Researchers in the United Kingdom have successfully used artificial intelligence (AI) technology to record the sound of keystrokes with astonishing accuracy. In a recent study published as part of the IEEE European Symposium on Security and Privacy Workshops, computer scientists from Durham University, University of Surrey, and Royal Holloway University of London simulated a cyberattack using a deep learning model to classify laptop keystrokes based on audio recordings from the popular video-conferencing platform Zoom and a smartphone-integrated microphone.
The researchers discovered that when trained on keystrokes recorded by a nearby phone, their classifier achieved an impressive accuracy of 95%. This accuracy rate is the highest seen without the use of a language model. Additionally, when trained on keystrokes recorded from Zoom, the accuracy level remained high at 93%.
However, the scientists caution that further research is necessary to determine if other discreet methods of recording keystrokes produce similar results. They assert that their findings highlight the practicality of side-channel attacks using off-the-shelf equipment and algorithms. With advancements in deep learning, these acoustic side-channel attacks now pose an even greater threat to keyboards than ever before.
To protect against such attacks, the researchers suggest that simple changes in typing style could be sufficient. When participants used touch typing, the recognition accuracy decreased from 64% to 40%, which may not be high enough when dealing with complex inputs that involve the use of the shift key, backspace, and other non-alphanumeric keys. Additionally, employing randomized passwords with multiple cases and utilizing two-factor authentication can serve as additional lines of defense.
The researchers also discussed potential sound-based countermeasures to these attacks, including the addition of randomly generated fake keystrokes to transmitted audio. They highlighted the importance of public debates on the governance of AI, considering the increasing prevalence of smart devices with built-in microphones in households.
Overall, this study sheds light on the growing threat of audio-based side-channel attacks on keyboards and the need for robust defenses. As technology becomes more pervasive, adequate countermeasures must be put in place to safeguard sensitive user information. By understanding the implications and taking proactive measures, individuals and organizations can protect themselves from potential cyber threats in an increasingly interconnected world.
