A recent study has indicated that artificial intelligence (AI) could be used by hackers to deduce passwords by analyzing the sound generated when typing during a Zoom video conference, achieving a staggering 93% accuracy.
A group of UK-based researchers has highlighted the huge implications this has for cybersecurity: with the increased use of tools like Zoom and the proliferation of devices with built-in microphones, the threat of Sound-Based Cyber Attacks, Scientists Warn.
Experiment with artificial intelligence (AI)
Specialists from the University of Surrey, the University of Durham and London’s Royal Holloway University carried out an experiment in which they pressed each of the 36 keys on a MacBook Pro multiple times, varying the fingers and the pressure. The resulting sounds were captured both through a Zoom call and with a smartphone near the keyboard.
They then developed a machine learning system to recognize the acoustic characteristics associated with each key. This program was trained on the data and, when tested, achieved read accuracy rates of 95% when recording over a phone call and 93% when over a Zoom call.
Although it is not the first time that sound has been shown to reveal keystrokes, this new system stands out for its greater accuracy compared to similar readers of the past.
“The accuracy of these types of models and these types of attacks is increasing,” Ehsan Toreini, co-author of the study, published at the IEEE European Symposium on Security and Privacy Workshops, from the University of Surrey, told The Guardian. it also expressed concern about the prevalence of microphone-equipped smart devices in homes.
The researchers clarify that their study is a proof of concept and has not been used to crack passwords in real situations, such as in coffee shops. However, they stress that it highlights the urgency of educating the public about these risks and discussing the regulation of AI, since these types of acoustic attacks could affect any keyboard.
What to do to mitigate the possibility of a cyberattack?
To reduce these risks, the researchers propose alternatives such as the use of biometric passwords or two-step authentication systems. They also suggest using the Shift key to create mixed case, or numbers and symbols. This is because, apparently, the AI is still very bad at knowing when the shift key is pressed.
Furthermore, Professor Feng Hao of the University of Warwick, who was not involved in this study, warns of another possible threat. As he revealed to The Guardian, people should also be careful not to type sensitive messages, including passwords, on a keyboard during a Zoom call in front of cameras.
“In addition to sound, visual images of subtle shoulder and wrist movements can also reveal side-channel information about the keys being typed on the keyboard, even if the keyboard isn’t visible to the camera,” he says.
