Abstract
In the field of IT security the development of Proof of
Concept (PoC) implementations is a commonly accepted
method to determine the exploitability of an identified
weakness. Most security issues provide a rather straightforwad
method of asserting the PoCs efficiency. That
is, it either works or it does not. Hence, data gathering
and exfiltration techniques usually remain in a position
where the viability has to be empirically verified. One of
these cases are mobile device keyloggers, which only recently
have been starting to exploit side-channels to infer
heuristic information on a user’s input. With this introduction
of side channels exploiting heuristic information
the performance of a keylogger may no longer be described
with “it works and gathered what was typed”.
Instead, the viability of the keylogger has to be assessed
based on various typing speeds, user input styles and
many metrics more as documented in this paper. The authors
of this document provide a survey of the required
metrics and features. Furthermore, they have developed
a framework to assess the performance of a keylogger.
This paper provides the documentation on how such a
study can be conducted, while the required source code
is shared online.
Concept (PoC) implementations is a commonly accepted
method to determine the exploitability of an identified
weakness. Most security issues provide a rather straightforwad
method of asserting the PoCs efficiency. That
is, it either works or it does not. Hence, data gathering
and exfiltration techniques usually remain in a position
where the viability has to be empirically verified. One of
these cases are mobile device keyloggers, which only recently
have been starting to exploit side-channels to infer
heuristic information on a user’s input. With this introduction
of side channels exploiting heuristic information
the performance of a keylogger may no longer be described
with “it works and gathered what was typed”.
Instead, the viability of the keylogger has to be assessed
based on various typing speeds, user input styles and
many metrics more as documented in this paper. The authors
of this document provide a survey of the required
metrics and features. Furthermore, they have developed
a framework to assess the performance of a keylogger.
This paper provides the documentation on how such a
study can be conducted, while the required source code
is shared online.
| Original language | English |
|---|---|
| Title of host publication | USENIX Workshop on CyberSecurity Experimentation and Testing (CSET) |
| Publisher | USENIX Association |
| Publication status | Published - 2014 |