Researchers from Cornell University have revealed a novel method of stealing sensitive information by using sound waves to decipher the keys pressed on a keyboard. This technique, known as an acoustic side-channel attack, involves using a deep learning model to classify laptop keystrokes based on the sound captured by a smartphone-integrated microphone.
The researchers conducted experiments using a MacBook Pro keyboard, training the deep learning classifier by recording the sounds of 36 different keys pressed 25 times each. The recorded sound data was collected through both a smartphone microphone and the Zoom video conferencing software.
By analyzing the subtle differences in the sound waveforms produced by each keystroke, the AI classifier was able to accurately determine which key was pressed during subsequent tests. The results showed a high accuracy rate for detecting keystrokes, with classifiers trained using the smartphone microphone achieving a 95% accuracy rate and those trained using Zoom reaching 93% accuracy.
However, the researchers acknowledged that the classifier’s accuracy could be compromised if users change their typing techniques. For instance, employing touch typing reduced the accuracy rate to 40-64%. They also noted that certain measures, such as adding noise to keystrokes to mask their true sound, could undermine the classifier’s effectiveness.
Despite these limitations, the technique remained effective for keyboards with clear audibility of keystrokes, including mechanical and quieter membrane keyboards. The researchers suggested that using software to obscure typing sounds could be a potential defense against such attacks in the future.
This research underscores the potential vulnerabilities associated with the increasing prevalence of microphones in various devices and the advancement of deep learning tools. As technology evolves, ensuring robust cybersecurity measures becomes essential to protect against novel attack vectors.