A study posted on 3 August 2023 titled “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards” by J. Harrison et al describes the training and implementation of AI to recognize keystroke acoustics.
Two modes of sampling were carried out:
Record by using an iPhone 13 mini placed 17cm away from the target laptop.
Record by using the built-in function available on Zoom with noise suppression set to the lowest possible. (The target is obviously a participant in the meeting.)
In both cases, the target laptop used is the MacBook Pro 16-inch (2021). The researchers picked this laptop because it is a “popular off-the-shelf” unit and the same keyboard is used in other models. Thus, if this laptop is compromised, then others using the same keyboard are also compromised. Also, future laptops may use the same or similar keyboard. More generally, laptops are non-modular so one cannot simply get a new keyboard if compromised (unlike desktops).
Whilst these conditions may not be the most realistic since the recording distance may not be that close without the intended victim noticing and Zoom noise-suppression function may be typically set higher than the minimum, the results are disconcerting.
The method presented in this paper achieved a top-1 classification accuracy of 95% on phone-recorded laptop keystrokes, representing improved results for classifiers not utilising language models and the second best accuracy seen across all surveyed literature. When implemented on the Zoom-recorded data, the method resulted in 93% accuracy, an improved result for classifiers using such applications as attack vectors.
The researchers noted that touch typing reduced the AI’s accuracy and that “no paper in the surveyed literature succeeded in recognising the ‘release peak’ of the shift key amidst the sounds of other keys”.
Either way, if we think beyond the AI merely listening to us typing our passwords, then we might be careful about what we type at all times even if it is not sent or posted anywhere. And that’s considering keystroke acoustics in isolation without factoring in all the other methods of sampling/surveillance.
Be sure to subscribe to our mailing list so you get each new Opinyun that comes out!
