Touch Interface and Keylogging Malware - Semantic Scholar€¦ · Touch Interface and Keylogging...
Transcript of Touch Interface and Keylogging Malware - Semantic Scholar€¦ · Touch Interface and Keylogging...
Touch Interface and Keylogging Malware
IT Innovations 2015, Dubai, UAE
Cybersecurity Research LaboratoryBrigham Young University, Provo, Utah, USA
Authors
Samuel Moses Jon Mercado Allie Larson Dale Rowe
BYU Information Technology
•Cybersecurity Emphasis:•Penetration Testing•Cyber Forensics•Malware Analysis•Information Assurance
•Cybersecurity Research Laboratory•Cyber Physical Systems Security•IT Security Education•Big Data Analytics and Research•Situational Awareness
Outline
• Intro• Threat of Keyloggers• Touch Screens and Smart Cities• Testing Methodology• Findings• Future Work• Conclusion
Intro – What is a Keylogger?
• Hardware Keyloggers• Inserted between keyboard and USB port
• Software Keyloggers• Installed as programs that run in the background
Keyloggers - A Serious Threat
•In 2013 keyloggers played a role in 48% of total data breaches
•In 2014 keyloggers were one of the top 10 threats•2% of POS attacks•13% Crimeware attacks•38% of data breaches
Touchscreens and Smart Cities
• Prevalence of Touchscreens increasing
• Critical Infrastructure , Public Transport, Information Kiosks
Testing Methodology
Tested Keystrokes:1234567890-=
~!@#$%^&*()_+
qwertyuiop[]\
QWERTYUIOP{}|
asdfghjkl;’
ASDFGHJKL:”
zxcvbnm,./
ZXCVBNM<>?
<ctrl>
The quick brown fox jumped over the lazy dog
The quick red<backspace><backspace><backspace>
Tested Keyloggers:•Actual Keylogger•Metasploit Javascript Keylogger•Free Keylogger•Meterpreter Keylogger•Spyrix Keylogger•KeyGrabber Physical Keylogger
Touchscreen FindingsKeylogger 100% Keystroke
CoverageEnter &
Backspace Only0% Keystroke
CoverageActual Keylogger X
Metasploit JavascriptKeylogger
X
Free Keylogger X
Meterpreter Keylogger X
Spyrix Keylogger X
KeyGrabber Physical Keylogger
X
Future Work
• Determining Risk to current and future systems• Review source code of keyloggers
• Most effective touchscreen keylogger attack vectors
• Securing Critical Infrastructure
Conclusion
• Keyloggers are still a threat today and are a threat to smart cities infrastructure
• Adjusting for these security vulnerabilities in the beginning stages of a smart city’s development will more effectively mitigate the risk
Questions?• Contact us at [email protected]
• https://cybersecurity.byu.edu/research/keyloggers