Determining which keys a user has pressed by listening to their sound has become a technique that is spreading among cybercriminals, who have begun to implement it to steal data and, by extension, the passwords of their victims.
With the passage of time and the implementation of new tracking methodologies of more sophisticated information, users are becoming increasingly interested in the privacy and security features offered by their devices.
This explains, for example, why Google has recently restored the ‘Permissions’ section in the description of the applications in the Google Play Store, a decision it has made after receiving criticism from its users after removing it about a month ago.
The use and control of so-called ‘cookies’, code files that websites send to devices and that collect user behavior in order to improve the user experience, is also arousing interest.
Although, in general, users are wary of these digital ‘crumbs’, 60 percent admit that they accept them despite not knowing exactly how they work or what permissions they are giving the browser over their sensitive information.
In general, one of the great concerns of users lies in the possible listening of devices such as Alexa, developed by Amazon, Siri (Apple) or the Google Assistant and, in fact, there have been cases in which large companies have admitted that they have recorded tappings with the ignorance of their owners.
That’s why companies like Samsung have developed robust systems like Samsung Knox, a comprehensive security management platform that protects devices from the most developed and complex threats.
Some of its capabilities are integrated into this solution, including the use of the fingerprint as a ‘key’ to access private folders or ‘Secure Folder’, a private and encrypted space that can be created on Galaxy devices.
Apple is another of the brands that has recently announced initiatives aimed at users who suffer personal attacks from sophisticated cyber threats, among which is LockdownMode, a mode of protection or isolation.
Although manufacturers have developed these tools, it should be pointed out that they have done so with a focus on mobility, so that other devices, such as computers, remain vulnerable to certain more sophisticated attacks.
Currently, there are three types of ‘hacking’ recognized in this area and that affect users and consumers of this type of electronic ‘hardware’, as recently recalled by the security software developer company Panda Security.
The first of them and the most traditional is the so-called keylogger, a type of ‘malware’ that monitors each key pressed and is capable of extracting confidential information through what the user types on the keyboard.
Another attack is known as ‘Acoustic Keyboard Eavesdropping Keylogging attack’, which translates as espionage attacks through the acoustic keyboard. These offenses occur because a program is used that works with an algorithm that recognizes the sound that corresponds to each keystroke.
Although there are clear differences between the keyboards and not all of them sound the same, the attackers make sure that this algorithm can extract various data during use and be able to guess the passwords from different combinations.
Finally, Panda Seucrity has indicated that a mode has recently been registered in wireless keyboards, which work with an antenna connected by the USB port.
In this case, cybercriminals can substitute it with a spoofed one to intercept the radio frequency connection, indicating that this technique only works over short distances, a maximum of 250 meters.
TIPS TO AVOID THESE ATTACKS
From this security software developer company they have recalled that one of the main steps to follow to reinforce the protection of systems is to configure the device’s microphone on and off.
In this way, they not only prevent cyberfraudsters from recording their private conversations, but they can also access the movements that are made while typing from the mobile or computer.
It is also advisable to change passwords on a regular basis, so that cybercriminals have fewer options to find the correct keys and access sensitive information.
On the other hand, it is important to turn off the keyboard and mouse of the computer in case they are wireless when these devices are not being used, in order to prevent attackers from exercising remote control over the device. when their owners are away.
Finally, it is important to use a double authentication system for access to personal accounts. In this way, in case the ‘hackers’ try to get hold of any of them, your users will be able to know if they are stealing their credentials.
Source: Europa Press