AI cyberattack can determine passwords from keyboard sounds

AI cyberattack can determine passwords from keyboard sounds

Hacking Passwords with AI: A New Frontier


In the realm of cybersecurity, a new threat has emerged, one that leverages the power of artificial intelligence to compromise passwords. While hacking passwords through keystroke recordings is not a new concept, recent advancements in deep learning have made this method significantly more accurate. A team of computer scientists from Durham University, University of Surrey, and Royal Holloway University of London have successfully simulated a cyberattack that utilized audio recordings from Zoom and smartphone microphones. By training a deep learning model on these keystroke audio recordings, they achieved an impressive accuracy rate of 93 percent using Zoom and 95 percent using a smartphone. These findings, presented at the 2023 IEEE European Symposium on Security and Privacy Workshop, shed light on the growing threat of acoustic side channel attacks (ASCAs) and the need for increased awareness and protection.

The concept of ASCAs, which involves exploiting acoustic information to infer sensitive information, was initially studied in the early 2000s but has received little attention in recent years. However, with the rise of video conferencing and the increasing number of people working remotely in public places, this type of attack has the potential to become more prevalent. Combining this with the recent advancements in neural networks and the accessibility of deep learning tools, the researchers highlighted the urgent need to address this vulnerability.

The team’s demonstration of ASCAs utilized off-the-shelf equipment and software, making it an accessible attack method for cybercriminals. By recording the sound of keystrokes during a video conference or near a smartphone microphone, they were able to accurately classify these keystrokes using a deep learning model. These findings serve as a wake-up call, emphasizing the importance of protecting sensitive information in digital environments.

So, what can individuals do to protect themselves against acoustic side channel attacks? While the simplest solution is to avoid typing passwords near any microphones or during Zoom calls, this may not always be feasible. Therefore, additional security measures are necessary. The researchers proposed several measures, including:

  1. Two-factor authentication: Implementing an additional layer of security by requiring a second form of verification, such as a unique code sent to a registered mobile device, in addition to a password.
  2. Biometric login: Utilizing biometric identification methods, such as fingerprint or facial recognition, whenever possible. These methods provide an extra layer of protection, as they are not susceptible to keystroke-related attacks.
  3. Randomized passwords: Creating and using strong passwords that consist of a combination of upper and lower case characters, numbers, and special symbols. Randomized passwords make it difficult for attackers to recognize patterns in keystrokes, such as the release of the Shift key.

By adopting these security measures, individuals can significantly mitigate the risk of falling victim to acoustic side channel attacks. It is important to remain vigilant and stay informed about emerging threats in the ever-evolving landscape of cybersecurity.

In conclusion, the research conducted by the computer scientists from Durham University, University of Surrey, and Royal Holloway University of London has shed light on the potential dangers posed by acoustic side channel attacks. Leveraging the power of artificial intelligence, cybercriminals can exploit audio recordings from video conferences and smartphone microphones to crack passwords with impressive accuracy. Recognizing the urgency of the situation, individuals should take the necessary precautions to protect their personal information and adopt secure practices such as two-factor authentication, biometric logins, and randomized passwords. By doing so, they can safeguard themselves against this new frontier of cyber threats.