This new attack uses the sound of your keystrokes to steal your passwords

Who is listening to you type?

News By Sead Fadilpašić published 18 March 2024

Two researchers from Augusta University, in Georgia, U.S., demonstrated a novel way to steal people’s passwords that would put even James Bond to shame.

Alireza Taheritajar and Reza Rahaeimehr published a paper called “Acoustic Side Channel Attack on Keyboards Based on Typing Patterns” which is just as weird as it sounds.

According to the research, there is a way to deduce a person’s password (or any other word that’s typed into a computer) by simply listening to them type.

Is it feasible?

The method is not as accurate as some other side channel attacks, as the researchers suggested the accuracy of this attack is around 43%. To pull it off, all the attackers would need is a relatively small sample of the victim’s typing (just a few seconds, apparently), but would need more than one recording.

Furthermore, they would need an English dictionary. The mitigating circumstance here is that the recording doesn’t have to be particularly “clean”. It could have significant background noise, or come from multiple different keyboards, and still work.

In theory, a threat actor could place a smartphone, or a similar microphone-equipped device, in the relative vicinity of the victim and record them typing. From that recording, they would be able to establish certain patterns, which could then be used to determine potential words. The English dictionary would help to predict which words would make most sense in the context of the sentence.

While it sounds ominous, there are quite a few moving parts that need to align perfectly, for the attack to be pulled off.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors