120
submitted 1 year ago by L4s@lemmy.world to c/technology@lemmy.world

A.I. can identify keystrokes by just the sound of your typing and steal information with 95% accuracy, new research shows. Researchers had artificial intelligence listen to the sounds of typing thr...::Researchers had artificial intelligence listen to the sounds of typing through a phone and over Zoom, with eerie results.

all 32 comments
sorted by: hot top controversial new old
[-] agitatedpotato@lemmy.dbzer0.com 33 points 1 year ago

95% if you use a macbook, the keyboard they configured the algorithm with.

[-] Sanctus@lemmy.world 13 points 1 year ago

Theres no way this thing is guessing keyclicks by sound on any keyboard. Maybe a specific one. Especially with custom keyboards taking off. My canonkeys 60% sounds nothing like my completely custom elvish keyboard. An AI in this day and age is not ready for that.

[-] AbouBenAdhem@lemmy.world 20 points 1 year ago

Theres no way this thing is guessing keyclicks by sound

Given that it’s AI-trained it may be hard to say, but my guess is that it’s based on timing more than the unique sound of each separate key. Like certain sequences of keys probably have a predictable time between each stroke, based on how long it takes the relevant finger to travel to the next key after the previous one.

[-] Sanctus@lemmy.world 7 points 1 year ago

That one I could believe more. Since keyboards have such a wide array of sounds its ptobably not using the envelope to determine the key.

[-] 6daemonbag@lemmy.dbzer0.com 4 points 1 year ago

On top of that, we understand the frequency of letters used in languages. By knowing both of these and correlating with recurring patterns of sounds, I can very much believe this can be leveraged against even custom mechanical keyboards with random keys attached

[-] hellishharlot@programming.dev 3 points 1 year ago

So switching to dvorak or colemak would possibly help significantly

[-] aaaa@lemmy.world 10 points 1 year ago

It was explicitly trained on the keyboard used in MacBooks, which is fairly specific, but covers a pretty large user base.

In theory they could train it on other specific keyboards, but it remains to be seen what other factors could affect it

[-] Sanctus@lemmy.world 3 points 1 year ago

Which, has a very specific sound with the scissor switches and aluminum casings. Its not exactly your average logitech keyboard in an office.

[-] linux2647 13 points 1 year ago* (last edited 1 year ago)

I wonder if this still holds up for those of us who don’t use a QWERTY layout

[-] nullPointer@programming.dev 9 points 1 year ago

or the kind of people that "hunt and peck"

[-] doppelgangmember@lemmy.world 3 points 1 year ago

Grandma, is that you?

[-] Kyoyeou@lemmy.world 1 points 1 year ago

I wonder as on my COLEMAK keeb, the computer thinks it's a QWERTY, it's the software that sends info to the computer that rearranged the keys, so my computer knows that I'm using a QWERTY, and if the AI checked what keyboard I use in the system that's what it would see

[-] AbouBenAdhem@lemmy.world 10 points 1 year ago

Just record yourself typing “all work and no play makes Jack a dull boy”, and play it on loop in the background.

[-] ramjambamalam@lemmy.ca 6 points 1 year ago
[-] BourneHavoc@lemmy.world 2 points 1 year ago

Weird, all I see are asterisks.

[-] dewritochan@lemmy.dbzer0.com 10 points 1 year ago

got hit with a paywall, got around it, leaving this for the lazy

You may have gotten used to covering your webcam, but now you might have to start muffling the sound of your keyboard too.

Laptop users are at risk of having sensitive information including private messages, passwords, and credit card numbers stolen just by typing on their keyboard. A new paper by a team of researchers from British universities shows that artificial intelligence can identify keystrokes by sound alone with 95% accuracy. And as technology continues to develop at a rapid pace, attacks such as these will become more sophisticated.

In this study, experimenters correctly identified keystrokes on a MacBook Pro through a nearby phone recording 95% of the time, and through a recorded Zoom call at a 93% rate.

The research paper details what it calls “acoustic side channel attacks” in which a malicious third party uses a secondary device, like a cell phone sitting next to a laptop or an unmuted microphone on a video-conferencing software such as Zoom, to record the sound of typing. The third party then feeds the recording through a deep-learning A.I. trained to recognize the sound of individual pressed keys to decipher what exactly was typed.

