Artificial intelligence was recently documented as being able to decipher security passwords just by “listening” to the sound of a computer’s keystrokes.
The latest AI research, published on August 3, showcases the training of an AI model on audio recordings of people typing. The AI was astoundingly adept at discerning the distinct sounds that each key produced, an ability beyond the human ear.
During testing, with just a phone’s microphone positioned 17 centimeters away, the AI achieved 95%, 93%, and 91.7% accuracy rates for typing on a 2021 MacBook Pro, Zoom calls and Skype calls, respectively.
“When typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound,” researchers said.
The method employed by hackers, known as the “acoustic side-channel attack,” is far from new. In fact, according to Fox News, it can be traced back to the 1950s when British spies utilized sound emissions from Hagelin encryption devices to infiltrate the Egyptian embassy.
According to the research, each keystroke produces a unique, almost inaudible sound. The AI processes these sounds by analyzing the waveform, intensity and timing of each key press. In tests, the researchers meticulously pressed 36 keys on various laptops 25 times each, altering the pressure and the finger used.
For modern users, the widespread adoption of smartphones and laptops poses a substantial risk. The paper warns of the vulnerability of even the softer keystrokes of devices like the MacBook.
The AI considers even slight nuances in a user’s typing style, posing an alarming threat in real-world scenarios where malware on a nearby microphone could collect keystroke data to extract passwords.
However, the study suggests that changing typing styles can serve as an effective countermeasure. Interestingly, while the AI could detect the press of the shift key, it couldn’t recognize the release of the shift key distinguished from other keyboard sounds. The study documented the importance of using both uppercase and lowercase letters in passwords for stronger security measures.
The research also points toward using touchscreen keyboards as a “silent alternative” while urging users to embrace features like Touch ID or avoid traditional typed passwords altogether.
This news article was partially created with the assistance of artificial intelligence and edited and fact-checked by a human editor.