Graphics libraries as the main tool to intercept keystrokes
Attackers can figure out text input by using hardware as well as on-screen keyboards.
Security specialists informed about their ability to determine keystroking when looking for data leaks that consists in observing the way a processor computes code from standard graphics libraries.
The fundamental idea of this investigation is that the code responsible for rendering text on screen, using the standard graphics libraries of modern operating systems bypasses hints about the information processed, including the cases when the text is stealth behind a password’s generic dots.
This vulnerability is also known as a side-channel attack. It’s a new type of attack, but it has been used mainly to restore information from enciphered communications.
Attackers target at the CPU shared memory where graphics libraries perform rendering of the operating system user interface (UI).
A research work of specialists will be represented at a technology conference next year, and it will puzzle out the issues connected with a side-channel attack that is focused on graphics libraries.
Academics stressed that a malicious process provides them with opportunity to detect these leaks and forecast with greatest fidelity what text could be typed by a certain user.
Some readers might consider keyloggers to have the same function, but the investigator’s code differs: it can work without admin or any other specific authorities.
This code can be concealed inside legitimate apps, that’s why it’s mode difficult for antivirus programs to detect it.
But for now, there is no need to worry about, since this attack is theoretical and for an inexperienced hacker it would be rather difficult to make advantage of it.
One will fail to perform such an attack without special knowledge about interaction mechanism between OS and its graphics library on certain hardware architectures.
But attackers still have reason not to give up. In comparison with classic keylogging malware, this attack extends beyond keypresses collecting from hardware keyboards, it also deals with on-screen keyboards as well.
Moreover, this attack can be performed on any OS. During testing, investigators intercepted keystrokes from an Ubuntu and Android OS.
Researchers developed this attack to capture only numerical and lowercase characters, but they point out that a cybercriminal can exploit another prediction model to consider uppercase letters and special characters as well.
You’ll find more details in the next year research paper “Unveiling your keystrokes: A Cache-based Side-channel Attack on Graphics Libraries”. The authors are academics from the University of California, Riverside, Virginia Tech and the US Army Research Lab.
This research will be presented at the Network and Distributed System Security Symposium (NDSS) that will take place in San Diego in late February 2019.