So what does the future hold for keyboard hacking? It's likely to be "JitterBugs".
In a paper released this past summer by University of Pennsylvania grad students titled "Keyboards and Covert Channels", they document the use of a new attack tactic called a JitterBug.
"This paper introduces JitterBugs, a class of inline interception mechanisms that covertly transmit data by perturbing the timing of input events likely to affect externally observable network traffic. JitterBugs positioned at input devices deep within the trusted environment (e.g., hidden in cables or connectors) can leak sensitive data without compromising the host or its software. In particular, we show a practical Keyboard JitterBug that solves the data exfiltration problem for keystroke loggers by leaking captured passwords through small variations in the precise times at which keyboard events are delivered to the host. Whenever an interactive communication application (such as SSH, Telnet, instant messaging, etc) is running, a receiver monitoring the host’s network traffic can recover the leaked data, even when the session or link is encrypted. Our experiments suggest that simple Keyboard JitterBugs can be a practical technique for capturing and exfiltrating typed secrets under conventional OSes and interactive network applications, even when the receiver is many hops away on the Internet."
The paper is an interesting read. By inserting code and or hardware devices that cause a slight delay between the keyboard getting touched and the computer responding to it and, by coupling this with a small packet of information buried in other packets, the attack could prove to be formible in doing attacks on uids and passwords.
Guy
www.authenticationworld.com
guy.huntington@authenticatioworld.com
del.icio.us