Listening to keystrokes; Acoustic attack steals data with 95% accuracy

Ink

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Content source
https://www.bleepingcomputer.com/news/security/new-acoustic-attack-steals-data-from-keystrokes-with-95-percent-accuracy/
A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.
Click to expand...

Accuracy​

The first step of the attack is to record keystrokes on the target's keyboard, as that data is required for training the prediction algorithm. This can be achieved via a nearby microphone or the target's phone that might have been infected by malware that has access to its microphone. Alternatively, keystrokes can be recorded through a Zoom call where a rogue meeting participant makes correlations between messages typed by the target and their sound recording.

Then, they produced waveforms and spectrograms from the recordings that visualize identifiable differences for each key and performed specific data processing steps to augment the signals that can be used for identifying keystrokes.

The spectrogram images were used to train 'CoAtNet,' which is an image classifier, while the process required some experimentation with epoch, learning rate, and data splitting parameters until the best prediction accuracy results could be achieved.
Click to expand...
The CoANet classifier achieved 95% accuracy from the smartphone recordings and 93% from those captured through Zoom. Skype produced a lower but still usable 91.7% accuracy.
Click to expand...

Possible mitigations​

Remember, the attack model proved highly effective even against a very silent keyboard, so adding sound dampeners on mechanical keyboards or switching to membrane-based keyboards is unlikely to help.

Ultimately, employing biometric authentication where feasible, and utilizing password managers to circumvent the need to input sensitive information manually, also serve as mitigating factors.
Click to expand...
 
  • Like
  • +Reputation
Reactions: harlan4096, simmerskool, oldschool and 4 others
cartaphilus

cartaphilus

Level 5
Mar 17, 2023
202
Ink said:

Accuracy​




Possible mitigations​

Click to expand...
Pfft good luck attempting to capture my keystrokes when I am attempting to debug someone else's code. All the AI will capture is my forehead banging against the keyboard followed by a judicial application of a fist.

I don't usually suffer from anger management issues but when I do, I am most likely either driving in Houston traffic or debugging code.
 
  • HaHa
  • Like
Reactions: simmerskool, brambedkar59, oldschool and 2 others
You must log in or register to reply here.

Similar threads

[correlate]
    • Wow
    • Like
    • Sad
AI Can Now Steal Passwords With 95% Accuracy
Replies
1
Views
1,279
News Archive
cartaphilus
cartaphilus
Gandalf_The_Grey
    • Like
    • +Reputation
Security News The biggest cybersecurity and cyberattack stories of 2023
Replies
0
Views
1,188
Security News
Gandalf_The_Grey
Gandalf_The_Grey
vtqhtr413
    • Like
Researchers develop "Hot Pixel" malware using sensor and browser data
Replies
5
Views
1,021
News Archive
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top