Researchers have developed a system that makes use of sound recordings and is capable of determining what has been typed with an accuracy of more than 90 percent.
After a study found that artificial intelligence (AI) is capable of figuring out which keys have been pressed by listening to the noise of the pressing keys, research shows that putting in a computer passcode while conversing over Zoom might open the way to a cyberattack.
The research was conducted after a study indicated that artificial intelligence (AI) may figure out which buttons are getting pressed.
Experts believe that the risk of cyber-attacks based on noises has increased along with the popularity of video conferencing applications such as Zoom, as well as the widespread availability of devices that come equipped with microphones already installed.
Now, researchers claim that they have developed a method that can determine with an accuracy of more than 90 percent, only based on sound recordings, which keys have been pressed on the keyboard of a laptop.
Dr. Ehsan Toreini, the other co-author of the study from the University of Surrey, stated, “I can only observe the precision of such designs, and such attacks, increasing.” He also noted that, as smart devices equipped with microphones become more and more commonplace within households, these kinds of attacks emphasize the requirement for public discussions on the governance of AI.
The study, which was presented at the IEEE European Conference on Privacy and Security Workshops, indicates how Toreini and coworkers used artificial intelligence algorithms to develop a system that could determine, based on noise, which keys had been pressed on a laptop. This technique was recently applied to the Enigma cipher machine.
The paper details how the researchers repeatedly pressed a MacBook Pro with 36 keys (containing all the letters and numerals) using various fingers and changing pressure for 25 repetitions. The recordings were made using a call through Zoom and a smartphone that was positioned next to the keyboard.
A system that uses machine learning was fed a subset of the data, and it gradually learned to identify characteristics of the sound waves that correspond to each key. It is unclear which hints the system used, but Joshua Harrison, the study’s lead author and a computer scientist at Durham University, speculated that the proximity of the keys to the edges of the keyboard had a role.
According to what he mentioned, this spatial information might be the primary factor that determines the various sounds.
After then, the system was put through its paces using the remaining data.
According to the findings, the software was able to correctly assign the appropriate key to a noise 95% of the time if the recording was recorded during a phone conversation, and 93% of the period whenever the recording is made during a Zoom call.
The research, which was carried out at the Royal Holloway College, University of London and co-authored by Dr. Maryam Mehrnezhad, isn’t the first to demonstrate that keystrokes may be recognized based on the sounds they make. Nevertheless, the team believes that their research makes use of the most recent methodologies and has reached the best level of accuracy to date.
Although the researchers claim that the work serves as a proof-of-principle study and was not performed for cracking passwords – which requires accurately predicting strings of clicks – or in real-world environments like coffee shops, they declare that the work emphasizes the need for watchfulness.
They point out that while laptops pose a high risk because of their akin keyboards and frequent usage in public places, similar listening in methods might be used to any keyboard.
The researchers note that the possibility of such sonic side-channel assaults can be avoided in a number of different ways. Two of these methods are the use of biometric passwords wherever they are available and the activation of systems that require two steps of verification.
In the event that this is not possible, it is recommended that one make use of the shift key in order to generate a combination of both lower and uppercase letters, as well as numbers and symbols.
According to Harrison, it is quite difficult to figure out what happened when someone let off a shift key.
Prof. Feng Hao, the University of Warwick, which did not participate in the new study, advised individuals not to write confidential information, such as login credentials, on a keyboard when participating in a Zoom session.
According to him, in addition to the sound, pictures of the small motions of the shoulder as well as wrist can also disclose side-channel data regarding the keys that are being entered on the keyboard, despite the fact that the keyboard isn’t visible from the camera.
