Page 151 - Cyber Defense eMagazine December 2023
P. 151
in that person’s phone was “listening” to the keystrokes of your keyboard, and passing those to
a trained deep-learning model which then revealed the password you typed.
This is SCA — not Strong Customer Authentication — but actually the antithesis of that. This is
a Side Channel Attack, an acoustic side-channel attack, as published by researchers from
Durham University.
A SCA is when signals from a device are collected and interpreted to extract secrets. The signals
can be in any form: from electromagnetic waves, power consumption to sound waves. The
interesting thing about side-channel attacks is that they do not need connectivity or any direct
access to the device. The acoustic SCA uses the sound waves from the device, and in the above
case – the sound of the keyboard strokes.
A recent report from Cornell University found that AI can be used to steal passwords by
"listening" to a user's keystrokes with over 90 per cent accuracy. And researchers from the
universities in London found results up to 95 per cent accuracy in a similar report.
It doesn’t just stop there; the person doesn’t need to be sitting in that café a few tables behind.
In fact, the same attack can be carried out remotely by listening through Zoom calls with 93 per
cent accuracy.
How do we solve this? The answer is to stop using passwords, which clearly have several
vulnerabilities that fail to protect ourselves and our data.
We almost forget that there is a digital service which we use several times a day that provides
secure protection not offered by passwords. We even have a name for the fear of losing it –
“nomophobia”. It’s our mobile phone service: what we use to make or receive phone calls and
SMSs, or access any application or website on our mobile devices.
It uses the SIM to identify the genuine user. The “I” in the SIM stands for “Identity”; it stood for
the same when the first SIM-based mobile phone call was made in 1991 and it still stands for
“Identity” when we use the eSIM.
The Subscriber Identity Module (SIM) is a hardware-based cryptography engine, where a unique
cryptographic key is stored securely specific to the SIM, which identifies the user. Mobile
networks around the world use a cryptographic signature from the SIM through the unique key
to authenticate the identity without challenging the user to enter a password or any other form
of explicit authentication, making it much more humanized, seamless and also secure from
stealing any secrets from the user.
At the same time, the SIM is one of the most inclusive technologies, which provides the exact
same level of security and protection, irrespective of what device the user is using – from the
high end expensive mobile phones to the simpler, more affordable mobile phones.
Cyber Defense eMagazine – December 2023 Edition 151
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.