional level of user validation and authorization. 

4. Incorporating backups into your risk management and contingency strategies is paramount. Regularly testing and keeping backups isolated from the primary network are critical measures. It's worth noting that while backups are invaluable, they may not always provide complete protection against extortion attempts in the event of a ransomware attack. 

5. Being prepared for unexpected events is essential. A thoroughly rehearsed incident response plan, when coupled with the deployment of endpoint detection and response (EDR) tools, empowers businesses to adeptly handle cyberattacks, lessen the repercussions of a security incident, and accelerate recovery initiatives. 

Additionally, in the event of a ransomware attack, it's crucial not to give in to the extortionists' demands. Instead, we strongly advise reaching out to your local cybersecurity authority, Cyber Watch officers, or the Internet Crime Complaint Center. Remember, paying the ransom will only embolden further ransomware criminal activity.
Read more »
ScarCruft
Data Breach Data Stolen lazarus Mashinostroyeniya Data Breach Missile Program North Korea Hackers NPO Mash ScarCruft

North Korean Hackers Breach Russia’s Top Missile Maker’s Data


Reuters reported on Tuesday about a North Korea-based elite hacker group that is in a bid to steal technology by covertly breaching the computer networks of a Russian missile developer giant. Apparently, the hackers have been running the campaign for nearly five months in 2022. 

The North Korean cyberespionage group has targeted Mashinostroyeniya, a rocket design based in Reutov, Moscow. The hackers group, code-named ScarCruft and Lazarus installed covert digital backdoors into the system at NPO Mashinostroyeniya and was located by Reuters’ James Pearson and Christopher Bing.

However, it has not been made clear as to what data was acquired in the breach. In the following month, the digital break-in Pyongyang introduced several new developments in its banned ballistic missile program, while is not clear if this was in any regards to the breach.

Moreover, no official confirmation has been provided of the espionage by NPO Mashinostroyeniya officials.

About the Targeted Company

The company, commonly known as NPO Mash, specialized in developing hypersonic missiles, satellite technologies and new-generation ballistic armaments. The company was prominent in the Cold War as a premier satellite maker for Russia's space program and as a provider of cruise missiles.

According to experts, the hackers garnered interest in the company after it underlined its mission to develop an Intercontinental Ballistic Missile (ICBM), capable of bringing catastrophe to the mainland United States.

Apparently, the hackers acquired access to the company’s documents and leaked them between 2021, and May 2022. Following this, the IT engineers detected the cybercrime activities, the news agency reported. 

Hackers Read Email Traffic, Jumped Between Networks and Extracted Data from the Company 

According to Tom Hegel, a security researcher with U.S. cybersecurity firm SentinelOne, following the hack, the hackers gained access to the company’s IT environment, which enabled them to read email traffic, jump between networks, and extract data. "These findings provide rare insight into the clandestine cyber operations that traditionally remain concealed from public scrutiny or are simply never caught by such victims," Hegel said.

Digging further into the findings, Hegel’s team of security analysts discovered that one of the NPO Mash IT employees unintentionally exposed his company's internal communications while attempting to investigate the North Korean attack by uploading evidence to a secret portal used by cybersecurity researchers worldwide.

Experts speculate that the data stolen by the hacker group is of great importance, however, it will take a lot more information, effort and expertise for them to actually develop a missile. 

"That's movie stuff[…]Getting plans won't help you much in building these things, there is a lot more to it than some drawings," Hegel further added.

Read more »
Zoom Security
Acoustic Attack CoatNet Cyber Attacks Data Stolen Keyboard security Keystrokes side-channel attacks Zoom Security

With 95% Accuracy, New Acoustic Attack can Steal from Keystrokes


UK universities’ researchers have recently developed a deep learning model, designed to extract information from keyboard keystrokes collected using a microphone, with 95% accuracy. 

The prediction accuracy decreased to 93% when Zoom was used to train the sound classification algorithm, still exceedingly good and a record for that medium.

Such an attack has a significantly adverse impact on the users’ data security since it is capable of exposing users' passwords, conversations, messages, and other sensitive information to nefarious outsiders.

When compared to the other side attacks that need specific circumstances and are susceptible to data rate and distance restrictions, these acoustic attacks are easier to operate because of the popularity of devices that are now equipped with high-end microphones. 

This makes sound-based side-channel attacks achievable and far more hazardous than previously thought, especially given the rapid advances in machine learning.

Listening to Keystrokes

The attack is initiated in order to acquire keystrokes on the victim’s keyboard, since the data is required for the prediction algorithm to work. This can be done via a nearby microphone or by accessing the microphone on the target's phone, which may have been compromised by malware.

Additionally, keystrokes can also be recorded via Zoom call, in which, rogue meeting attendee compares the messages entered by the target with the auditory recording of that person.

The researchers acquired training data by pressing 36 keys on a modern MacBook Pro, 25 times each, further recording the sounds produced on each press. 

The spectrogram images were used to train the image classifier "CoAtNet," and it took some trials and errors with the epoch, learning rate, and data splitting parameters to get the best prediction accuracy outcomes.

The same laptop, whose keyboard has been present in all Apple laptops over the past two years, an iPhone 13 mini positioned 17 cm from the target, and Zoom were utilized in the researchers' tests.

The CoatNet classifier gained 95% accuracy in the smartphone recordings and 93% from the content captured via Zoom. Skype, on the other, produced comparatively lower accuracy, i.e. 91.7%.

Possible Security Measures

In order to protect oneself from side-channel attacks, users are advised to try “altering typing styles,” or generating passwords with randomized keys. 

Another safety measure includes utilizing software in order to generate keystroke sounds, white noise, or software-based keystroke audio filters. 

Moreover, since the attack model proved highly efficient even against a very silent keyboard, installing sound dampeners to mechanical keyboards or shifting to membrane-based keyboards is unlikely to help in any way. 

Finally, using password managers to avoid manually entering sensitive information and using biometric authentication whenever possible also serve as mitigating factors.

Read more »
Subscribe to: Posts (Atom)