A recent study has indicated that artificial intelligence (AI) could be used by hackers to deduce passwords by analyzing the sound generated when typing during a Zoom video conference, achieving a staggering 93% accuracy.
A group of UK-based researchers has highlighted the huge implications this has for cybersecurity: with the increased use of tools like Zoom and the proliferation of devices with built-in microphones, the the threat of sound-based cyberattacks, scientists warn.
Experiment with artificial intelligence (AI)
Specialists from the University of Surrey, the University of Durham and the Royal Holloway University of London carried out an experiment in which they pressed each of the 36 keys on a MacBook Pro multiple times, varying the fingers and the pressure . The resulting sounds were captured both through a Zoom call and with a smartphone near the keyboard.
They then developed a machine learning system to recognize the acoustic characteristics associated with each key. This program was trained on the data and, when tested, achieved read accuracy rates of 95% when recording over a phone call and 93% when over a Zoom call.
Although it's not the first time sound has been shown to reveal keystrokes, this new system stands out for its higher accuracy compared to similar readers from the past.
The accuracy of this type of model and of this type of attack is increasing,“ Ehsan Toreini, co-author of the study, published in the IEEE European Symposium on Security and Privacy Workshops, from the University of Surrey, who also raised concerns about the prevalence of microphone-equipped smart devices in homes.
The researchers make it clear that their study is proof of concept and has not been used to crack passwords in real-world situations, such as in coffee shops. However, they note that it highlights the urgency of educating the public about these risks and discussing regulation of AI, since these types of acoustic attacks could affect any keyboard.
What can be done to mitigate the possibility of a cyber attack?
To reduce these risks, researchers propose alternatives such as the use of biometric passwords or two-step authentication systems. They also suggest using the Shift key to create mixed case, or numbers and symbols. This is because, apparently,
In addition, Professor Feng Hao of the University of Warwick, who was not involved in this study, warns of another possible threat. As he revealed to The Guardian, people should also be careful not to type sensitive messages, including passwords, on a keyboard during a Zoom call in front of cameras.
In addition to sound, visual images of subtle shoulder and wrist movements can also reveal side-channel information about the keys being typed on the keyboard, even though the keyboard isn't visible from the camera,” he says.