AI can accurately steal passwords with near-perfect accuracy | ENBLE

AI can accurately steal passwords with near-perfect accuracy | ENBLE

Researchers at Cornell University Discover New AI Attack: Stealing Keystrokes with 95% Accuracy


Researchers at Cornell University have made a fascinating new discovery in the field of AI tools and data security. They have found a way for AI to steal your data by listening to the sound of your keystrokes. In a research paper, they detail an AI-driven attack that can accurately steal passwords with up to 95% accuracy, simply by listening to the sound of a person typing on their keyboard.

The researchers achieved this by training an AI model on the distinct sound patterns of keystrokes and deploying it on a nearby phone. The integrated microphone on the phone then listened for keystrokes on a MacBook Pro and was able to accurately reproduce them with an astonishing 95% accuracy. This is the highest accuracy level recorded without the use of a large language model.

To test the accuracy of the attack in real-world scenarios, the researchers conducted experiments during Zoom and Skype calls. The microphone on the laptop recorded the keystrokes while a meeting was in progress. The AI model successfully reproduced the keystrokes with an accuracy rate of 93% during Zoom calls and 91.7% during Skype calls.

Contrary to popular belief, the volume of the keyboard did not significantly affect the accuracy of the attack. Instead, the AI model was trained to analyze the waveform, intensity, and timing of each keystroke. It took into account individual typing styles and variations in the timing of key presses, allowing it to accurately identify and reproduce them.

In a real-world situation, this attack would take the form of malware installed on a nearby device with a microphone, such as a phone. The malware would gather data from a person’s keystrokes and feed them into an AI model by listening through the microphone. For their experiment, the researchers used CoAtNet, an AI image classifier, and trained it on 36 keystrokes on a MacBook Pro, each repeated 25 times.

While this discovery might be alarming, there are ways to protect yourself from such attacks. Bleeping Computer suggests several measures to safeguard your data. One option is to avoid typing passwords altogether by utilizing features like Windows Hello and Touch ID. Another effective measure is to invest in a reliable password manager. Not only does it eliminate the risk associated with typing passwords, but it also allows you to use unique and random passwords for all your accounts.

Interestingly, using a quieter keyboard will not provide any defense against this type of attack. The AI model relies on analyzing the sound patterns of the keystrokes, making the loudness of the keyboard irrelevant.

Unfortunately, this AI attack is just one among many new and emerging threats enabled by AI tools. Another recent concern is ChatGPT, which the FBI has warned can be used to launch criminal campaigns. Security researchers are faced with new challenges, such as adaptive malware capable of rapidly evolving using tools like ChatGPT.

Overall, while this discovery raises concerns about data security, it also highlights the fascinating advancements taking place in the field of AI. As researchers continue to push the boundaries of technology, it becomes increasingly crucial for individuals and organizations to stay vigilant and adopt robust security measures. By staying informed and taking appropriate action, we can harness the benefits of AI while safeguarding ourselves from potential risks.