• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • About Us
  • Contact Us
  • Block Examples
  • Landing Page

iHash

News and How to's

  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

Experts Find a Way to Learn What You’re Typing During Video Calls

Feb 23, 2021 by iHash Leave a Comment

A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed.

The research was undertaken by Mohd Sabra, and Murtuza Jadliwala from the University of Texas at San Antonio and Anindya Maiti from the University of Oklahoma, who say the attack can be extended beyond live video feeds to those streamed on YouTube and Twitch as long as a webcam’s field-of-view captures the target user’s visible upper body movements.

“With the recent ubiquity of video capturing hardware embedded in many consumer electronics, such as smartphones, tablets, and laptops, the threat of information leakage through visual channel[s] has amplified,” the researchers said. “The adversary’s goal is to utilize the observable upper body movements across all the recorded frames to infer the private text typed by the target.”

password auditor

To achieve this, the recorded video is fed into a video-based keystroke inference framework that goes through three stages —

  • Pre-processing, where the background is removed, the video is converted to grayscale, followed by segmenting the left and right arm regions with respect to the individual’s face detected via a model dubbed FaceBoxes
  • Keystroke detection, which retrieves the segmented arm frames to compute the structural similarity index measure (SSIM) with the goal of quantifying body movements between consecutive frames in each of the left and right side video segments and identify potential frames where keystrokes happened
  • Word prediction, where the keystroke frame segments are used to detect motion features before and after each detected keystroke, using them to infer specific words by utilizing a dictionary-based prediction algorithm

In other words, from the pool of detected keystrokes, words are inferred by making use of the number of keystrokes detected for a word as well as the magnitude and direction of arm displacement that occurs between consecutive keystrokes of the word.

This displacement is measured using a computer vision technique called Sparse optical flow that’s used to track shoulder and arm movements across chronological keystroke frames.

Additionally, a template for “inter-keystroke directions on the standard QWERTY keyboard” is also charted to denote the “ideal directions a typer’s hand should follow” using a mix of left and right hands.

The word prediction algorithm, then, searches for most likely words that match the order and number of left and right-handed keystrokes and the direction of arm displacements with the template inter-keystroke directions.

The researchers said they tested the framework with 20 participants (9 females and 11 males) in a controlled scenario, employing a mix of hunt-and-peck and touch typing methods, aside from testing the inference algorithm against different backgrounds, webcam models, clothing (particularly the sleeve design), keyboards, and even various video-calling software such as Zoom, Hangouts, and Skype.

The findings showed that hunt-and-peck typers and those wearing sleeveless clothes were more susceptible to word inference attacks, as were users of Logitech webcams, resulting in improved word recovery than those who used external webcams from Anivia.

The tests were repeated again with 10 more participants (3 females and 7 males), this time in an experimental home setup, successfully inferring 91.1% of the username, 95.6% of the email addresses, and 66.7% of the websites typed by participants, but only 18.9% of the passwords and 21.1% of the English words typed by them.

“One of the reasons our accuracy is worse than the In-Lab setting is because the reference dictionary’s rank sorting is based on word-usage frequency in English language sentences, not based on random words produced by people,” Sabra, Maiti, and Jadliwala note.

Stating that blurring, pixelation, and frame skipping can be an effective mitigation ploy, the researchers said the video data can be combined with audio data from the call to further improve keystroke detection.

“Due to recent world events, video calls have become the new norm for both personal and professional remote communication,” the researchers highlight. “However, if a participant in a video call is not careful, he/she can reveal his/her private information to others in the call. Our relatively high keystroke inference accuracies under commonly occurring and realistic settings highlight the need for awareness and countermeasures against such attacks.”

The findings are expected to be presented later today at the Network and Distributed System Security Symposium (NDSS).

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: calls, computer security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, Experts, find, hacker news, hacking news, how to hack, information security, Learn, network security, ransomware malware, software vulnerability, the hacker news, Typing, video, youre

Special Offers

  • The Complete Become a UI/UX Designer Bundle for $34

    The Complete Become a UI/UX Designer Bundle for $34
  • ZENLET The Wallet with RFID Blocking Card for $65

    ZENLET The Wallet with RFID Blocking Card for $65
  • EasyClout Social Media Management for Business: 1-Yr Subscription for $19

    EasyClout Social Media Management for Business: 1-Yr Subscription for $19
  • The All-in-One American Sign Language Bundle for $34

    The All-in-One American Sign Language Bundle for $34
  • AudioWow: Wireless Audio Studio in a Matchbox Size for Mobile Phone for $159

    AudioWow: Wireless Audio Studio in a Matchbox Size for Mobile Phone for $159

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

E-mail Newsletter

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

ZENLET The Wallet with RFID Blocking Card for $65

Feb 26, 2021 By iHash

Detecting and Responding to SolarWinds Infrastructure Attack with Cisco Secure Analytics

Detecting and Responding to SolarWinds Infrastructure Attack with Cisco Secure Analytics

Feb 26, 2021 By iHash

Tags

* Apple computer security cyber attacks cyber crime cyber news Cyber Security cybersecurity cyber security news cyber security news today cyber security updates cyber threats cyber updates data breach data breaches google hacker hacker news hacking hacking news how to hack incident response information security iOS iOS 7 iOS 8 iPad iPhone iPhone 6 Malware microsoft network security OS X Yosemite Privacy ransomware malware risk management security security breaches security vulnerabilities software vulnerability the hacker news update video Vulnerabilities web applications
Copyright iHash.eu © 2021
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.