Silent Hackers: Decoding Passwords Through Key Sounds!
Researchers create system using sound recordings that can work out what is being typed with more than 90% accuracy
According to a study, entering your computer password while having a conversation on platforms like Zoom could potentially expose you to cyber threats. The research suggested that artificial intelligence (AI) has the ability to decipher the keys that are being tapped by simply listening to the sound of the typing. With the rise in usage of video conferencing tools like Zoom and the prevalence of devices with built-in microphones, experts warn that the risk of sound-based cyber-attacks has also increased substantially.
Researchers have reportedly developed a system that can accurately determine over 90% of the keys being typed on a laptop keyboard, by merely relying on the sound recordings.
Dr. Ehsan Toreini, co-author of the study from the University of Surrey, has foreseen an increase in the accuracy of such attacks and models. With the proliferation of smart devices with microphones, he highlights the importance of public discussions regarding the governance of AI.
The research, published as part of the IEEE European Symposium on Security and Privacy Workshops, demonstrates how Toreini and his colleagues used machine-learning algorithms to design a system that could identify which keys were being pressed on a laptop based on the sound. This method was recently implemented on the Enigma cipher device.
The study explains that the researchers consecutively pressed all 36 keys on a MacBook Pro, including all letters and numbers, 25 times each using different fingers and applying varying pressure. The sounds were captured both during a Zoom call and on a smartphone placed close to the keyboard.sity, said it was possible an important influence was how close the keys were to the edge of the keyboard.
According to Dr. Toreini, the varying sounds could be primarily due to the differing positions of the keys. The system was then further tested with the remaining data.
The results showed impressive accuracy, correctly identifying the corresponding keys to their sounds about 95% of the time over a phone call and 93% of the time during a Zoom call.
The study, co-authored by Dr. Maryam Mehrnezhad from the Royal Holloway, University of London, is not the first to demonstrate keystroke identification based on sound. However, its updated methods and unprecedented accuracy set it apart.
While the research was intended to prove a concept and has not been used for real-world scenarios like cracking passwords or eavesdropping in settings like coffee shops, the authors stress the necessity of caution. They highlight that laptops, due to their common keyboard layouts and frequent public use, are highly susceptible. Nonetheless, similar methods could potentially be applied to any keyboard.
The researchers suggest several ways to decrease the risk of such acoustic "side channel attacks," like using biometric passwords or enabling two-step verification systems where available. In cases where these options aren't available, they recommend using a combination of upper and lower case letters, numbers, and symbols by frequently using the shift key.
“It’s very hard to work out when someone lets go of a shift key,” said Harrison.
Additionally, Prof. Feng Hao from the University of Warwick, who was not part of the study, advised caution when typing sensitive information such as passwords on a keyboard during a Zoom call. Besides the sound, even subtle movements of the shoulder and wrist can potentially reveal information about the keys being typed, even if the keyboard is not in the camera's view, he added.