Listening to keystrokes; Acoustic attack steals data with 95% accuracy

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.

Accuracy​

The first step of the attack is to record keystrokes on the target's keyboard, as that data is required for training the prediction algorithm. This can be achieved via a nearby microphone or the target's phone that might have been infected by malware that has access to its microphone. Alternatively, keystrokes can be recorded through a Zoom call where a rogue meeting participant makes correlations between messages typed by the target and their sound recording.

Then, they produced waveforms and spectrograms from the recordings that visualize identifiable differences for each key and performed specific data processing steps to augment the signals that can be used for identifying keystrokes.

The spectrogram images were used to train 'CoAtNet,' which is an image classifier, while the process required some experimentation with epoch, learning rate, and data splitting parameters until the best prediction accuracy results could be achieved.
The CoANet classifier achieved 95% accuracy from the smartphone recordings and 93% from those captured through Zoom. Skype produced a lower but still usable 91.7% accuracy.

Possible mitigations​

Remember, the attack model proved highly effective even against a very silent keyboard, so adding sound dampeners on mechanical keyboards or switching to membrane-based keyboards is unlikely to help.

Ultimately, employing biometric authentication where feasible, and utilizing password managers to circumvent the need to input sensitive information manually, also serve as mitigating factors.
 

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
525

Accuracy​




Possible mitigations​

Pfft good luck attempting to capture my keystrokes when I am attempting to debug someone else's code. All the AI will capture is my forehead banging against the keyboard followed by a judicial application of a fist.

I don't usually suffer from anger management issues but when I do, I am most likely either driving in Houston traffic or debugging code.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top