AI Can Now Steal Your Password Just By Listening To You Type

Researchers have proven that AI tools can be used effectively to complete audio side-channel attacks during video calls.

Cybersecurity researchers have shown that an AI model can work out what people are typing based on the sounds that different keys make when they’re pressed, and could feasibly be used to guess victims’ passwords during video conferencing calls.

Considering the number of apps the average user hands over microphone access to, as well as the extensive use of software like Zoom by remote employees, these findings are extremely concerning. Passwords and other sensitive information could easily be uncovered using this sort of technique.

A deep learning model with the power to identify keystrokes in this way is just one of the latest instances of AI scams, fraud, and cyber attacks being linked to the booming new technology.

AI Can Recognize Almost Every Keyboard Key You Press

In a recently-published study, UK-based researchers Joshua Harrison, Ehsan Toreini and Maryam Mehrnezhad found that a deep learning model could classify 95% of keystrokes made on a 2021 MacBook Pro recorded on a nearby iPhone 17.

They trained the model by pressing 36 keys a total of 25 times each, in order to help it recognize the individual waveforms produced by individual keystrokes.

Along with the impressive – and worrying – results achieved via the iPhone audio recording, “when trained on keystrokes recorded using the video-conferencing software Zoom, an accuracy of 93% was achieved, a new best for the medium”, the researchers said.

 

About Tech.co Video Thumbnail Showing Lead Writer Conor Cawley Smiling Next to Tech.co LogoThis just in! View
the top business tech deals for 2024 👨‍💻
See the list button

Interestingly, on the few occasions the deep learning model used by researchers was mistaken in its classification, it was only a few keys away from the right answer. This suggests the position of the keys on the keyboard contributes significantly to unique audio profiles.

The researchers say that their results “prove the practicality of these side-channel attacks via off-the-shelf equipment and algorithms.”

What Are Side-Channel Attacks?

Side-channel attacks are a category of cyber attacks that take advantage of extra information available via channels and mediums created by the physical implementation of a system and its hardware.

The capturing of audio in a video call is just one example of a side-channel attack. Van Eck Phreaking – a different kind of side-channel attack – involves utilizing equipment that can pick up electromagnetic emissions emitted by LCD displays to extract data about what’s on the screen.

How to Protect Yourself From The Threat

Some recommendations of what you can do to combat cyber attacks facilitated by AI tools with the above capabilities are put forward by the trio of researchers.

Perhaps the easiest to implement action is simply using multiple cases in your password. The AI model was good at recognizing most keystrokes but struggled with the shift key, according to Ars Technica.

Other recommendations include changing the rhythm at which you type and adding decoy keystrokes when typing while on video calls. Using a password manager to help juggle multiple combinations also comes highly recommended, as it’s an effective way to limit the damage if one of your accounts is compromised.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Aaron Drapkin is Tech.co's Content Manager. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol six years ago. Aaron's focus areas include VPNs, cybersecurity, AI and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, Cybernews, Lifewire, HR News and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, ProPrivacy, The Week, and Politics.co.uk covering a wide range of topics.
Explore More See all news
Back to top
close Building a Website? We've tested and rated Wix as the best website builder you can choose – try it yourself for free Try Wix today