Deep learning (DL) is a subset of machine learning in which computers are taught to process data in a way similar to the human brain—essentially using a multilayered “neural network” to “learn” from large amounts of data and accurately produce insights and predictions. Deep-learning models can recognize patterns in pictures, texts, sounds, and other data. This type of A.I. is in everyday products like digital assistants like Amazon’s Alexa and voice-enabled TV remotes, as well as newer technologies like self-driving cars.

“With the recent developments in both the performance of (and access to) both microphones and DL models, the feasibility of an acoustic attack on keyboards begins to look likely,” the paper said.

The paper, published on August 3, was authored by Joshua Harrison, a software development engineer at Amazon who recently graduated with a Masters of Engineering from Durham University, as well as University of Surrey lecturer Ehsan Toreini and Royal Holloway University of London senior lecturer Maryam Mehrenzhad.

Mitigating the ever-developing threat

Laptops are especially ideal targets for these attacks because of their portability, according to the paper. People often take their laptops to work in public spaces like libraries, coffee shops, and study areas, where the sound of typing can easily be recorded without notice from the targeted user.

One of the main concerns of the paper is that people are unaware of these kinds of attacks, so they do nothing to prevent them.

“The ubiquity of keyboard acoustic emanations makes them not only a readily available attack vector, but also prompts victims to underestimate (and therefore not try to hide) their output,” the paper said. “For example, when typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound.”

One way to mitigate the threat of this attack is by using stronger passwords with multiple cases, like special characters, upper and lowercase letters, and numbers. Passwords with full words might be more easily deduced and therefore at greater risk of attack.

And while the pressing of the shift key can be recognized by A.I., it cannot yet recognize the “release peak” of the shift key amidst the sound of other keys, “doubling the search space of potential characters following a press of the shift key,” the paper said.

Another simple way to deter these kinds of attacks is by using two-factor authentication. This is a security method that requires two forms of identification to access accounts and data. For instance, the first factor may be a password and the second may be an account activity confirmation through an email or on a separate device.

Biometric authentication, like fingerprint scans and facial recognition, can also lessen the risk of an attack.

But as A.I. continues to evolve, so too will these attacks. The authors of the paper recommended that future studies analyze the use of smart speakers to record keystrokes, “as these devices remain always-on and are present in many homes.”

The authors also suggested that future research should explore the implementation of a language model used in tandem with a deep-learning A.I. Language models, like viral chatbot ChatGPT, are trained on large series of text to recognize patterns of speech.

A language model “could improve keystroke recognition when identifying defined words as well as an end-to-end real-world implementation of an ASC attack on a keyboard,” the paper said.

[-] Stinkywinks@lemmy.world 1 points 1 year ago

How would it even know? What if I hit the g key harder than the a key? What if I move my phone around multiple times, texting while browsing? Wouldn't a key logger be easier?

[-] dewritochan@lemmy.dbzer0.com 5 points 1 year ago

https://github.com/ggerganov/kbd-audio idk but feel free to go play with some tools that do the thing and see what happens.

[-] fubbernuckin@lemmy.world 1 points 1 year ago

What? Why would they release that? Like it's obviously going to become a thing but it doesn't have to be one now.

[-] dewritochan@lemmy.dbzer0.com 3 points 1 year ago* (last edited 1 year ago)

idk how to tell you this but that github's been a thing for the last five years. we've had these capabilities in the public sector for at least that long. this article is just about using ai to do it differently.

[-] Drinvictus@discuss.tchncs.de 8 points 1 year ago

Silent keyswitch companies be like:

[-] bauhaus@lemmy.ml 7 points 1 year ago

quiet keyboards ftw!

[-] ComradeKhoumrag@infosec.pub 6 points 1 year ago

I need a suppressor for my mechanical keyboard

[-] Kyoyeou@lemmy.world 2 points 1 year ago

Time to make a keeb with clicky and linear, and every single key is a different one

[-] johnnyjayjay@feddit.de 5 points 1 year ago

This has existed for a while and can be used by anyone: https://github.com/ggerganov/kbd-audio

[-] HollandJim@lemmy.world 3 points 1 year ago

iPad onwards, I guess…

[-] AFKBRBChocolate@lemmy.world 2 points 1 year ago

Probably depends a lot on the keyboard whether the sound is even audible enough. Membrane keyboards are probably a lot harder to hear than mechanical.

[-] VampyreOfNazareth@lemm.ee 1 points 1 year ago

“Barry has no pants on lol!”

this post was submitted on 10 Aug 2023
120 points (83.7% liked)

Technology

59861 readers
5350 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS