5.2 C

A.I. can identify keystrokes by just the sound of your typing and steal information with 95% accuracy, new research shows



You may have gotten used to covering your webcam, but now you might have to start muffling the sound of your keyboard, too.

Laptop users are at risk of having sensitive information including private messages, passwords, and credit card numbers stolen just by typing on their keyboard. A new paper by a team of researchers from British universities shows that artificial intelligence can identify keystrokes by sound alone with 95% accuracy. And as technology continues to develop at rapid paces, attacks such as these will become more sophisticated.

In this study, experimenters correctly identified keystrokes on a MacBook Pro through a nearby phone recording 95% of the time, and through a recorded Zoom call at a 93% rate.

The research paper details what it calls “acoustic side channel attacks” in which a malicious third party uses a secondary device, like a cell phone sitting next to a laptop or an unmuted microphone on a video-conferencing software such as Zoom, to record the sound of typing. The third party then feeds the recording through a deep-learning A.I. trained to recognize the sound of individual pressed keys to decipher what exactly was typed.

Deep learning (DL) is a subset of machine learning in which computers are taught to process data in a way similar to the human brain—essentially using a multi-layered “neural network” to “learn” from large amounts of data and accurately produce insights and predictions. Deep-learning models can recognize patterns in pictures, texts, sounds, and other data. This type of A.I. is in everyday products like digital assistants like Amazon’s Alexa and voice-enabled TV remotes, as well as newer technologies like self-driving cars.

“With the recent developments in both the performance of (and access to) both microphones and DL models, the feasibility of an acoustic attack on keyboards begins to look likely,” the paper said.

The paper, published on August 3, was authored by Joshua Harrison, a software development engineer at Amazon who recently graduated with a Masters of Engineering from Durham University, as well as University of Surrey lecturer Ehsan Toreini and Royal Holloway University of London senior lecturer Maryam Mehrenzhad.

Mitigating the ever-developing threat

Laptops are especially ideal targets for these attacks because of their portability, according to the paper. People often take their laptops to work in public spaces like libraries, coffee shops, and study areas, where the sound of typing can easily be recorded without notice from the targeted user.

One of the main concerns of the paper is that people are unaware of these kinds of attacks, so they do nothing to prevent them.

“The ubiquity of keyboard acoustic emanations makes them not only a readily available attack vector, but also prompts victims to underestimate (and therefore not try to hide) their output,” the paper said. “For example, when typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound.”

One way to mitigate the threat of this attack is by using stronger passwords with multiple cases, like special characters, upper and lowercase letters, and numbers. Passwords with full words might be more easily deduced and therefore at greater risk of attack. 

And while the pressing of the shift key can be recognized by A.I., it cannot yet recognize the “release peak” of the shift key amidst the sound of other keys, “doubling the search space of potential characters following a press of the shift key,” the paper said. 

Another simple way to deter these kinds of attacks is by using two-factor authentication. This is a security method that requires two forms of identification to access accounts and data. For instance, the first factor may be a password and the second may be an account activity confirmation through an email or on a separate device. 

Biometric authentication, like fingerprint scans and facial recognition, can also lessen the risk of an attack.

But as A.I. continues to evolve, so too will these attacks. The authors of the paper recommended that future studies analyze the use of smart speakers to record keystrokes, “as these devices remain always-on and are present in many homes.” 

The authors also suggested that future research should explore the implementation of a language model used in tandem with a deep-learning A.I. Language models, like viral chatbot ChatGPT, are trained on large series of text to recognize patterns of speech. 

A language model “could improve keystroke recognition when identifying defined words as well as an end-to-end real-world implementation of an ASC attack on a keyboard,” the paper said. 

Source link

Subscribe to our magazine

━ more like this

A rivalry that predates the Civil War is about to heat up with a vote on subsidizing a new stadium

A 170-year-old rivalry is flaring up as Kansas lawmakers try to snatch the Super Bowl champion Kansas City Chiefs away from Missouri even though economists...

A rare flesh-eating bacteria with a ‘terrifying’ mortality rate that can kill people in 48 hours is spreading in Japan

A disease caused by a rare “flesh-eating bacteria” that can kill people within 48 hours is spreading in Japan after the country relaxed...

Meet the co-owner of the NBA’s Dallas Mavericks: A casino mogul trying to bring gambling to a reluctant state

As Game 3 of the NBA Finals tipped off at the American Airlines Center on Wednesday, Patrick Dumont, the new co-owner of the...

NASA says Voyager 1 is fully back online months after it stopped making sense

Voyager 1, the farthest human-made craft from the Earth, is finally sending back data from all four of its scientific instruments, NASA said...

Colliding hot and cold fronts whipsaw the U.S. with extreme heat, flooding, and a chance of snow

After days of intense flooding in Florida, that state and many others are bracing for an intense heat wave, while the Pacific Northwest will experience...