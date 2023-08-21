In August, a research paper was published that revealed how Artificial Intelligence (AI) can be used to decode passwords by analyzing the sound of keystrokes. Specifically, the study focused on Acoustic Side Channel Attacks (ASCA) and the accuracy achieved when using deep learning models to classify laptop keystrokes.

ASCA attacks are a form of Side Channel Attacks (SCAs), which involve hacking a cryptographic algorithm by analyzing auxiliary systems used in the encryption process. In the case of ASCA, the sound of keyboard clicks is used to analyze keystrokes and interpret the information being typed, potentially leaking sensitive data.

What makes ASCA attacks particularly dangerous is that the acoustic sounds from keyboards are readily available and often underestimated by users. While users may take precautions to hide their screens, they rarely consider the sound of the keystrokes. Although modern devices with non-mechanical keyboards have reduced the audibility of key clicks, the technology for accessing and processing the acoustics has also significantly improved.

The study conducted by a group of scientists found that deep learning models trained on audio recordings from Zoom calls and smartphone microphones achieved high accuracy in deciphering keystrokes. For instance, when trained on keystrokes recorded by a nearby phone, the model achieved 95% accuracy. Even when capturing audio through a smartphone microphone or during Zoom calls, the model still achieved accuracies above 90%.

While ASCA attacks are not new and have been known since the 1950s, the advancements in AI and deep learning models have increased the effectiveness of such attacks. With more microphones in close proximity to keyboards, collecting and interpreting acoustic data has become easier for threat actors.

To protect against ASCAs, users can make simple changes to their typing habits and passwords. Using touch-based typing instead of traditional keystrokes can reduce the chances of successful keystroke recognition. Additionally, altering typing styles and creating stronger passwords, including a mix of upper- and lower-case letters, can make it more difficult for AI models to decipher.

Users should also avoid using easily recognizable phrases or patterns in their passwords to prevent AI models from predicting the text. While there is no foolproof defense against ASCAs, these precautions can help mitigate the risks associated with these types of attacks.