Innovative Technology Converts Keyboard Sounds into Text with 95% Precision
In some instances, British researchers claim to have translated the sound of laptop keystrokes into the corresponding letters with an accuracy of 95 percent.
The 95 percent mark was reached using nothing but an iPhone. Over Zoom, the accuracy of documented keystrokes fell to 93%, while Skype calls maintained an accuracy of 91%.
In other words, this is a side channel attack with a high level of precision, minimal technical requirements, and a pervasive data exfiltration point: microphones, which are present everywhere from our laptops to our wrists to our very work spaces.
Worse yet, the three researchers claimed in their paper that they have set a new accuracy record for acoustic side-channel attacks (ASCA) without using a language model. Instead, they employed deep learning and self-attention transformer layers to capture typing sounds and convert them into data for exfiltration.
We have previously written about individuals using microphones in novel ways to eavesdrop on others, including experiments involving laser microphones and hard disk devices. In the end, it is typically simpler to install malware on a target’s computer and gain access to their data and inputs without employing James Bond-style techniques.
Read Also: Mastering Your Private Student Loans: Dos and Don’ts for Smart Borrowing
Preventing Automated On-Site and Remote ASCA Attacks
To convert keystroke sounds to actual letters, the eggheads used a 17cm-distance phone to record a person typing on a 16-inch 2021 MacBook Pro and then processed the sounds to obtain signatures of the keystrokes. These were then analyzed by a deep learning model, which fed them into convolution and attention networks to determine which key or key sequence was struck.
“Both the phone and Zoom recording classifiers achieved state-of-the-art accuracy given minimal training data in a random distribution of classes,” the team wrote in its paper. To add to security concerns, the experts noted that “recording in this manner required no access to the victim’s environment and, in this case, no infiltration of the device or connection.”
As is frequently the case with side-channel attacks, defense is not always straightforward. Fortunately, it’s not power consumption, CPU frequencies, blinking lights, or RAM buses seeping data, but rather an old-fashioned problem between the computer and chair that can be mitigated relatively simply.
Combining uppercase and lowercase characters remains a smart practice. The team added that those concerned about acoustic side channel assaults can also use a second authentication factor to prevent keylogging and password theft.
That’s great for passwords, but what about other confidential information, such as company records or customer data? The researchers propose playing fake keystroke noises to conceal the actual ones.
Instead of subjecting employees to real-time noisemakers, the researchers recommend adding the noises to Skype and Zoom transmissions after the fact. The team discovered that this “appears to have the best performance and least annoyance to the user.”
Utilizing new sources for recordings, such as smart speakers, improved keystroke isolation techniques, and the addition of a language model to make their acoustic eavesdropping even more effective is the subject of ongoing research.
Read Also: US Military Reacts to Chinese and Russian Ships in Alaska’s Vicinity
Source: The Register