Brave New World

Oh Dear: The Sound of Your Keystrokes Could Leave You Wide-open to a Cyberattack

A simple video call could open your laptop to hackers, experts warn…

University researchers have created an AI system to decipher words from the sound of typing — with more than 90 percent accuracy.

That remarkable achievement comes with an obvious downside: it means that just typing your password while chatting over a video platform like Zoom could open the door to a cyberattack.

Industry experts say that as video conferencing tools have grown in use, and devices with built-in microphones become ubiquitous, the threat is real, and rising.

Researchers have created a system that can work out which keys are being pressed on a laptop keyboard, according to a report in The Guardian.

“I can only see the accuracy of such models, and such attacks, increasing,” said Ehsan Toreini, doctor and co-author of the study at the University of Surrey. The research was published as part of the IEEE European Symposium on Security and Privacy Workshops.

Toreini and colleagues used machine learning algorithms to identify pressed keys based on sound alone. It’s an approach that researchers recently deployed on the Enigma cipher device.

The process began by pressing each of 36 keys on a MacBook Pro, including all letters and numbers, 25 times in a row, using different fingers and with varying pressure. The sounds were recorded over a Zoom call and on a smartphone near the laptop.

Suid Adeyanju, CEO of IT firm RiverSafe, said it was “a wake-up call about the true risks” posed by artificial intelligence. “Far too many organisations are rushing to adopt the technology without conducting even the most basic due diligence tests,” he said.

“Over-enthusiastic executives should take note that AI may look like Barbie, but it could turn out to be Oppenheimer if the necessary cyber protections and regulatory procedures aren’t in place.”

While it is not clear which clues the system used to identify specific keystrokes, Joshua Harrison, first author of the study, from Durham University, said proximity of the keys to the edge of the keyboard could be a factor. “This positional information could be the main driver behind the different sounds,” he said.

The system was then tested on other data. It proved accurate 95 percent of the time when the recording was made over a phone call, and 93 percent of the time during a Zoom call.

The study was co-authored by a doctor by from the Royal Holloway, University of London, Maryam Mehrnezhad. The researchers say the work is a proof-of-principle study, and has not been used to crack passwords. But they warn of a need for vigilance, and say using a laptop in public places could present a risk.

The risk of such acoustic “side channel attacks” can be mitigated, experts say, by opting for biometric passwords or activating two-step verification. Failing that, it’s a good idea to use the shift key and create a password using upper and lower cases, numbers, and symbols. “It’s very hard to work out when someone lets go of a shift key,” said Harrison.

Feng Hao, a professor from the University of Warwick, said people shouldn’t type sensitive messages, including passwords, during a Zoom call. “Besides the sound,” he said, “the visual images about the subtle movements of shoulder and wrist can reveal side-channel information about the keys being typed, on the keyboard even though the keyboard is not visible from the camera.”

marten

Recent Posts

ATIDI: De-Risking Africa’s Growth Trajectory Through Innovation, Impact and Integration

As Africa’s leading provider of credit and investment insurance, the African Trade & Investment Development…

6 hours ago

Moody’s Ratings’ 2025 Forecast for Latin America: Stable Outlooks, Sustainable Finance Trends & Impact of US Policy Measures

By Moody’s Ratings With nearly 30 years of experience in Latin America, Moody’s Ratings continues…

1 day ago

Beyond Capital Partners: Driving Sustainable Growth in the DACH Region

Beyond Capital Partners (BCP), an owner-managed private equity firm based in Frankfurt am Main, Germany,…

6 days ago

Christoph D Kauter: Leading Beyond Capital Partners with Vision and Purpose

Christoph D Kauter, Founder and Managing Partner of Beyond Capital Partners, has built a career…

1 week ago

NBG Securities: Redefining Investment Services with a Vision for Growth

As a subsidiary of the National Bank of Greece, NBG Securities has evolved into a…

2 weeks ago

The Big Themes from Money20/20: Why Banks Are Back, AI Is a Risk, and Financial Inclusion Finally Matters

By Alessandro Hatami, European banking innovation expert and co-author of Reinventing Banking and Finance and…

4 weeks ago