Keystroke inference attack

Keystroke inference attacks are a class of privacy-invasive technique that allows attackers to infer what a user is typing on a keyboard.^{[1][2][3][4][5][6][7][8]}

History

The origins of keystroke inference attacks can be traced back to the mid-1980s when academic interest first emerged in utilizing various emanations from devices to deduce their state. While keystroke inference attacks were not explicitly discussed during this period, the declassified introductory textbook on TEMPEST standards, NACSIM 5000, alluded to keyboards as potential sources of data leakage.^[9] In 1998, academic papers explored defenses similar to those described in TEMPEST standards, suggesting that emissions from keyboards could be used to track keystrokes, though without practical demonstrations. In 2001, researchers discovered a timing side channel in the SSH protocol that could be exploited to leak keystroke data.^[10] The concept gained more attention in 2002 when a Computerworld opinion piece described the "keyboard trick," where recorded keyboard sounds were analyzed to reconstruct keystrokes, a technique the author claimed to have known since the 1980s.^[11][9] Formal academic research on sound-based keystroke detection began in 2004, with IBM researchers demonstrating that each keystroke produces a unique sound and developing an algorithm to translate these sounds into keystrokes. This work was refined in 2006 and in 2009, enhancing the attack's reliability.^[10] In 2009, Vuagnoux et al. revealed that modern keyboards emit electromagnetic signals that can be used to infer keystrokes.^[1]