In a paper to appear at the 2018 European Symposium on Research in Computer Security (ESORICS), a team of researchers from UC Irvine, New York Institute of Technology and University of Padova (Italy) reveal a new attack: Secret Information Leakage from Keystroke Timing Videos (SILK-TV). The UCI researchers include Chancellor’s Professor of Computer Science Gene Tsudik and undergrad exchange students Martin Georgiev and Nikita Samarian.
This work studied leakage of passwords and PINs based on observations of output devices (screens or projectors) that mask characters, typically with asterisks or dots. SILK-TV attacks extract inter-keystroke timing information from videos of password-masking characters displayed as users type their passwords or PINs. Results from several studies indicate that SILK-TV can recover eight-character alphanumeric passwords in as few as 19 attempts, suggesting that password-masking GUIs must consider such information leakage.
— Shani Murray