AI tools can steal passwords by listening to keystrokes during Zoom calls, study says

The increasing adoption of artificial intelligence has not only brought to the fore new ways to carry out tasks faster and more accurately but also raised concerns about the misuse of the technology. Adding to the apprehensions about the dangers of artificial intelligence, a study has revealed that an AI tool can listen to keystrokes recorded during a conference call and allow hackers to steal your password.

In the study, researchers from the Durham, Surrey, and Royal Holloway universities trained an AI model to identify the keystroke sound generated while typing on the 2021 version of Apple’s MacBook Pro.

The research was published as part of the IEEE European Symposium on Security and Privacy Workshops.

According to researchers, when the keystrokes were recorded by a nearby phone, the AI model achieved an accuracy of 95% “the highest accuracy seen without the use of a language model”. When the keystrokes sound was recorded through a video-conferencing call on the Zoom platform, the accuracy turned out to be 93%, which was “a new best for the medium”.

The researchers said the results “prove the practicality of these side channel attacks via off-the-shelf equipment and algorithms”.

To train the AI model, the team pressed each of the MacBook’s 36 keys including all the letters and numbers. All the keys were pressed 25 times in a row using varying pressure and different fingers.

The researchers said that Internet users are unaware of the risk that they could be exposed to a cyber attack called an “acoustic side-channel attack” where their passwords can be stolen by an AI tool.

“The ubiquity of keyboard acoustic emanations makes them not only a readily available attack vector but also prompts victims to underestimate (and therefore not try to hide) their output. For example, when typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound,” the study said.

The researchers also highlighted that passwords containing “full words may be at greater risk of attack”.

Prof Feng Hao from the University of Warwick, who was not part of the study, advised against typing sensitive messages and passwords on a keyboard during a Zoom call. “Besides the sound, the visual images about the subtle movements of the shoulder and wrist can also reveal side-channel information about the keys being typed on the keyboard even though the keyboard is not visible from the camera,” he said, according to The Guardian.

ALSO READ:

• Unlocking AI's potential for everyone

• UAE: World's first graduate-level AI university welcomes 142 students from 34 countries

• Dubai on fast track to becoming world's smartest city

• World