Hacking You from the Sound of Your Keyboard

What is it

A team of academics has developed a novel “deep learning-based acoustic side-channel attack” based on deep learning, capable of accurately classifying laptop keystrokes recorded via a nearby phone with a remarkable 95% precision.
In their recent study, researchers Joshua Harrison, Ehsan Toreini, and Maryam Mehrnezhad revealed that when they trained their model on keystrokes captured during the use of video conferencing software Zoom, it achieved an impressive 93% accuracy, setting a new benchmark for this kind of attack.

Side-channel attacks belong to a category of security breaches aimed at extracting information from a system by monitoring and measuring its physical effects during sensitive data processing. These manifestations encompass various observable effects such as runtime behavior, power consumption, electromagnetic radiation, acoustics, and cache accesses.

Why should you care

While it’s nearly impossible to create a completely side-channel-free system, these practical attacks can pose significant threats to user privacy and security. Malicious actors could potentially weaponize them to acquire passwords and other confidential data.

The researchers pointed out that the widespread occurrence of keyboard acoustic emissions not only makes them a readily accessible attack vector but also leads victims to underestimate the risks, resulting in minimal efforts to conceal the sound produced by their keyboards. For instance, people are known to hide their screens while entering passwords but often pay little attention to masking the audible keystrokes.

To execute this attack, the researchers-initiated experiments involving 36 keys on an Apple MacBook Pro (comprising numbers 0-9 and letters a-z). Each key was pressed 25 times consecutively, with variations in pressure and finger used. These keystrokes were recorded using both a nearby phone and the Zoom application.

In the subsequent phase, the researchers isolated individual keystrokes and transformed them into mel-spectrograms. These spectrograms were then analyzed by a deep learning model known as CoAtNet to classify the keystrokes.

What you can do

To counteract such attacks, the researchers recommend altering typing styles, opting for randomized passwords rather than those containing complete words, and introducing randomly generated fake keystrokes to thwart voice call-based attacks.

At Britec we stay up to date on the latest threats that can affect your business. With over 30 years of experience, we strive to keep your business protected. If you want to learn more about how to keep your business safe, please reach out to us.