Researchers have devised a new attack strategy that steals data by recording keyboard stroke sounds. Using a trained deep learning model, the acoustic side-channel attack risks most existing laptops, keyboards, and other devices that involve data typing, as it deciphers keystrokes with over 90% accuracy.
Acoustic Attack Logging Keystrokes Risks Most Devices
A team of researchers has demonstrated a new way to steal data from target computers simply by logging keystrokes. Using a trained deep-learning model, the researchers analyzed the recorded keystrokes to determine the actual data.
Specifically, executing the “fully-automated acoustic side-channel attack (ASCA)” requires recording the target device’s keystrokes with a nearby microphone. For this, an attacker may infect a nearby smartphone with malware and control its microphone for recording the target device’s keystrokes. Or, the attack may even execute via a Zoom video call.
Next, using trained deep-learning models, an adversary can
The researchers demonstrated both attack scenarios in their study. They trained the DL model by pressing 36 keys of a MacBook Pro, 25 times each, with varying pressures, recording all the sounds. Next, they produced waveforms and mel-spectrograms for the sounds to visualize the differences. They then used the spectrograms to train the CoAtNet image classifier model for data prediction.
After completing the DL training, the researchers then performed the attack on a MacBook Pro 16-inch (2021), first recording its keystrokes via an iPhone 13 mini placed 17cm away from the device and then, with a Zoom video call using the target device’s microphone.
They achieved a 95% accuracy in the information deciphered from the keystrokes data when recorded with a smartphone’s microphone and a 93% accuracy with Zoom call recordings. The team has shared the details about this attack strategy in its research paper.
Attack Limitations And Mitigations
Since this acoustic side-channel attack solely relies on sounds produced from the keystrokes, the researchers suggest that changing typing styles can sufficiently prevent the attack. Likewise, switching to the touch-typing mode can also help avoid such attacks.
Besides, to avoid or disrupt keystroke recordings via the device’s microphone over VoIP calls, playing sounds near the broadcasting microphone or adding white noise can reduce the keystroke logging accuracy.
In addition, adding random keystrokes in the middle of typing important stuff, such as passwords, can prevent an adversary from predicting the data. Whereas, implementing keystrokes acoustics suppression or removal from VoIP apps can also help prevent such attacks in the long run.
Let us know your thoughts in the comments.