Protect against new AI attack vector using keyboard sounds to guess passwords over Zoom

cyptouser1 years agoSpot Exchanges408

Protect against new AI attack vector using keyboard sounds to guess passwords over Zoom

A recent research paper from Durham University in the UK revealed a powerful AI-driven attack that can decipher keyboard inputs solely based on subtle acoustic cues from keystrokes.

Published on Arxiv on Aug. 3, the paper “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards” demonstrates how deep learning techniques can launch remarkably accurate acoustic side-channel attacks, far surpassing the capabilities of traditional methods.

AI attack vector methodology

The researchers developed a deep neural network model utilizing Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) architectures. When tested in controlled environments on a MacBook Pro laptop, this model achieved 95% accuracy in identifying keystrokes from audio recorded via a smartphone.

Remarkably, even with the noise and compression introduced by VoIP applications like Zoom, the model maintained 93% accuracy – the highest reported for this medium. This contrasts sharply with previous acoustic attack methods, which have struggled to exceed 60% accuracy under ideal conditions.

The study leveraged an extensive dataset of over 300,000 keystroke samples captured across various mechanical and chiclet-style keyboards. The model demonstrated versatility across keyboard types, although performance could vary based on specific keyboard make and model.

According to the researchers, these results prove the practical feasibility of acoustic side-channel attacks using only off-the-shelf equipment and algorithms. The ease of implementing such attacks raises concerns for industries like finance and cryptocurrency, where password security is critical.

How to protect against AI-driven acoustic attacks

While deep learning enables more powerful attacks, the study explores mitigation techniques like two-factor authentication, adding fake keystroke sounds during VoIP calls, and encouraging behavior changes like touch typing.

The researchers suggest the following potential safeguards users can employ to thwart these acoustic attacks:

  • Adopt two-factor or multi-factor authentication on sensitive accounts. This ensures attackers need more than just a deciphered password to gain access.

  • Use randomized passwords with multiple cases, numbers, and symbols. This increases the complexity and makes passwords harder to decode through audio alone.

  • Add fake keystroke sounds when using VoIP applications. This can confuse acoustic models and diminish attack accuracy.

  • Toggle microphone settings during sensitive sessions. Muting or enabling noise suppression features on devices can obstruct clear audio capture.

  • Utilize speech-to-text applications. Typing on a keyboard inevitably produces acoustic emanations. Using voice commands can avoid this vulnerability.

  • Be aware of your surroundings when typing confidential information. Public areas with many potential microphones nearby are risky environments.

  • Request IT departments deploy keystroke protection measures. Organizations should explore software safeguards like audio masking techniques.

This pioneering research spotlights acoustic emanations as a ripe and underestimated attack surface. At the same time, it lays the groundwork for fostering greater awareness and developing robust countermeasures. Continued innovation on both sides of the security divide will be crucial.


The content on this website comes from the Internet. Due to the inconvenience of proofreading the authenticity and accuracy of the copyright or content of some content, it may be temporarily impossible to confirm the authenticity and accuracy of the copyright or content. For copyright issues or other issues caused by this, please Call or email this site. It will be deleted or changed immediately after verification.

related articles

Sam Bankman-Fried allowed to meet with lawyers for supervised, one-time Internet access

Sam Bankman-Fried, the founder and former CEO of FTX, will be able to meet with his lawyers on...

Prosecutors withdraw campaign finance charges against Sam Bankman-Fried

U.S. prosecutors have withdrawn political campaign financing charges against former FTX CEO Sam...

Thodex founder handed over 460 life sentences in prison for massive Turkish crypto scandal

Fatih Özer, the founder of the failed crypto exchange Thodex, has been sentenced to 11,196 years, eq...

DOJ seeks to dismiss star lineup of expert witnesses in Sam Bankman-Fried trial

The U.S. Department of Justice wants the court to disqualify all the expert witnesses of Sam Ba...

Nate Chastain sentenced to three months for insider trading at OpenSea

Nate Chastain, formerly an employee at OpenSea, has been sentenced to three months in prison on...

Crypto whale loses over $24M staked Ethereum to phishing, as ‘verified’ X scams surge

On-chain data shows a crypto whale “0x13e382” lost $24.23 million worth of liquid staked E...