Researchers have found a way (PDF link) to determine keystrokes from the sound of input from keyboards, making PC users vulnerable to hackers. This type of attack can also determine keystroke patterns, even in noisy conditions and has an overall 43% success rate.
The method was tested by collecting unknown keystrokes from a recording of more than 20 people. The attack uses an English dictionary to enhance its text detections and is tested with various environmental acoustics.
Acoustic-based attacks have been extensively investigated by others.Researchers at Cornell used AIto listen to keyboard emissions to determine keystrokes with 95% accuracy, which in this case used a Macbook Pro. The difference is that this attack method is platform agnostic and only needs a device with a microphone to be near a physical keyboard. This could be a smartphone, laptop, or IoT device. What makes this attack more effective is when:
This was discovered by Alireza Taheritajar and Reza Rahaeimehr from Georgia’s Augusta University, who published a paper detailing this acoustic side-channel attack method. The attack relies on the sound emissions and the user’s typing. Once it captures adequate samples from the targeted user, it correlates the sound patterns with keystrokes, allowing the attacker to retrieve sensitive information such as login credentials.
Multiple Delivery Methods for Acoustic Attack
The delivery of such attack methods can be deployed as malware from websites, browser extensions, apps, cross-site scripting, and compromised USB keyboards. USB input devices can store and deliver malware just like any USB storage drive, as they usually have enough computing capacity and storage to run pre-installed scripts.Keyboards have been known to contain keyloggersinstalled by manufacturers and sold from websites likeAmazonby many companies and drop shippers. Therefore the thought of having an auto-executable attack from keyboards is not far-fetched.
While such attacks could be deterred with quieter keyboards, hacking methods are improved over time and with the success rate of 43%, it shows the feasibility of having such an attack method. Apart from not using a physical keyboard, professional typists can make it extremely difficult as they can type extremely fast and have overlaps between multiple keystrokes, according to the research paper.
However, the research also mentioned in the conclusion intends to use LLMs in its future projects to improve the success rate, further highlighting thepotential consequences of AIto compromise digitalsecurity.
Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.
Roshan Ashraf Shaikh has been in the Indian PC hardware community since the early 2000s and has been building PCs, contributing to many Indian tech forums, & blogs. He operated Hardware BBQ for 11 years and wrote news for eTeknix & TweakTown before joining Tom’s Hardware team. Besides tech, he is interested in fighting games, movies, anime, and mechanical watches.
