A groundbreaking study conducted by a team of British researchers has shed light on a novel cybersecurity threat that could exploit recorded audio of a person typing to steal sensitive personal information. The study introduces the concept of a hypothetical cyberattack that employs a homemade deep-learning-based algorithm capable of acoustically analyzing keystroke sounds and translating them into decipherable text, with a startling accuracy rate of 95 percent.
The researchers reveal that these recordings could be obtained effortlessly through a mobile phone microphone or via popular conferencing applications such as Zoom. Once captured, the recorded audio can be processed by a readily assembled algorithm that interprets the auditory cues, effectively translating them into comprehensible textual content.
Termed as an “acoustic side channel attack,” this novel technique builds upon the existing idea of sonic surveillance to capture confidential information. While acoustic attacks are not a new concept, the integration of artificial intelligence (AI) capabilities significantly enhances their potential to pilfer data. Of particular concern to the research team is the prospect of hackers exploiting this method to gain access to users’ passwords and online credentials, a risk that they emphasize can be exploited relatively easily under the right circumstances.
“Our results affirm the feasibility of these side channel attacks using off-the-shelf equipment and algorithms… The pervasive nature of keyboard acoustic emanations renders them not just an easily accessible attack vector, but also encourages victims to underestimate and consequently neglect securing their outputs,” the researchers cautioned.
Experts have begun to speculate on potential scenarios where malicious actors could execute such an attack successfully. The assailant could opportunistically wait for the victim to be in a public setting, such as a coffee shop, before clandestinely recording their keystrokes from a safe distance. However, for those with advanced eavesdropping equipment, such as high-quality parabolic microphones or other sophisticated listening devices, penetrating the walls of a victim’s apartment could also become a feasible option.
The implications of this study highlight the increasing convergence of technology and cyber threats. As AI-driven attacks become more sophisticated, individuals and organizations must remain vigilant about protecting their sensitive information. The research also underscores the need for continued exploration into countermeasures that can mitigate the risks posed by emerging cybersecurity threats.
While the current study only demonstrates a hypothetical scenario, the insights it provides into the potential of combining AI with acoustic side channel attacks serve as a stark reminder of the evolving landscape of cybersecurity. As technology continues to advance, the efforts to protect digital assets must evolve in tandem to ensure the safety and privacy of individuals and businesses alike.