top of page
  • Voltaire Staff

Now an AI model that can 'steal' passwords



A group of scientists from UK has developed an AI tool which can steal your password by listening to your keyboard sound with 95 per cent accuracy.  


The computer scientists in training the AI model employed a MacBook Pro of the 2021 variant -- described as a "popular off-the-shelf laptop" – and made it listen to each key sound.


According to Joshua Harrison from Durham University, Ehsan Toreini from the University of Surrey, and Maryam Mehrnezhad from the Royal Holloway University of London, the AI tool possesses the potential to assist hackers in pilfering user passwords with almost flawless precision.


The AI model adeptly "listens" to the keystrokes of unsuspecting individuals to filch their credentials. When the AI programme was applied to a nearby smartphone, it succeeded in replicating the entered password with an accuracy rate of 95 per cent.


The AI tool demonstrated proficiency in accurately "listening" to typing sounds captured by the laptop's microphone during a Zoom video conference.


 The researchers classified this form of attack as an acoustic side-channel attack, which involves hackers exploiting audio clues of typing to compromise user accounts.


The researchers cautioned that a substantial number of users remain oblivious to the risks posed by such attacks.


To evaluate the precision of the AI tool, the researchers pressed each of the laptop's 36 keys a total of 25 times, introducing variations in pressure and finger placement with each press to confuse the model.


Despite these efforts, the programme successfully "listened" and identified components of each key press, such as sound wavelengths. The testing with the smartphone, an iPhone 13 mini, involved placing it 17 centimeters away from the keyboard.


In response to this cyber threat, researchers proposed several tips to enhance user protection. They recommended incorporating a combination of uppercase and lowercase letters, as well as special characters in passwords, making it more challenging for the AI tool to accurately detect the password.


All the same, the putative abilility of the tool to 'listen' to passwords may not be as absolute as claimed. One of the ways to dodge the tool is use of password manager which obviates the need to punch in passwords every time one logs in to a website. Besides, the many kinds of keyboards with differences in their make, material, and key press mechanism -- mechanical or membrane-based -- stand to confound the tool's listening powers.


Zoom also commented to the report, "Zoom takes the privacy and security of our users seriously. In addition to the mitigation techniques suggested by the researchers, Zoom users can also configure our background noise suppression feature to a higher setting, mute their microphone by default when joining a meeting, and mute their microphone when typing during a meeting to help keep their information more secure."

 

Comments


bottom of page