They are called JitterBugs, named by Shah's advisor, Penn Associate Professor Matthew Blaze, for both the way they transmit stolen data in "jittery" chunks by adding nearly imperceptible processing delays after a keystroke and for the "jitters" such a bug could inspire in anyone with secure data to safeguard.
Shah presented his findings Aug. 3 at the USENIX Security Conference in Vancouver, B.C., where it was designated the "Best Student Paper" by conference organizers. As proof of the concept, Shah and his colleagues built a functional keyboard JitterBug with little difficulty.
"This is spy stuff. Someone would need physical access to your keyboard to place a JitterBug device, but it could be quite easy to hide such a bug in plain sight among cables or even replace a keyboard with a bugged version," said Shah, a graduate student in Penn's Department of Computers and Information Science. "Although we do not have evidence that anyone has actually been using JitterBugs, our message is that if we were able to build one, so could other, less scrupulous people."
JitterBug devices are conceptually similar to keystroke loggers, such as the one famously used by the FBI to gather evidence against bookmaker Nicodemo Scarfo Jr. Unlike keystroke loggers, which would have to be physically installed into a subject's computer and then retrieved, a keyboard JitterBug only needs to be installed. The device itself sends the collected information through any interactive software application where there is a correlation between keyboard activity and network activity, such as instant messaging, SSH or remote desktop applications. The bug leaks the stolen data through short, virtually unnoticeable delays added every time the user presses a key.
Anytime the user surfs the web, sends an e-mail or instant messages someone, an implanted JitterBug could be timed to open a covert jitter channel to send stolen data. According to Shah, a JitterBug could not log and transmit every touch of the key due to limited storage space on the device, but it could be primed to record a keystroke with a particular trigger.
"For example, one could pre-program a JitterBug with the user name of the target as a trigger on the assumption that the following keystrokes would include the user's password," Shah said. "Triggers might also be more generic, perhaps programmed to detect certain typing patterns that indicate some sort of important information might follow."
JitterBugs are potentially worrisome to governments, universities or corporations with information meant to be kept confidential. One particular scenario is what Blaze refers to as a "Supply Chain Attack," in which the manufacture of computer peripherals could be compromised. Such an attack could, for example, result in a large number of such JitterBugged keyboards in the market. An attacker would only then need to wait until a target of interest acquires a bugged keyboard.
According to Shah, the channel through which the JitterBug transmits data is also the point where it could be most easily detected and countered.
While his presentation only discussed simple countermeasures to JitterBugs, Shah's initial results indicate that the use of cryptographic techniques to hide the use of encoded jitter channels might be a promising approach.
"We normally do not think of our keyboard and input devices as being something that needs be secured; however, our research shows that if people really wanted to secure a system, they would also need to make sure that these devices can be trusted," Shah said. "Unless they are particularly paranoid, however, the average person does not need to worry about spies breaking into their homes and installing JitterBugs."
Funding for this research was provided through grants received by Blaze from the National Science Foundation's Cybertrust program.
Greg Lester | EurekAlert!
Cutting edge research for the industries of tomorrow – DFKI and NICT expand cooperation
21.03.2017 | Deutsches Forschungszentrum für Künstliche Intelligenz GmbH, DFKI
Molecular motor-powered biocomputers
20.03.2017 | Technische Universität Dresden
Astronomers from Bonn and Tautenburg in Thuringia (Germany) used the 100-m radio telescope at Effelsberg to observe several galaxy clusters. At the edges of these large accumulations of dark matter, stellar systems (galaxies), hot gas, and charged particles, they found magnetic fields that are exceptionally ordered over distances of many million light years. This makes them the most extended magnetic fields in the universe known so far.
The results will be published on March 22 in the journal „Astronomy & Astrophysics“.
Galaxy clusters are the largest gravitationally bound structures in the universe. With a typical extent of about 10 million light years, i.e. 100 times the...
Researchers at the Goethe University Frankfurt, together with partners from the University of Tübingen in Germany and Queen Mary University as well as Francis Crick Institute from London (UK) have developed a novel technology to decipher the secret ubiquitin code.
Ubiquitin is a small protein that can be linked to other cellular proteins, thereby controlling and modulating their functions. The attachment occurs in many...
In the eternal search for next generation high-efficiency solar cells and LEDs, scientists at Los Alamos National Laboratory and their partners are creating...
Silicon nanosheets are thin, two-dimensional layers with exceptional optoelectronic properties very similar to those of graphene. Albeit, the nanosheets are less stable. Now researchers at the Technical University of Munich (TUM) have, for the first time ever, produced a composite material combining silicon nanosheets and a polymer that is both UV-resistant and easy to process. This brings the scientists a significant step closer to industrial applications like flexible displays and photosensors.
Silicon nanosheets are thin, two-dimensional layers with exceptional optoelectronic properties very similar to those of graphene. Albeit, the nanosheets are...
Enzymes behave differently in a test tube compared with the molecular scrum of a living cell. Chemists from the University of Basel have now been able to simulate these confined natural conditions in artificial vesicles for the first time. As reported in the academic journal Small, the results are offering better insight into the development of nanoreactors and artificial organelles.
Enzymes behave differently in a test tube compared with the molecular scrum of a living cell. Chemists from the University of Basel have now been able to...
20.03.2017 | Event News
14.03.2017 | Event News
07.03.2017 | Event News
24.03.2017 | Materials Sciences
24.03.2017 | Physics and Astronomy
24.03.2017 | Physics and Astronomy