AI Can Now Steal Your Passwords by Listening to Your Keystrokes

pcmag.com:

Next time you’re on a conference call, you might want to reconsider typing on your computer while your microphone is on.

UK researchers successfully trained artificial intelligence to decode keystrokes on conference calls, meaning the AI can determine what you’re typing, even if your screen and keyboard aren’t on display during the call, Hacker News reports(Opens in a new window).

The research(Opens in a new window) notes that while people often hide their screens or keyboards when typing a password, they often don’t do anything to obfuscate the sound of their keyboard. But AI can capture essentially anything you type on your computer, including sensitive emails or documents.

According to the paper, AI trained by keystrokes recorded by a nearby phone achieved a 95% accuracy. When trained on keystrokes recorded by Zoom, it had a 93% accuracy.

Even when the AI wasn’t able to perfectly determine what was typed, it would often only be off by one key, making it easy for potential hackers to circumvent the error.

For the AI to work it does have to be trained, which means the attacker will need to record keystrokes from the target’s keyboard either through a microphone or via a smartphone that has been infected with malware. The AI was trained using a MacBook Pro and iPhone 13 mini. Researchers then pressed each key on the computer 25 times, recording the sounds of each keypress on the phone, which was located 6.5 inches away.

As for what you can do to protect yourself, researchers recommend changing up your typing style when typing sensitive information, or using site noise of a software-based keystroke audio filter playing in the background to help disguise your keystroke sounds.

Sign up for What's New Now to get our top