British researchers have developed a deep learning model, a form of artificial intelligence (AI), which can use keyboard keystrokes to steal data.
The learning model was trained using a MacBook Pro, on which they pressed each key 25 times and recorded the sound it produced, and a smartphone nearby with the microphone turned on.
They also conducted the same activity during Zoom and Skype calls. Their results showed that the smartphone was 95% accurate at predicting the keystroke, while Zoom and Skype were 93% and 91.7% accurate respectively.
In simple terms, the AI was able to guess what was being typed from the sounds of the keys.
The implications of these findings suggest that anything that is typed such as passwords, private messages or even classified information could be leaked to a third party. Another scary aspect of this research is that the learning model can train itself using recordings.
Outside of research and development settings, this activity can be easily replicated using nearby microphones or malware with access to a devices microphone.
Even simpler still, a participant in a videocall could correlate the sounds of a keyboard and the information being shared in a chat box as a method to predict future keystrokes from sound alone.
There are ways of mitigating falling victim to this kind of activity. Initially, always be aware who is present in meetings, and be cautious of sharing information freely with people you aren’t familiar with.
While you may be cautious of your surroundings, someone else on your call may be inadvertently weakening your security.
Secondly, as was demonstrated by the researchers, it can be difficult to prevent this behaviour by implementing measures such as background or white noise or moving the keyboard away from potential listening devices.
Using alternative methods such as biometrics or password managers can provide the most security.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).
Click to Open Code Editor