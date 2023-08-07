A group of academics has developed a “deep learning-based acoustic side-channel attack” that can accurately classify laptop keystrokes recorded using a nearby phone. The attack achieved an accuracy of 95%. When trained on keystrokes recorded with Zoom video conferencing software, the accuracy reached 93%, setting a new record for this medium.

Side-channel attacks are a type of security exploit that involves monitoring and measuring a system’s physical effects during the processing of sensitive data. These attacks can reveal insights by observing effects such as runtime behavior, power consumption, electromagnetic radiation, acoustics, and cache accesses.

While it is impossible to completely eliminate side-channel vulnerabilities, practical attacks of this kind can pose serious risks to user privacy and security. Malicious actors could use them to obtain passwords and other confidential data. Keyboard acoustic emanations, in particular, are easily accessible and often underestimated by users, as they tend to focus on hiding their screen rather than the sound of their keystrokes.

To carry out the attack, the researchers conducted experiments using 36 of the Apple MacBook Pro’s keys, pressing each key 25 times in a row with varying pressure and finger. The keystroke data was recorded using a phone placed close to the laptop and via Zoom.

The recorded keystrokes were then converted into a mel-spectrogram and classified using a deep learning model called CoAtNet (short for convolution and self-attention networks).

To defend against such attacks, the researchers recommend making changes to typing style, using randomized passwords instead of complete words, and introducing randomly generated fake keystrokes for protection against voice call-based attacks.

