Wired
You may want to avoid making video calls such as Zoom or Skype with someone you don’t know very well. According to security researchers, even the slightest movement of your arm or hand when typing can guess your password.
Public videos may also be targeted for attack
The paper “Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Interference Attacks” compiled by Maud Sabra, Marts the Jadriwara, and Anindoya Maichi of the University of Oklahoma, University of Texas at San Antonio. Abuse of video calls for interference attacks), the attack can be launched against all video conferencing recordings.
In other words, videos and live streaming published on YouTube etc. may also be the target of attacks, three researchers point out in the paper.
All you need is a webcam and a dedicated program
So how is the attack carried out?
An attacker only needs a webcam and computer program that can shoot at least 720p (preferably 1080p or higher).
Then, while recording the video of the person you are talking to on Zoom or Skype, use a computer program to erase the background. The program uses the other person’s face as a reference point and measures the movement of the arms and shoulders.
When using Zoom etc. on a computer, the webcam is almost always located in the upper center of the display. Therefore, it seems that there are many cases where the shoulders and arms are reflected.
After shooting and measuring, the program analyzes the difference in arm and shoulder position for each frame. Then, if you are using a standard QWERTY keyboard, you will know almost exactly which key you are typing. Once the input key is known, the program then collates a huge number of English words with a list of commonly used password strings to determine the password entered by the other party.
With a common password, the correct answer rate is 75%
As a result of 20 experiments in which a randomly selected word from 300 words selected in advance was input in an environment with only a laptop computer, a webcam, and a chair, the program calculated the password with an accuracy of about 75%. It was.
However, in an experiment in which researchers entered their favorite passwords at their homes, the correct answer rate for the program was only about 20%.
However, when using one of the one million commonly used passwords, the correct answer rate jumped to about 75%.
For example, if the attacker knows the other party’s email address and name, if the other party enters it during a conversation such as Zoom, it will be known with a probability of 90% or more, so researchers say, “Enter next. It’s the password that you do, “he warns.
How to prevent password leakage in Zoom etc.
So how can you prevent information such as passwords from being stolen? The researchers give some advice.
- Wear long sleeves. The movement of the arms and shoulders is more difficult to understand with long sleeves than with sleeveless.
- Wear something that hangs on your shoulders. If the hair is touching the shoulder, the program cannot analyze it correctly. Wearing headphones on your shoulders or wearing a scarf is also effective.
- Learn touch typing. With touch typing that moves 10 fingers, it is difficult to distinguish the keys.
- Sit in a chair on casters. When the whole body is moving, it is difficult to detect the movement of the shoulders and arms.
- Dimming the lights.
- Reduce the resolution of your webcam (although in this case there is another problem with the image being hard to see).
Source: Paper (PDF) via Tom’s Guide
Photo: Zoom
(lunatic)
Source: iPhone Mania