AI Can Now Crack Your Password By Listening to the Sound of Your Keys

In a digital age dominated by virtual interactions and omnipresent devices equipped with microphones, a novel vulnerability emerges – the potential of cyber-attacks based on sound patterns. 

Recent research has demonstrated that artificial intelligence (AI) can infer computer keystrokes by analyzing the acoustic signals generated during typing. This revelation poses significant security concerns, especially as the usage of video conferencing tools like Zoom becomes ubiquitous, accompanied by the proliferation of devices with built-in microphones.

Pioneering Research

Researchers have accomplished a groundbreaking feat, claiming to achieve over 90% accuracy in discerning pressed keys on a laptop keyboard solely through sound recordings. Dr. Ehsan Toreini, a co-author of the study hailing from the University of Surrey, anticipates that this accuracy rate could further improve with time. Given the increasing prevalence of smart devices containing microphones within households, these findings underscore the importance of public discussions about the governance of AI in such contexts.

Methodology and Insights

Published as part of the IEEE European Symposium on Security and Privacy Workshops, this research mirrors historical accounts of deciphering encrypted messages, akin to the Enigma cipher machine. Researchers employed machine learning algorithms to interpret distinct acoustic patterns corresponding to each key’s depression on a laptop keyboard. These patterns were established by repetitively pressing each of the 36 keys on a MacBook Pro, varying factors such as finger used, pressure exerted, and tempo of typing. Recordings were collected both through a Zoom call and a smartphone placed nearby.

Training the AI

The AI was then trained using a subset of the acquired data, allowing it to identify characteristic acoustic features associated with each key. The exact cues utilized by the AI remain unclear, but the proximity of keys to the keyboard’s edge was suggested as a possible factor influencing the acoustic differentiation. Joshua Harrison, the study’s lead author from Durham University, proposed that this positional information might be pivotal in this regard.

Performance Evaluation

The AI’s aptitude was subsequently tested using the remaining data. Astonishingly, the system achieved a 95% accuracy rate in correctly associating a key with its corresponding sound in phone call recordings, and a 93% accuracy rate for Zoom call recordings.

Contributions and Implications

While not the first study to explore the link between keystrokes and sound, this research sets a new benchmark in terms of accuracy and methodology. However, the researchers emphasize that this work is a proof-of-concept and has not been used to breach passwords or tested in real-world environments. They caution that devices with similar keyboards could potentially face similar eavesdropping threats.

Mitigating Acoustic Threats

The researchers offer potential measures to mitigate the risk of acoustic “side channel attacks.” They suggest opting for biometric passwords where feasible or implementing two-step verification systems. Alternatively, they recommend utilizing the shift key to diversify the typing pattern by incorporating both upper and lower cases, numbers, and symbols.

Visual Cues and Unseen Risks

Professor Feng Hao from the University of Warwick, who was not involved in the study, points out an additional aspect of risk. He highlights that aside from sound, subtle visual cues, such as movements of shoulders and wrists during typing, could also disclose side-channel information about typed keys, even if the keyboard isn’t visible to the camera.

Conclusion

In the intricate interplay between keystrokes and AI’s acoustical prowess, a tale of security and vulnerability unfolds. As technology continues to evolve, users must remain vigilant and seek to strike a balance between convenience and safeguarding sensitive information. The symphony of typewritten text and AI’s analytical capabilities must be orchestrated harmoniously to ensure a secure digital landscape.