Cyberattack steals data by hearing you type
British cybersecurity researchers have published a study revealing a hypothetical cyberattack that could steal your personal data just by hearing you type.
The method leverages a deep-learning-based algorithm that analyses sounds produced by keystrokes to figure out what the person is typing.
Their testing found that the cyberattack could accurately decode keystrokes 95% of the time when analysed through a smartphone microphone.
It was accurate 93% of the time when decoding over a Zoom call.
“This paper presents a practical implementation of a state-of-the-art deep learning model in order to classify laptop keystrokes, using a smartphone-integrated microphone,” the paper reads.
“When trained on keystrokes recorded by a nearby phone, the classifier achieved an accuracy of 95%, the highest accuracy seen without the use of a language model.”
The algorithm then analyses the audio recording and translates into readable text.
“Our results prove the practicality of these side channel attacks via off-the-shelf equipment and algorithms,” the researchers said.
The team listed several mitigation techniques to protect users against similar attacks, with the first being a simple change of typing style.
It noted that when touch typing — typing without looking at the keyboard — was used, keystroke recognition accuracy dropped to 40%.
Another mitigation technique is the use of randomised passwords using multiple cases.
“Passwords containing full words may be at greater risk of attack,” they said.
Regarding potential attacks over video-conferencing platforms like Zoom, the team recommends that users play sounds from a speaker close to the microphone or “mixing sounds into the transmitted audio locally”.
Now read: Police hiring 10,000 new officers
Loading ...