This is how they can hack you just by listening to you type

this is how they can hack you just by listening to you type
this is how they can hack you just by listening to you type

Hackers never stop innovating methods to steal credentials, and one of the latest strategies would require nothing more than a microphone close to someone’s laptop to find out their password.

A new reason arises why we may have to distrust other devices close to our position when we work or use our laptop in a public place. Two researchers have documented a new hacking method based on the sound produced by pressing keys when typing on a computer. Although the success rate of this method is not yet high (43%), it is an alternative method for cracking passwords that could be developed and improved over time.

According to the work of two researchers from Augusta University in Georgia, USA, this hacking method consists of listening to the sound of keys while someone uses their computer through a microphone that, for greater effectiveness, should be placed as close as possible. of the victim. Subsequently, this audio recording would be analyzed together with a dictionary to try to find patterns and thus guess words following some prediction model.

The research, carried out by Alireza Taheritajar and Reza Rahaeimehr and titled “Acoustic side channel attack on keyboards based on writing patterns” , ensures that hackers would not need very long recordings to achieve results, but they would need several listens. In addition, they detail that the recording does not have to be particularly clean, regardless of whether there is a certain level of background noise or whether the microphone quality is not good. The dictionary would be used to find relationships and possible words based on the context of the sentence.

Another option to placing a microphone or device with a built-in microphone near the victim would be to directly access the microphone of the user’s computer using some type of malware, and from there try to find out their passwords.

Safe if you write very fast

In the conclusions section of the paper, the researchers indicate: «Our results were achieved in a realistic environment without restrictions on users’ keyboards, typing patterns or ambient acoustic noises, which is a significant advantage over other approaches. We use an English Dictionary to improve our text detection capabilities. However, we intend to explore the potential of AI-powered models such as LLMs [large language models] in future projects to improve our success rate.”

Despite the risks that this technique may entail, the success rate achieved with this strategy does not exceed 43% , and in addition, the researchers recognize in the document that this rate can drop even further if the user is a “professional typist” because They type very fast, and the “touch, press, and key release events of consecutive presses usually overlap and we cannot detect the binding pattern precisely.” It should also be taken into account that the victims used for the study showed a “unique” typing pattern, that is, characteristic, although it is likely that many of us also have a recognizable writing style.

An attack without much complexity

This may become an attack to fear in the future because, as the researchers say, it differs from other acoustic side channel attacks in that their proposed method does not require “a large data set” and minimizes “the dependency on the keyboard.” », which makes it easier to implement than other offensives. It also does not require great complexity in training the model, as stated on page 7 of the document.

However, with a success rate that does not reach half of the cases, it is still not a cause for much concern.

Previous articleFor its anniversary, AliExpress sinks the price of this premium Xiaomi mobile with 12 GB of RAM and 1.5K screen
Next articleFinally: so we can know which are the 2,700 municipalities with Vodafone 5G
Expert tech and gaming writer, blending computer science expertise