Malboard: Hackers can now pose as victims through their keyboards

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A new form of cyberattack has been developed by researchers which is able to mimic a user's identity through their keystrokes.

The continual evolution of cyberattacks and their increasing sophistication has led to a situation where signature-based antivirus products are no longer enough.
A multi-layered approach to personal security -- including two-factor authentication (2FA) -- is slowly becoming commonplace in order to reduce our reliance on passwords alone.

The idea of verifying our identity through behavioral patterns, such as through keystrokes or mouse movements, is also being explored, but as Ben-Gurion University of the Negev (BGU) Malware Lab researchers have revealed, no single security solution is foolproof.

On Wednesday, the team said they have developed a new form of attack, dubbed Malboard, which is able to evade detection products "that are intended to continuously verify the user's identity based on personalized keystroke characteristics."

It is not just the speed of keystrokes which can be used to verify a user -- how we respond to typographical errors and whether or not we tend to mistype particular characters are behavioral elements which can be used to verify our identity, too.

In a paper published in the academic journal Computer and Security, available online, BGU showed how a compromised keyboard can be used to generate and send malicious keystrokes which mimic its victim.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top