Getting sneaky with your security: AI eavesdrops on keyboard clicks to crack passwords
What’s happening?
A recent study showed, that using a deep learning model to listen in on a smart phone’s microphone recordings, or a laptop using video conferencing software that may be recording, it was possible to figure out passwords from listening to the recorded keystrokes.
Who does this affect?
Anyone with a keyboard that is being used to enter passwords that is also near a mic. That includes anyone typing passwords during a conference call, or near someone with a cellphone with recording turned on.
Terms to understand:
Deep Learning: Think of it as teaching computers to learn and make predictions on their own without being explicitly programmed. In simple terms, deep learning is enabling computers to think, learn, and make decisions like humans do.
Acoustic Side Channel Attack (ASCA): refer to a type of cyberattack that leverages sound waves to steal sensitive information like passwords or other confidential information.
Keystroke Attack: A keystroke attack, also known as keylogging or keyboard capturing, refers to the act of recording and monitoring the keys pressed on a keyboard without the user's knowledge or consent.
In Brief: The study concluded that in using everyday devices and a deep learning model, the deep learning model could predict the keystroke being typed from the captured audio. In a relatively short amount of time the model had cracked the test subject’s passwords with an accuracy of 95% from the phone recording and 93% accuracy from the Zoom recording.
What can we do to protect ourselves?
Change up your typing style. The test’s accuracy dropped significantly when touch typing was used (a typing technique that involves using all ten fingers to type on a keyboard without looking at the keys).
Use randomized passwords with multiple cases. Passwords that use whole words may be easier to crack and the deep model in this study had a harder time telling if you were still holding down the shift key.
Have some noise playing in the background. As there are algorithms for removing white noise out there, the study had better luck confusing the model with extra clicking sounds.
Avoid typing sensitive information such as passwords when participating in recorded sessions like conference calls.
Studies such as these will help technology developers to better improve their systems. It may result in conferencing software like Zoom and Teams embedding a shortwave keyboard clicking sound that is inaudible to the user but effective at confusing the cybercriminals.
Related Blogs.
-
Read more
Cybersecurity In Toronto - Top Tips When Working From Home
Working from home has become the norm for most companies in Toronto. Many predict that remote working will continue remain prevalent across multiple sectors into the future.While working from home is ... -
Read more
PACE Technical Client Notice: Regarding COVID-19
We have had several inquiries with concern regarding Novel Coronavirus, now labelled as COVID-19, and would like to inform you that we recognize your concern and we are closely monitoring the current ... -
Read more
Windows 7: End of Life Notification for PACE Technical Clients
Greetings & Happy New Year! As you may already be aware, Windows 7 will reach its End of Life phase on January 14, 2020. At that point, Microsoft will stop releasing updates and patches for...
