Artificial intelligence (AI) can recognize passwords by the sound of keystrokes with more than 90 per cent accuracy, according to a new university study.
Typing in a computer password while chatting on a video call like Zoom could open the door to cyberattacks, and a new study shows that artificial intelligence can eavesdrop on the sound of typing to figure out which keys are being pressed.
As the use of video conferencing tools such as Zoom grows and devices with built-in microphones become ubiquitous, the threat of voice-based cyberattacks rises, industry experts say.
Now, this could lead to a new type of cyber attack.
Dr Ehsan Toreini, co-author of the study from the University of Surrey, commented: "I can only see the accuracy of these types of models and such attacks increasing. As smart devices with microphones become more The more prevalent, for families, such attacks underscore the need for a public debate on AI governance."
The study, presented as part of a workshop at the IEEE European Symposium on Security and Privacy, reveals how Toreini and colleagues used machine learning algorithms to create a system that can recognize key presses on a laptop based on sound, which the researchers deployed The method of Enigma cryptographic device appeared in recent years.
The study reports how researchers used different fingers to press each of the 36 keys (including all letters and numbers) on a MacBook Pro 25 times in succession.
The sounds were recorded over a Zoom call and on a smartphone placed not far from the keyboard.
The team then fed some of the data into a machine-learning system that, over time, learned to recognize the keystrokes associated with each keypress, said study lead author Joshua Harrison of Durham University. characteristics of the acoustic signal.
While it's unclear which cues the system uses, Harrison said an important influencing factor may be the distance of the keys from the edge of the keyboard.
The results showed that the system could accurately assign the correct key to the voice when recording a phone call, and the correct pitch to a voice when recording a Zoom call with 93 percent accuracy.
This research should be a wake-up call that AI poses real risks when technology is hijacked by cybercriminals.
Too many organizations rush to adopt the technology without conducting even the most basic due diligence tests and completely disregarding standard security protocols.
Overzealous executives should note that AI may look like a Barbie doll, but it could turn into an Oppenheimer if the necessary cyber protections and regulatory processes are not in place.
The study, by Dr Maryam Mehrnezhad, also of Royal Holloway, University of London, is not the first to show that keystrokes can be recognized by sound.
However, the team says their study used the latest methods and achieved the highest accuracy to date.
While the researchers said the work was a proof-of-principle study and was not used to crack passwords because of the need to correctly guess strings of keystrokes or in real-world settings like a coffee shop, they said the work emphasizes vigilance necessity.
Laptops with similar keyboards and commonly used in public places are at high risk, but similar wiretapping methods could be applied to any keyboard, the researchers said.
There are several ways to mitigate the risk of such acoustic side-channel attacks, including opting for biometric passwords or activating two-step verification systems where possible, the researchers added.
Failing that, they say it's better to use the Shift key to create a mix of upper and lower case or numbers and symbols.
Professor Feng Hao of the University of Warwick, who was not involved in the new study, said people should be careful not to enter sensitive information, including passwords, on their keypads during Zoom calls.
In addition to sound, visual images of subtle shoulder and wrist movements can reveal side-channel information about keys being typed on a keyboard, even if the keyboard is not visible from the camera.