Hackers can now decipher your password simply by analyzing keystroke sounds

A recent study has revealed that hackers can extract your password through keyboard keystroke sounds, causing widespread concern.

There's no need to delve deeply into the myriad benefits that artificial intelligence (AI) brings to every aspect of contemporary life. However, that's when this technology is used for noble purposes. Conversely, if it's abused to carry out malicious acts, the harm caused by AI can be immeasurable. Recently, scientists have discovered a new method of password 'hacking' solely through the sounds produced when typing.

AI can accurately guess passwords through keystroke sounds

Computer science experts at Cornell University (USA) have recently uncovered a new scheme to enable AI tools to steal your data by recording keyboard keystroke sounds. The research team detailed an AI-controlled attack that can steal passwords with up to 95% accuracy just by listening to what you type on the keyboard.

Researchers conducted experiments training an AI model specialized in analyzing keystroke sounds and deployed it on a phone placed in an environment where keystroke sounds were recorded. The integrated microphone on the phone listened to keystrokes on a MacBook Pro and could reproduce them with 95% accuracy.

The highest accuracy recorded by researchers without using a large language model. The team also tested the model's accuracy through a Zoom call, where keystrokes were recorded by the laptop's microphone during the call. In this experiment, AI replicated keystrokes with 93% accuracy, similarly with Skype at 91.7% accuracy.

Don't blame the noisy mechanical keyboard you use every day. It's noteworthy that the volume of the keyboard is less relevant to the accuracy of the attack. Instead, the AI model is trained on the waveforms, intensity, and timing of each keystroke for identification. For example, you might press a key slightly slower than others due to your typing habit, and this factor will be considered by the AI model. As a result,

In practice, this attack would take the form of malicious software installed on your phone or another nearby device with a microphone. It would then collect data from your keystrokes by eavesdropping through the device's microphone using the installed software and send this data to the research AI model. Researchers used CoAtNet, an AI image classifier tool, for the attack and trained the model on 36 keystrokes on a MacBook Pro, each key pressed 25 times.

This type of attack is quite dangerous, as changing keyboards won't mitigate its effects. Even the best keyboards can fall victim to this AI model's sophisticated attack method. However, mitigating this is not overly difficult; for instance, avoiding typing passwords and utilizing features like Windows Hello and Touch ID.

This isn't the first time seemingly implausible hacking methods have come to light. To serve the purpose of information theft for profit, cybercriminals will not overlook any opportunity to exploit and infringe upon the property of victims. Among these, the method of using a microphone to read passwords and using a phone as a listening device for computers has been utilized by hackers.

Microphones - the handy tool for hackers to read passwords and PINs

A document titled 'Hearing your touch' has appeared on the arXiv academic platform, marking the emergence of a highly capable new method of recording characters typed on a virtual keyboard based on the sounds produced by fingers touching those virtual characters. The research team comprising Ilia Shumailov, Laurent Simon, Jeff Yan, and Ross Anderson found that the sounds produced when you touch the screen are indicative of the location of that touch on the screen.

While not entirely novel, this method of attack bears significant differences. While previous attack methods focused on physical keyboards, listening to keystroke sounds, and analyzing vibration patterns transmitted through surfaces, this method targets virtual keyboards on smart devices. The research team used an application capable of recording sounds when users touch their smartphone screens.

Then, they employed machine learning to analyze and predict the user's finger position, thereby predicting the entered content. Test results demonstrated the alarming potential of this method. With devices equipped with two microphones, the application showed significant accuracy. It could predict PIN codes with a success rate of 54% after 10 'listening' sessions, and 60% after 20 sessions. Particularly on the Nexus 9 device, this app correctly guessed 19 out of 27 passwords after just 10 inputs.

Hackers eavesdrop on computer content using your own phone

According to the study, common smartphones are capable of recording audio signals and vibrations when we type on keyboards. The microphone records keystroke sounds, while the accelerometer and gyroscope can detect vibrations transmitted from the keyboard to the desk surface as we type. The research team developed an iPhone app using artificial intelligence and Apple's Swift programming language to accomplish this.

They simply placed the smartphone on the table and could accurately identify 41.8% of keystrokes and 27% of words, even in noisy environments. What's remarkable is that the research team achieved this without the need for machine learning, which could significantly increase accuracy.

The study also indicates that using 4 smartphones to form an array is most effective. Adding a fifth smartphone may slightly increase accuracy, but the improvement is not significant. Therefore, even if you have a 'clean' computer and no one standing behind you filming, the information you type on the keyboard can still be stolen.

Nowadays, it's wise to invest in a better password manager. This not only mitigates the risk of password entry but also allows you to use random passwords for all your accounts. That's the best way to protect your personal information and passwords against entirely new threats like this.

Learn more:

• Hacker infiltrates ride-hailing app, initiates a spree of free rides and steals user data