Page 151 - Cyber Defense eMagazine December 2023
P. 151

in that person’s phone was “listening” to the keystrokes of your keyboard, and passing those to
            a trained deep-learning model which then revealed the password you typed.

            This is SCA — not Strong Customer Authentication — but actually the antithesis of that. This is
            a  Side  Channel  Attack,  an  acoustic  side-channel  attack,  as  published  by  researchers  from
            Durham University.

            A SCA is when signals from a device are collected and interpreted to extract secrets. The signals
            can  be  in  any  form:  from  electromagnetic  waves,  power  consumption  to  sound  waves.  The
            interesting thing about side-channel attacks is that they do not need connectivity or any direct
            access to the device. The acoustic SCA uses the sound waves from the device, and in the above
            case – the sound of the keyboard strokes.

            A  recent  report  from  Cornell  University  found  that  AI  can  be  used  to  steal  passwords  by
            "listening"  to  a  user's  keystrokes  with  over  90  per  cent  accuracy.  And  researchers  from  the
            universities in London found results up to 95 per cent accuracy in a similar report.


            It doesn’t just stop there; the person doesn’t need to be sitting in that café a few tables behind.
            In fact, the same attack can be carried out remotely by listening through Zoom calls with 93 per
            cent accuracy.

            How  do  we  solve  this?  The  answer  is  to  stop  using  passwords,  which  clearly  have  several
            vulnerabilities that fail to protect ourselves and our data.

            We almost forget that there is a digital service which we use several times a day that provides
            secure protection not offered by passwords. We even have a name for the fear of losing it  –
            “nomophobia”. It’s our mobile phone service: what we use to make or receive phone calls and
            SMSs, or access any application or website on our mobile devices.

            It uses the SIM to identify the genuine user. The “I” in the SIM stands for “Identity”; it stood for
            the same when the first SIM-based mobile phone call was made in 1991 and it still stands for
            “Identity” when we use the eSIM.

            The Subscriber Identity Module (SIM) is a hardware-based cryptography engine, where a unique
            cryptographic  key  is  stored  securely  specific  to  the  SIM,  which  identifies  the  user.  Mobile
            networks around the world use a cryptographic signature from the SIM through the unique key
            to authenticate the identity without challenging the user to enter a password or any other form
            of  explicit  authentication,  making  it  much  more  humanized,  seamless  and  also  secure  from
            stealing any secrets from the user.


            At the same time, the SIM is one of the most inclusive technologies, which provides the exact
            same level of security and protection, irrespective of what device the user is using – from the
            high end expensive mobile phones to the simpler, more affordable mobile phones.





            Cyber Defense eMagazine – December 2023 Edition                                                                                                                                                                                                          151
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   146   147   148   149   150   151   152   153   154   155   156