In today’s world, where digital security and privacy are paramount, new methods of cyber attack are constantly emerging. One such method, surprisingly sophisticated and effective, is based on something as simple as listening to the sound of our keystrokes as we type. Security researchers have demonstrated that through this sound, it’s possible to ascertain what a person is typing on their MacBook Pro with an alarming accuracy ranging from 92% to 95%.
How is this attack possible?
The essence of the attack, as outlined by BleepingComputer, lies in the distinct sounds produced by each key when pressed. Each key has a slightly different acoustic profile, and these nuances can be captured and analyzed with the appropriate tools. It’s quite astonishing to think that this has been achieved even on the keyboard of a MacBook Pro, which is considerably quieter than a traditional mechanical keyboard.
To carry out the attack, the first step is to calibrate the tool for the victim’s specific keyboard. This calibration process can be conducted during a video conference, for instance, where participants not only speak but also type messages in group chats. Through this, an attacker can record the keystrokes of the target keyboard. This recording is crucial for training a prediction algorithm that will subsequently decipher words based on the sounds.
If the attacker obtains a clean recording, such as by compromising the smartphone’s microphone placed near the keyboard, a precision level of 95% is achieved. Using Zoom, this precision slightly drops to 93%, while with Skype, it falls to 91.7%. Although these figures may vary, they still remain high enough to be considered genuine threats.
Risks and preventive measures
In an era where video conferences and online communication tools are essential in our daily lives, it’s alarming to realize that something as innocuous as the sound of our keyboard could be an open door to threats. Passwords, bank credentials, and other sensitive data could be at risk if an attacker chose to employ this technique.
Researchers suggest that if you’re entering a password or any other sensitive data during a live call, you should alter your typing style. However, a simpler solution would be to ensure that the microphone is muted when not speaking and to avoid typing anything confidential during the call.
It’s important to note that while muting the microphone can be an effective defense against this type of attack during video conferences, it doesn’t offer protection against malware that has taken control of a device’s microphone.
Are we safe?
The short answer is yes. While they have demonstrated the feasibility of this system, the chances of success decrease relatively easily. Something as simple as using our AirPods during a call makes the sound of keystrokes nearly inaudible, for instance. The need to delete text or make corrections in the message being typed hinders the correlation between what’s written and the sound produced.
Moreover, the attacker must also be participating in the specific video call to access the sound of the keystrokes and see the messages we send. Thus, during a call with someone we don’t know, it might be wise to mute the microphone more frequently than we normally would. However, let’s not forget that to extract sensitive information, we would need to type it during a video call while potentially being overheard.
While ChatGPT and its counterparts may pose challenges for cybersecurity experts, it’s evident that the digital world is in constant evolution, bringing forth new threats to our security and privacy. Staying informed and taking precautions to safeguard our information is crucial. This innovative keyboard sound-based spying method serves as a reminder of the sophistication and persistence of attacks. It’s best for us to remain vigilant and prioritize our digital security to ensure our safety in this ever-changing landscape.
Some of the links added in the article are part of affiliate campaigns and may represent benefits for Softonic.
