A recently published paper raises an unsettling claim: utilizing only Zoom audio recordings, an Artificial Intelligence (AI) can accurately decipher keystroke sounds with an astonishing 93 percent accuracy rate. This revelation carries significant cybersecurity implications. While the paper is yet to undergo peer review, a team of researchers based in the UK highlights the prevalent use of microphone-equipped personal devices, which has fostered a new wave of audio-focused cyber threats. When combined with advancements in deep learning, this scenario presents a perilous cybersecurity concoction, potentially leaving sensitive information like passwords susceptible to skilled malicious actors.
The researchers’ concerns are well-founded, given the pervasive presence of microphones. Though the model was trained on a 2021 MacBook Pro, most keyboard designs are relatively uniform. Consequently, if an individual were to develop their AI-powered eavesdropping tool, they could potentially target the vast array of devices without requiring multiple models for different devices.
The training process for the model, referred to as the “classifier” in the paper, proved surprisingly straightforward. The researchers pressed 36 keys on the MacBook Pro, repeating each keystroke 25 times. The audio of these keystrokes was captured using both a nearby iPhone’s microphone and Zoom audio. Subsequently, the program learned from these samples and, during testing, achieved reading accuracies of 95 percent and 93 percent for the respective mediums. When compared to earlier keystroke reading models, this classifier emerged as the most successful, indicating a new era of cyber insecurity.
Study co-author Ehsan Toreini, a software security lecturer at the University of Surrey in the UK, expressed concerns about the increasing accuracy of such models and the rise of related attacks. He also underscored the prevalence of microphone-equipped smart devices in homes, contributing to the growing security challenge.
For those apprehensive about their cybersecurity, several mitigation techniques remain viable. Notably, AI struggles to recognize instances when the shift button is pressed, making the incorporation of capital letters into passwords a helpful strategy. Altering one’s typing technique or opting for fingerprint and facial recognition safety measures whenever possible can also enhance security. Employing two-step authentication methods is generally recommended as a sound security practice.
In situations where sensitive information is being discussed, particularly during video calls, reverting to analog methods might offer an additional layer of security to consider.
