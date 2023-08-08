Recent research suggests that typing a computer password while engaged in a Zoom chat can make users susceptible to cyber-attacks. The study reveals that artificial intelligence (AI) has the ability to decipher keystrokes by eavesdropping on typing sounds. Experts assert that as video conferencing tools like Zoom become more popular and devices with built-in microphones become commonplace, the threat of sound-based cyber-attacks has increased.

The researchers have developed a system that can accurately identify keys pressed on a laptop keyboard based solely on sound recordings. The system achieves over 90% accuracy, which indicates that the accuracy of such attacks will likely continue to improve. Dr. Ehsan Toreini, co-author of the study, emphasizes the need for public debates on the governance of AI as the prevalence of smart devices with microphones in households grows.

The study details how the researchers employed machine learning algorithms to differentiate between the sounds associated with each key pressed on a MacBook Pro keyboard. The team recorded themselves pressing all 36 keys, including letters and numbers, multiple times using various fingers and pressure levels. The recorded sounds were captured during Zoom calls and with a smartphone placed close to the keyboard.

The researchers trained a machine learning system using part of the collected data, enabling it to recognize acoustic features linked to each key over time. The system was then tested using the remaining data. The results demonstrate that the system accurately identified the correct key around 95% of the time for phone call recordings and 93% of the time for Zoom call recordings.

Although previous studies have shown that keystrokes can be identified through sound, this study employed up-to-date methods and achieved the highest accuracy so far. The researchers acknowledge that their work is a proof-of-concept study and has not been used to crack passwords in real-world settings. However, the study highlights the need for caution.

To mitigate the risk of such acoustic “side channel attacks,” the researchers suggest using biometric passwords or activating two-step verification systems. They also recommend using a combination of upper and lower case letters, as well as numbers and symbols, and utilizing the shift key effectively. Prof. Feng Hao from the University of Warwick cautions against typing sensitive information, such as passwords, on a keyboard during a Zoom call due to the potential for side-channel information revealed through visual cues.