Aug 9 – In your average workday, do you take Zoom calls and simultaneously work on other projects in the background? If so, this software could pose a threat…
A new study reveals that AI-powered software can “eavesdrop” on people by working out which keys are being pressed while typing occurs. The software has an accuracy rate of over ninety-percent, based on sound recordings alone.
The threat of cyber attacks based on sound recordings is non-trivial. Threat actors can use these ‘acoustic attacks’ to crack passwords, and ultimately, to hack into accounts.
How it works
To prove the legitimacy of this type of threat, cyber researchers pressed each of 36 keys on a MacBook Pro, including all of the letters and numbers, 25 times consecutively. In so doing, they used different fingers with varying pressure. Sounds were recorded both over Zoom and on a smart phone.
The recorded data was input into a machine learning system. Over time, the system recognized the acoustic signals associated with each key. Although it’s not clear as to how the AI determined which key was which, researchers believe that a key’s proximity to the edge of the keyboard could have been a factor.
AI keystrokes threat
While this study is not the first to prove that keystrokes can be ‘decoded’ based on sound, the researchers behind this study say that their testing used the most up-to-date methodologies and achieved the highest accuracy ever recorded. The study findings indicate the need for vigilance around password hygiene.
These kinds of acoustic “side channel attacks” can be mitigated through several different means. Biometric passwords and two-factor authentication can help. Further, it’s a good idea to use the shift key symbol when developing passwords, which allows for a mix of upper and lower case letters, or numbers and symbols.
The bottom line is that people should take care to avoid typing sensitive messages, including passwords, on keyboards during Zoom (or Teams) calls.
Get more insights into the latest AI trends, challenges and innovations. Check out A CISO’s Guide to AI in 2023. Lastly, to receive more timely cyber security news, insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.