AI can discover your password by the sound of your keyboard
Behold, the password is 90% accurate. Unbelievable.
Photo: Allbreaknews.com
A research study employed artificial intelligence to detect passwords and typed data through the recognition of keyboard sounds during typing. The survey was conducted using audio captured from a Zoom call and also from a nearby smartphone, achieving an accuracy rate of over 90% in recognition.
The study was carried out by researchers from the University of London, utilizing machine learning to create a model capable of understanding the sound patterns of someone's typing. The success rate was 95% for audio obtained from a mobile phone during a phone call and 93% during a teleconference through the Zoom application.
The numbers are related to the accuracy of identifying which key was being pressed based on the captured sound. To develop the model used in the study, researchers used a MacBook Pro, where each key was pressed 25 times sequentially with different levels of pressure and fingers. The data was then fed into the artificial intelligence system to create an acoustic profile.
According to the publication, these sound patterns are created from the device itself, not from the user. This implies that the same AI model could be used to identify key presses from different individuals. Moreover, the research noted that the proximity of keys to the edges of the keyboard influences the results, with models of laptops having more robust bodies or side speakers theoretically being more secure.
However, the researchers point out that the method wasn't employed to actually obtain passwords, focusing more on recognizing sequences of key presses rather than individual touches. Additionally, realistic conditions, such as capturing typing audio in a public environment like an office or café, were not tested.
Nonetheless, from the researchers' perspective, the potential raises concerns, especially given that we are still in the early stages of developing such technologies. Even in this nascent stage, the study was able to achieve a high effectiveness rate, and more targeted methods of exploitation and the use of higher-quality devices could potentially lead to even more accurate outcomes.
While the primary recommendation is to move away from conventional passwords in favor of passwordless systems, such as biometric authentication, the use of complex combinations can be helpful in this scenario. The research highlighted the use of the Shift key as a vulnerability, as it would be possible to identify the key press but not the moment it's released.
Therefore, the use of strong passwords, including uppercase and lowercase letters, numbers, and symbols, can significantly impede the extraction of credentials through sound analysis. This is a fundamental practice in digital security, even beyond situations like this, as well as the implementation of two-factor authentication.
