Story image

Researchers create AI-enabled computer keyboard malware

11 Jun 2019
Twitter
Facebook

Researchers at Israel’s Ben-Gurion University of the Negev have created a proof-of-concept attack that can mimic the way people write via their computer keyboards.

The attack method, dubbed ‘Malboard’, uses a compromised USB keyboard and artificial intelligence to automatically generate keystrokes that mimic the way a normal human user would write.

Researchers demonstrated that the Malboard attack autonomously generates commands in the user’s style, injects the keystrokes as malicious software into the keyboard and evades detection. 

“In the study, 30 people performed three different keystroke tests against the tested evasion against three existing detection mechanisms including KeyTrac, TypingDNA and DuckHunt. Our attack evaded detection in 83%-100% of the cases,” explains Cyber@BGU head of the David and Janet Polak Family Malware Lab, Dr. Nir Nissim. 

“Malboard was effective in two scenarios: by a remote attacker using wireless communication to communicate, and by an inside attacker, such as an employee, that physically operates and uses Malboard.” 

The researchers were able to develop detection methods to prevent such attacks from happening in the real world, by including additional information including the keyboard’s power consumption, the keystrokes’ sound, and the way users fix typographical errors.

“Each of the proposed detection modules is capable of detecting the Malboard attack in 100% of the cases, with no false positives,” Dr. Nissim adds. 

“Using them together as an ensemble detection framework will ensure that an organisation is immune to the Malboard attack as well as other keystroke attacks.”

Commenting on the researchers’ findings, ESET cybersecurity specialist Jake Moore points out that artificial intelligence is growing smarter – something many have feared for years.

“The more data comes in, the more accurate the machine learns to produce authentic emails, which in turn can be used criminally,” says Moore. 

“Spear phishing attacks have been used for years but the biggest issue for threat actors is that it can take vast amounts of time in communicating with the victim. Using AI will, of course, reduce the amount of human interaction in such attacks and therefore will increase the number of attacks on inboxes. Naturally, the big question is how should we evade such intelligent attacks?”

“Well, there is still much to be said for timing, use caution opening it or communicating. Or better still, request further verification on unknown emails or communications out of the blue.”

BGU researchers propose using this detection framework for every keyboard when purchased and daily at the outset, since sophisticated malicious keyboards can delay their malicious activity for a later time period. Many new attacks can detect the presence of security mechanisms and thus manage to evade or disable them. 

The researchers also plan to research other USB devices including computer mouse clicks, movements, and duration of use. The BGU researchers plan to expand work on other popular USB devices, including computer mouse user movements, clicks, and how long they are used.