A Method for Bypassing Keystroke Recognition Based Security System Using Social Engineering

Abstract

In this paper we aim to use the power of Social Engineering to bypass Keystroke Recognition based authentication system. We have designed a virtual chat system (basically a chat bot), coded in Python, which performs the much needed social engineering on the victim. A wise victim may think that the bot is trying to extract confidential credentials from him and so provides false credentials to it but in reality the bot has nothing to do with the credentials. Bot's only job is to record the typing speed of the individual which is the basic need of a security system based on keystroke recognition. Our system includes following prime specialties (assuming two machines, one is the victim's and another the attacker's).  At the victim's side our virtual chat bot measures the victim's typing time and creates a database of it.  An attacking program (designed in Python), integrated to the chat bot, uses the above created database and enters the credentials to the security system virtually at the same time as that of the victim. As a result access is granted to the victim's system. Hence we can effectively breach the security system based on keystroke recognition, which primarily uses a person's typing speed and relies on the fact that no two different person's typing speed are exactly same. Keywords: Keystroke Recognition, Python, Social-engineering, Virtual Chat System (Chat Bot).