Cybersecurity researchers have shown that an AI model can work out what people are typing based on the sounds that different keys make when they’re pressed, and could feasibly be used to guess victims’ passwords during video conferencing calls.
Considering the number of apps the average user hands over microphone access to, as well as the extensive use of software like Zoom by remote employees, these findings are extremely concerning. Passwords and other sensitive information could easily be uncovered using this sort of technique.
A deep learning model with the power to identify keystrokes in this way is just one of the latest instances of AI scams, fraud, and cyber attacks being linked to the booming new technology.
AI Can Recognize Almost Every Keyboard Key You Press
In a recently-published study, UK-based researchers Joshua Harrison, Ehsan Toreini and Maryam Mehrnezhad found that a deep learning model could classify 95% of keystrokes made on a 2021 MacBook Pro recorded on a nearby iPhone 17.
They trained the model by pressing 36 keys a total of 25 times each, in order to help it recognize the individual waveforms produced by individual keystrokes.
Along with the impressive – and worrying – results achieved via the iPhone audio recording, “when trained on keystrokes recorded using the video-conferencing software Zoom, an accuracy of 93% was achieved, a new best for the medium”, the researchers said.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.
Interestingly, on the few occasions the deep learning model used by researchers was mistaken in its classification, it was only a few keys away from the right answer. This suggests the position of the keys on the keyboard contributes significantly to unique audio profiles.
The researchers say that their results “prove the practicality of these side-channel attacks via off-the-shelf equipment and algorithms.”
What Are Side-Channel Attacks?
Side-channel attacks are a category of cyber attacks that take advantage of extra information available via channels and mediums created by the physical implementation of a system and its hardware.
The capturing of audio in a video call is just one example of a side-channel attack. Van Eck Phreaking – a different kind of side-channel attack – involves utilizing equipment that can pick up electromagnetic emissions emitted by LCD displays to extract data about what’s on the screen.
How to Protect Yourself From The Threat
Some recommendations of what you can do to combat cyber attacks facilitated by AI tools with the above capabilities are put forward by the trio of researchers.
Perhaps the easiest to implement action is simply using multiple cases in your password. The AI model was good at recognizing most keystrokes but struggled with the shift key, according to Ars Technica.
Other recommendations include changing the rhythm at which you type and adding decoy keystrokes when typing while on video calls. Using a password manager to help juggle multiple combinations also comes highly recommended, as it's an effective way to limit the damage if one of your accounts is compromised.