Malboard: Hackers can now pose as victims through their keyboards

Our keystrokes can verify who we are but researchers show behavioral verification systems can be easily fooled.
Written by Charlie Osborne, Contributing Writer

A new form of cyberattack has been developed by researchers which is able to mimic a user's identity through their keystrokes.

The continual evolution of cyberattacks and their increasing sophistication has led to a situation where signature-based antivirus products are no longer enough.

A multi-layered approach to personal security -- including two-factor authentication (2FA) -- is slowly becoming commonplace in order to reduce our reliance on passwords alone.

The idea of verifying our identity through behavioral patterns, such as through keystrokes or mouse movements, is also being explored, but as Ben-Gurion University of the Negev (BGU) Malware Lab researchers have revealed, no single security solution is foolproof.

On Wednesday, the team said they have developed a new form of attack, dubbed Malboard, which is able to evade detection products "that are intended to continuously verify the user's identity based on personalized keystroke characteristics."

See also: CCTV cameras enslaved to infiltrate air-gap networks

It is not just the speed of keystrokes which can be used to verify a user -- how we respond to typographical errors and whether or not we tend to mistype particular characters are behavioral elements which can be used to verify our identity, too.  

In a paper published in the academic journal Computer and Security, available online, BGU showed how a compromised keyboard can be used to generate and send malicious keystrokes which mimic its victim.

The team used keyboards developed by Microsoft, Lenovo, and Dell in their research. The aim was to fool KeyTrac, TypingDNA and DuckHunt, which are all risk-based behavioral authentication systems.

These forms of software use AI-based algorithms and machine learning to analyze our keystrokes in order to add another layer of verification to user accounts. However, these same algorithms can also be used to fool them.

In order to develop Malboard, the team used behavioral data generated from 30 participants performing three different keystroke tests. This information was fed into the attack's underlying AI database and algorithms created by the system were pitted against the detection software.

A keyboard infected with Malboard was able to automatically generate keystrokes in the style of the participants by injecting keystroke movements "as malicious software." In 83 to 100 percent of the tests, KeyTrac, TypingDNA, and DuckHunt were fooled.

TechRepublic: 6 questions to consider before implementing a disaster recovery plan

According to Dr. Nir Nissim, head of the David and Janet Polak Family Malware Lab at Cyber@BGU, Malboard would be particularly effective in two scenarios; remote attacks launched by hackers wirelessly, or by inside attackers -- such as disgruntled employees -- who would be able to physically launch Malboard on a keyboard to compromise an internal system.

The paper also proposes detection modules which could be used to improve keyboard-based verification, including power consumption monitoring, keystroke sounds, and typographical error detection.

CNET: Scam artists reportedly stole $19 million worth of iPhones

"Each of the proposed detection modules is capable of detecting the Malboard attack in 100 percent of the cases, with no false positives," Nissim added. "Using them together as an ensemble detection framework will ensure that an organization is immune to the Malboard attack as well as other keystroke attacks."

The best beach reads for hackers in 2019

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards