Login
Cisco XDR is a leader in providing comprehensive threat detection and response across the entire attack surface. Weβll be showcasing new capabilities that will give security teams even more insight, aβ¦ Read more on Cisco Blogs
Join the guided tour outside the Security Operations Center, where weβll discuss real time network traffic of the RSA Conference, as seen in the NetWitness platform. Engineers will be using Cisco Sβ¦ Read more on Cisco Blogs
Video conferencing has really taken off this year. With more people working and learning from home than ever before, video calling has rapidly become the mainstream method for remote communication, allowing users to stay connected. But very few may realize that they might be giving away their passwords on video calls through their body language. According to Tomβs Guide, call participants can guess a userβs passwords through the arm and shoulder movements they make while they type.
Letβs unpack how this threat works so you can continue to connect via video calls worry-free.
Keyboard snooping, or a keyboard interference threat, occurs when an attacker is present on a video call and observes the targetβs body and physiological features to infer what they are typing. To pull off this attack, the hacker would need to record the meeting or video stream and feed it through a computer program. This program eliminates the visual background and measures the userβs arm and shoulder movements relative to their face. From there, the program analyzes the userβs actions to guess which keys they are hitting on the keyboard β including passwords and other sensitive information.
So, how accurate is this program, anyway? While this shows that the program was only correct 20% of the time when subjects were on their own devices in an uncontrolled environment, the programβs accuracy increased to 75% if their password was one of the one million most commonly used passwords. And suppose the program already knew their email address or name. In that case, it could decipher when the target was typing this information during the video call (and when their password would immediately follow) 90% of the time. The less complex the target makes their password, the easier it is for the program to guess what theyβre typing.
Keystroke inference attacks can have potentially dangerous effects, since the text typed can often contain sensitive or private information even beyond passwords, like credit card numbers, authentication codes, and physical addresses. Itβs also important to note that any video conferencing tool or videos obtained from public video sharing/streaming platforms are susceptible to this attack.
Therefore, to prevent your meeting attendees from snooping on what youβre typing, follow these tips for greater peace-of-mind:
Avoid giving keyboard snoopers the upper hand by making yourΒ passwordΒ or passphrase as unique as the information itβs protecting.Β If a hacker does manage to guess yourΒ passwordΒ for one of your online accounts, they will likely check for repeat credentials across multiple sites. By using different passwords or passphrases for your online accounts, you can remain calm and collected knowing that the majority of your data is secure if one of your accounts becomes vulnerable.
Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification like texting or emailing a secure code to verify your identity. Most popular online sites like Gmail, Dropbox, LinkedIn, Facebook, etc. offer multi-factor authentication, and it takes just a few minutes to set it up. This reduces the risk of successful impersonation by criminals who may have uncovered your information by keyboard snooping.
Take your security to the next level with a password manager, like the one included in McAfee Total Protection. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords, and log you on to websites automatically.
To stay updated on all thingsΒ McAfeeΒ and on top of the latest consumer and mobile security threats, followΒ @McAfee_HomeΒ Β on Twitter, listen to our podcastΒ Hackable?, and βLikeβ us onΒ Facebook.
Β
The post How to Prevent Keyboard Snooping Attacks on Video Calls appeared first on McAfee Blogs.
FreshRSS 