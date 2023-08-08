Researchers at Cornell University have discovered a concerning new method for AI tools to steal people’s data: by listening to their keystrokes. A recent research paper highlights an AI-driven attack that can accurately capture passwords with up to 95% accuracy by analyzing the sound of typing.

To achieve this, the researchers trained an AI model on the sound patterns of keystrokes and deployed it on a nearby phone. Using the integrated microphone, they were able to listen to the keystrokes of a MacBook Pro and reproduce them with high accuracy. This method achieved a 95% accuracy rate, which is notable since it did not rely on a large language model.

The research team also tested the AI model’s performance during video calls. They recorded keystrokes through the laptop’s microphone during a Zoom meeting and found that the model accurately reproduced the keystrokes with 93% accuracy. Similarly, when tested with Skype, the model achieved an accuracy rate of 91.7%.

Interestingly, the volume of the keyboard had little impact on the accuracy of the attack. Instead, the AI model focused on analyzing factors like waveform, intensity, and timing of each keystroke. Even subtle differences in typing style, such as slight delays in pressing certain keys, were taken into account by the AI model.

In a real-world scenario, this type of attack would rely on malware installed on a person’s phone or another device with a microphone that is close by. The malware would collect the keystroke data and feed it into the AI model by listening via the device’s microphone. The researchers utilized an AI image classifier called CoAtNet for their attack, training it with 36 keystrokes from a MacBook Pro pressed 25 times each.

Mitigating this type of attack can be achieved through alternative methods of authentication, such as using features like Windows Hello and Touch ID to avoid typing passwords altogether. Additionally, investing in a reliable password manager can provide an extra layer of protection by generating and storing unique passwords for all accounts.

It is important to note that even the best keyboards are vulnerable to this attack, as it targets the sound of keystrokes rather than the volume. Therefore, quieter keyboards will not prevent this type of threat.

Unfortunately, this AI-driven attack is just one of many new attack vectors made possible by AI technology. The FBI recently warned about the dangers of ChatGPT, another AI tool being exploited for criminal activities. Security researchers are increasingly facing challenges with adaptive malware that can rapidly evolve using AI-driven tools like ChatGPT.