AI Can Identify Passwords by Analysing Typing Sounds, Opening the Door to Cyber-Attacks
In a world increasingly reliant on remote communication and virtual connections, the symphony of keystrokes that accompanies digital conversations has become a potential vulnerability. A recent study has unveiled a disconcerting revelation: the harmonious clatter of keys being pressed during a Zoom call can serve as a melodic invitation to cyber attackers, thanks to the keen ears of artificial intelligence ( AI ).
As video conferencing platforms like Zoom gained widespread adoption, the harmony of digital communication was disrupted by a cacophony of cybersecurity concerns. Researchers from the University of Surrey have now orchestrated an unsettling concerto, demonstrating that AI can decipher the distinct sounds of typing on a keyboard during a Zoom call, opening the door to potentially disastrous cyber-attacks .
Dr. Ehsan Toreini, a co-author of the study, voiced his concerns about the escalating accuracy of such AI models, underscoring the urgency for public discourse on the governance of AI in our modern lives. With an array of smart devices featuring microphones that now populate households, the potential implications of these sound-based attacks are far-reaching.
The research, presented at the IEEE European Symposium on Security and Privacy Workshops, showcases the ingenuity of modern cyber threats. Using machine learning algorithms, the researchers crafted a system that could discern keystrokes on a laptop keyboard with remarkable precision—over 90% accuracy—based solely on sound recordings.
The experiment unfolded like a symphonic performance, with the researchers meticulously playing each of the 36 keys on a MacBook Pro, their fingers dancing to the rhythm of different pressures and angles. These auditory notes were captured through Zoom calls and smartphone recordings, composing a score for the AI to decode.
The machine learning system, akin to a virtuoso conductor, was introduced to part of the data, allowing it to discern the nuances and patterns of the acoustic signals emanating from each keystroke. While the exact cues the AI leveraged remained enigmatic, Joshua Harrison , the study's first author, speculated that the proximity of keys to the keyboard's edge might play a pivotal role in shaping the auditory fingerprint of each keystroke.
The climax of the study arrived when the system was put to the ultimate test—deciphering the rest of the recorded keystrokes. Impressively, the AI exhibited its mastery, accurately translating the auditory symphony into keystrokes with 95% accuracy for phone call recordings and 93% for Zoom call recordings.
While the research serves as a proof-of-concept and hasn't yet cracked passwords or invaded real-world settings like coffee shops, it offers a chilling reminder of the need for vigilance. Laptops, often utilised in public spaces and thus more susceptible, are at the forefront of this risk. However, the ensemble of cyber attackers could potentially adapt their tactics to any keyboard, playing a sinister tune of digital infiltration.
The researchers emphasise that countermeasures can compose a defensive symphony against these acoustic "side-channel attacks." Opting for biometric passwords or activating two-step verification are among the strategies to mitigate the risk. In a crescendo of cautionary advice, they recommend the strategic use of the shift key, blending upper and lower cases, numbers, and symbols, creating a discordant composition that defies easy deciphering.
As Professor Feng Hao from the University of Warwick notes, the melody of cybersecurity extends beyond sound: even visual cues like shoulder and wrist movements during typing can betray the secrets of a keyboard's dance, a subtle ballet that remains hidden from the camera's gaze.
In this era of harmonious digital interactions, where keystrokes form the rhythmic backdrop to our conversations, the study's findings cast a shadow over the orchestra of communication. As we navigate the symphony of our digital lives, we must be mindful of the crescendo of threats that lie beneath the surface, embracing new harmonies of cybersecurity to safeguard our virtual sanctuaries.
As video conferencing platforms like Zoom gained widespread adoption, the harmony of digital communication was disrupted by a cacophony of cybersecurity concerns. Researchers from the University of Surrey have now orchestrated an unsettling concerto, demonstrating that AI can decipher the distinct sounds of typing on a keyboard during a Zoom call, opening the door to potentially disastrous cyber-attacks .
Dr. Ehsan Toreini, a co-author of the study, voiced his concerns about the escalating accuracy of such AI models, underscoring the urgency for public discourse on the governance of AI in our modern lives. With an array of smart devices featuring microphones that now populate households, the potential implications of these sound-based attacks are far-reaching.
The research, presented at the IEEE European Symposium on Security and Privacy Workshops, showcases the ingenuity of modern cyber threats. Using machine learning algorithms, the researchers crafted a system that could discern keystrokes on a laptop keyboard with remarkable precision—over 90% accuracy—based solely on sound recordings.
The experiment unfolded like a symphonic performance, with the researchers meticulously playing each of the 36 keys on a MacBook Pro, their fingers dancing to the rhythm of different pressures and angles. These auditory notes were captured through Zoom calls and smartphone recordings, composing a score for the AI to decode.
The machine learning system, akin to a virtuoso conductor, was introduced to part of the data, allowing it to discern the nuances and patterns of the acoustic signals emanating from each keystroke. While the exact cues the AI leveraged remained enigmatic, Joshua Harrison , the study's first author, speculated that the proximity of keys to the keyboard's edge might play a pivotal role in shaping the auditory fingerprint of each keystroke.
The climax of the study arrived when the system was put to the ultimate test—deciphering the rest of the recorded keystrokes. Impressively, the AI exhibited its mastery, accurately translating the auditory symphony into keystrokes with 95% accuracy for phone call recordings and 93% for Zoom call recordings.
While the research serves as a proof-of-concept and hasn't yet cracked passwords or invaded real-world settings like coffee shops, it offers a chilling reminder of the need for vigilance. Laptops, often utilised in public spaces and thus more susceptible, are at the forefront of this risk. However, the ensemble of cyber attackers could potentially adapt their tactics to any keyboard, playing a sinister tune of digital infiltration.
The researchers emphasise that countermeasures can compose a defensive symphony against these acoustic "side-channel attacks." Opting for biometric passwords or activating two-step verification are among the strategies to mitigate the risk. In a crescendo of cautionary advice, they recommend the strategic use of the shift key, blending upper and lower cases, numbers, and symbols, creating a discordant composition that defies easy deciphering.
As Professor Feng Hao from the University of Warwick notes, the melody of cybersecurity extends beyond sound: even visual cues like shoulder and wrist movements during typing can betray the secrets of a keyboard's dance, a subtle ballet that remains hidden from the camera's gaze.
In this era of harmonious digital interactions, where keystrokes form the rhythmic backdrop to our conversations, the study's findings cast a shadow over the orchestra of communication. As we navigate the symphony of our digital lives, we must be mindful of the crescendo of threats that lie beneath the surface, embracing new harmonies of cybersecurity to safeguard our virtual sanctuaries.
Next Story