Security

Decoding the Melody of Keystrokes: A New Security Concern in the Time of AI

Karuna K | | 3 min read

You might think that typing on your laptop in a coffee shop or during a Zoom call is safe and private. However, researchers have found that it's possible for someone to "listen in" on your keyboard and figure out what you're typing. This may sound like something out of a spy movie, but it's a very real concern.

A team of researchers1 from Durham University, the University of Surrey, and Royal Holloway University of London has implemented a state-of-the-art deep learning AI model that can listen to the sounds your keys make when you type and decipher what you are typing. By using a smartphone's microphone or even a Zoom call, they have been able to convert those sounds into letters and words with impressive accuracy.

Think of it as someone listening to the different notes in a song and then figuring out the lyrics. The "notes" in this case are the sounds of your keystrokes, and the "lyrics" are what you're typing.

You can download and read the full research paper from ArXiv

Acoustic Side Channel Attacks

Listening to keystroks

Side channel attacks (SCAs)2 extract information from the signals emitted by a device. Acoustic Side Channel Attacks (ASCAs) specifically focus on the sound produced by keystrokes, transforming them into text. Although there has been prior research on SCAs involving electromagnetic waves, power consumption, and mobile sensors, the sound produced by keystrokes offers an attack vector many users overlook.

 

 

The Research and Its Significance

The researchers have employed state-of-the-art deep learning models to classify laptop keystrokes using a smartphone's integrated microphone. Their classifier achieved an impressive 95% accuracy on keystrokes recorded by a nearby phone and 93% on keystrokes recorded using the video-conferencing software Zoom.

Laptops make an appealing target for ASCAs due to their portability, availability in public spaces, and uniform keyboard emanations across the same model. While companies like Google and Intel have made efforts to mitigate SCAs, there is no explicit standardization work on ASC attacks.

Why Should You Care?

Imagine if someone could figure out your password, bank details, or personal messages just by listening to your keyboard. This is why the research is so important: it highlights a new way that privacy can be invaded in the age of AI.

How Can You Protect Yourself?

Here are some suggestions from the research paper on how to mitigate the risk of these kinds of attacks

 

 

Changing Typing Style

By altering the way one types, such as switching to touch typing, the recognition rate of keystrokes can be reduced from 64% to 40%. This technique is simple and requires no additional software or hardware.

Use of Randomized Passwords with Multiple Cases

Avoiding passwords containing full words and incorporating a variety of cases and characters can make them more resistant to attack.

Playing Sounds Near Microphone

Overlapping the microphone with sounds like white noise or fake keystrokes. Fake keystrokes are more effective due to white noise removal algorithms.

Adding Randomly Generated Fake Keystrokes

This appears to be the best technique for VoIP calls, provided it's only deployed when keystrokes are detected.

Automatic Suppression or Removal of Keystroke Sounds in VoIP Apps 

This could defend against ASCAs and improve user experience by eliminating annoying keystroke sounds.

Two-Factor Authentication

Using secondary devices or biometric checks can nearly eliminate the need for keyboard passwords, making ASCAs less dangerous. Still, the issue of privacy and security will be there.

Concerns for the Future

The paper also raises concerns about the diminishing effectiveness of these countermeasures as technology evolves, suggesting that new methods will need to be developed to keep pace with advancing threats.

This scientific paper by Joshua Harrison, Ehsan Toreini, and Maryam Mehrnezhad isn't just an interesting piece of science; it's a real-world issue that could affect all of us. It's a reminder that as technology advances, so do the risks, and we need to stay aware and take simple precautions to stay safe.

Next time you're typing in a public place or on a call, remember that your keyboard isn't as private as you might think. 

 

 

References

  • 1How Can Someone Listen to Your Keyboard?
    Joshua Harrison, Ehsan Toreini, and Maryam Mehrnezhad. (2023). A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards. In 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). DOI: 10.1109/eurospw59978.2023.00034. Retrieved from https://doi.org/10.1109%2Feurospw59978.2023.00034.
  • 2Side-channel attack. (2023, August 9). In Wikipedia. https://en.wikipedia.org/wiki/Side-channel_attack

Related Topics