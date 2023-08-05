A team of researchers from British universities has developed a deep learning model capable of stealing data from keyboard keystrokes recorded using a microphone. The model achieves an accuracy rate of 95% in this activity. Even when the researchers trained the model using Zoom, which presented some challenges for the sound classification algorithm, the accuracy still reached 93%, an alarmingly high success rate for that medium.

This type of attack poses a significant threat to data security since it can potentially expose sensitive information such as passwords, discussions, and messages to malicious third parties. Unlike other side-channel attacks that require specific conditions and have limitations in terms of data rate and distance, acoustic attacks have become simpler due to the widespread availability of microphone-equipped devices that can capture high-quality audio.

The attack begins by recording the keystrokes on the target’s keyboard, as this data is necessary for training the prediction algorithm. The recording can be obtained using a nearby microphone or by infecting the target’s phone with malware that provides access to its microphone. Alternatively, keystrokes can be captured through a Zoom call where an unauthorized participant correlates the typed messages with their sound recording.

The researchers collected training data by pressing 36 keys on a modern MacBook Pro, recording the sound produced by each press. From these recordings, they produced waveforms and spectrograms, which visualized distinguishable differences for each key. They further processed the signals to augment their potential for identifying keystrokes.

Using these spectrogram images, the researchers trained an image classifier called ‘CoAtNet.’ They experimented with different parameters such as epoch, learning rate, and data splitting to optimize the prediction accuracy of the model.

In their experiments, the researchers used a MacBook Pro keyboard, an iPhone 13 mini placed 17cm away from the target, and Zoom. The CoAtNet classifier achieved 95% accuracy with smartphone recordings, 93% accuracy with Zoom recordings, and 91.7% accuracy with Skype.

For users concerned about acoustic side-channel attacks, the researchers suggest altering typing styles or using randomized passwords as possible mitigations. Other defenses include using software to replicate keystroke sounds, implementing white noise, or utilizing software-based keystroke audio filters. However, adding sound dampeners to mechanical keyboards or switching to membrane-based keyboards is unlikely to be effective.

Ultimately, adopting biometric authentication wherever possible and employing password managers to avoid manually inputting sensitive information can serve as additional ways to mitigate the risk of data theft through acoustic side-channel attacks.