Keyboard strokes may reveal your password – research


Keyboard keystroke sounds can be exploited to reveal sensitive user data. For example, it can reveal text that users are typing into a password box.

An acoustic side-channel attack on keyboards can bypass security measures on devices that employ keyboards as the primary data entry system. Side-channel attacks obtain sensitive data by observing system patterns, such as timing information, power consumption, or the sounds made while typing.

While previous researchers could only successfully decipher keyboard acoustics in controlled environments, scientists from Augusta University managed to read into the sounds in a realistic environment.

ADVERTISEMENT

“To test our method, we collected the ambient noise and typed text of 20 people based on an IRB-approved approach and obtained approximately a 43% success rate through our experiments, “ the paper said.

Researchers claim that they’ve achieved results without restrictions limiting past analysis, which means that test subjects were allowed to use any keyboard or typing pattern. At the same time, environmental noises were permitted to interfere. Researchers also used low-quality recording devices.

To carry out a successful attack, threat actors would need to collect a data sample of keystroke sound emissions to train a statistical model. Malicious actors can begin the attack once the model can associate keystroke sounds with specific letters.

Obtaining acoustic keyboard emissions or typing sounds could be done via a hidden microphone, on-device malware, browser extensions, and other means that could theoretically leverage the devices‘ built-in microphone without the user knowing.

Earlier papers successfully employed deep learning models to match laptop keystroke sounds to characters. For example, last year, researchers used a 2021 MacBook Pro running on an M1 Pro processor, a popular off-the-shelf device, to decipher what users were typing during a Zoom call successfully.