Study: AI Can Identify Passwords by Sound of Keyboard

Facts

• A study conducted by British researchers has found that artificial intelligence (AI), by solely listening to the sound of keys being pressed, can detect a password being typed on a physical keyboard with 90% accuracy.¹
• The researchers pressed all 36 keys on a MacBook Pro — including all of the letters and numbers — 25 times in a row, using different fingers and with varying pressure. The sounds were recorded from a short distance away via Zoom and a phone, which were used to train a machine learning program.¹
• The researchers claim that laptops are particularly susceptible to their keyboards being recorded, especially when used in quiet spaces like libraries, cafes, or offices. The dangers are multiplied since most laptops have uniform, non-modular keyboards, with similar acoustic profiles across models.²
• The authors suggest creating complex passwords containing letters, numbers, and symbols to mitigate these risks. They say AI can detect the use of the shift key, however, it can't yet recognize the moment the key is released, 'doubling the search space' of characters after the shift key is pressed.³
• AI's keyboard detection capabilities, which were also found to be 95% accurate when recorded by a nearby phone, can uncover more than just passwords, including sensitive emails or documents.⁴
• The study comes 10 years after the 'Dropmire' scandal, which revealed the US was likely spying on its European allies through 'side channel attacks,' such as wires, radio frequencies, or sound. Scientists have used computer sounds to read PGP keys, and used machine learning and webcam mics to 'see' a remote screen.²

Sources: ¹Guardian, ²Ars Technica, ³Fortune and ⁴PCMAG.

Narratives

• Narrative A, as provided by Washington Post. As AI surpasses our outdated computer safety programs and legal policies exponentially, criminals will soon be able to simply ask their AI bot to breach any type of sensitive information in any number of ways. Hackers in China have already fooled tax authorities with fake facial recognition of a person, so it's impossible to say what they'll do once they've acquired passwords via keyboard eavesdropping.
• Narrative B, as provided by CNBC. While criminals will certainly try to use AI for their nefarious purposes, the cybersecurity industry, too, is increasingly utilizing the technology to beat hackers at their own games. As AI can detect and assess cyber threats faster than human analysts, security experts will now be able to tackle more crimes while exhausting less time and resources.