In this video, we demonstrate an attack scenario when user uses Onboard keyboard to input password "123abc"
Every time a user presses a key on Onboard, the flush+reload attacker will measure the side-channel in the graphics libraries and generate a list of predictions, ranked by confidence. We then use the password cracking algorithm described in the paper to crack it.
We can see that with increasing number of login attempts, password cracking becomes more accurate. With 10 login-attempts, we can crack the password 530,000 times faster than random brute force approach.
In this video, we demonstrate an attack scenario when user uses Onboard keyboard to input password "1234abcd" with augmentation of password dictionary.
Every time a user presses a key on Onboard, the flush+reload attacker will measure the side-channel in the graphics libraries and generate a list of predictions, ranked by confidence. In addition, attacker will combine the current key press and previous key press and use dictionary attack to select the most possible password guess.
We see that most characters can be guessed within 3-4 guesses. If we augment the attack with password dictionary, the password can be cracked in the first guess.