Hackers can steal user information just by listening to keyboard sounds
Taslima Jamal
Often keystrokes, built-in microphones, webcams are easy targets for hackers. But the idea of stealing user information by hacking into a device’s microphone and recording the keystrokes of another nearby device was not previously thought of. A group of British researchers have shown that. They developed a deep learning model that can almost perfectly identify input data by analyzing the sound of keystrokes. They claim that its accuracy is up to 95 percent.
The model’s algorithm showed much higher accuracy for MacBooks and iPhones. However, in the case of video conferencing platform Zoom, its effectiveness has been seen at 93 percent.
Clearly, such cyber attacks pose a serious threat to the security of an individual or organization. Through this, a person’s passwords, conversations, messages or other sensitive information can get into the hands of hackers.
For this model to work, special environment/conditions (low noise), high data-rate and short distance between microphone and target device are required. Nowadays these acoustic attacks are very easy to carry out because many devices now have microphones. Again, microphones can capture high-quality audio.
Listening for keystrokes
The first step in creating this model is to first record the keystrokes on the keyboard. Because this data is needed to train the algorithm. Information can be stolen through a nearby microphone or a target phone that has access to an infected malware.
On the other hand keystrokes can also be recorded through a zoom call. A hacker participates in a Zoom meeting. He can retrieve information by making a correlation between the target person’s typed message and the sound recording.
The researchers pressed 36 keys on a MacBook Pro 25 times each to collect data to train the model. Record the sound produced during each pressure.
Then create waveforms and spectrograms to visualize the recordings. An image classifier deep learning model called ‘CoAtNet’ is trained using the spectrograms.
Researchers used the same laptop in each experiment. Its keyboard has been used in all Apple laptops for two years. For testing, an iPhone 13 mini is placed 17 cm away from the target (laptop). Keystrokes are also recorded while using Zoom.
Possible security measures
QuotNet has been able to identify input data with 95 percent accuracy from keystroke recordings with smartphone microphones. And the accuracy rate of records captured through Zoom is 93 percent. Although this rate is lower in Skype, it is 91.7 percent.
To get protection from this type of hacker, the researchers suggest changing the typing style. That is, not using conventional Qwerty-based keyboards. Using complex passwords etc.
Software can also be used among other security measures. These software can change the sound of the keystrokes, make white noise or almost all the keystrokes sound the same. Some software can also filter keystroke audio.
This deep learning model is highly effective even with less noise–boards. Therefore, protection against such cyber-attacks can be achieved by adding sound dampeners to mechanical keyboards or by using membrane-based keyboard switches.
Biometric and password manager can be used for device login.
