Hacking passwords by recording the sound of your keystrokes is nothing new, but researchers using AI have been able to do this with much more accuracy.
Computer scientists from Durham University, University of Surrey, and Royal Holloway University of London, have simulated a cyberattack where a deep learning model classified keystrokes using audio recordings from Zoom and smartphone microphone. When trained on keystrokes using Zoom, researchers achieved 93 percent accuracy, and using a smartphone, they achieved 95 percent accuracy. Using off-the-shelf equipment and software, they were able to show how this kind of attack is possible.
This type of cyberattack, called acoustic side channel attack (ASCA), was studied in the early 2000s, but hasn’t received much focus lately. However, now due to the rise of video conferencing, people working remotely in cafes and public places, and recent advancements of neural networks, the researchers pointed out how this threat could become more prevalent. The study, which was presented and accepted as part of the 2023 IEEE European Symposium on Security and Privacy Workshop, was conducted in order to prove its viability, and call attention to ASCAs, now that deep learning tools are much more accessible.
So how can people protect themselves against acoustic side channel attacks? The simplest answer is don’t type out your password near any microphones or on Zoom. But that’s not always feasible. The researchers proposed making sure your password is secure with two-factor authentication, using biometric login wherever possible, and using randomized passwords with upper and lower case characters, since it’s difficult to recognize the release of the Shift key.