Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Lewis Maddison

This AI tool can steal your data just by listening to what keys you press

Person writing on computer.

New research has revealed a novel way to steal sensitive information - by working out what a target has typed via the sound of key presses alone. 

A team at Cornell University has published a paper detailing their exploits, offering, in its words, "a practical implementation of a state-of-the-art deep learning model in order to classify laptop keystrokes, using a smartphone integrated microphone."

Dubbed acoustic side-channel attacks, the team noted the potential danger of this vector becoming a reality outside of a lab, given the prevalence of microphones in all sorts of devices and the rapid development of deep learning tools.

In the right key

First, the classifier had to be trained on a specific keyboard - in this case, the team used a MacBook Pro. They pressed 36 keys on the board 25 times each, and recorded the sound of these presses in two ways - once using a smartphone microphone, and the other using the video conferencing software Zoom.

The AI within the classifier, by discerning the minute differences in the waveforms produced by each keystroke, could then work out what key was pressed when in subsequent tests.

Both recording methods produced a high accuracy rate in these tests. For classifiers trained using the phone microphone, the accuracy rate for detecting keystrokes was 95%, and for those trained using Zoom it was 93%.

The researchers concede, however, that the classifier's accuracy can be undermined in certain ways, such as the user changing their typing technique. For instance, by touch typing, the accuracy rate drops to 40-64%. 

They also said that certain software could be used to add extra noise to keystrokes to mask their true sound and thus further weaken the classifier's effectiveness.

However, with mechanical keyboards, where the audibility of keystrokes is clear, the classifier works well. It is also effective with quieter membrane keyboards too, so should this proof-of-concept become a reality, using software to obscure typing sound would be the best way to avoid being exploited by such attacks.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.