The constant deep-learning advancements, widespread microphones, and online services are actively escalating the threat of acoustic side-channel attacks on keyboards.
An innovative deep learning model uses a nearby phone’s microphone to classify laptop keystrokes with 95% accuracy and 93% accuracy when trained on Zoom recordings, setting new benchmarks for acoustic attack implementation.
While all these findings are recently unveiled by cybersecurity researchers from the following British universities:-
-
Joshua Harrison from Durham University
-
Ehsan Toreini from the University of Surrey
-
Maryam Mehrnezhad Royal Holloway University of London
Data Targeted by the Attack
The targeted acoustic attack compromises data security, potentially leaking the following data to malicious third parties:-
-
Passwords
-
Discussions
-
Messages
-
Other sensitive information
Unlike other side-channel attacks with limitations, acoustic attacks are now simpler with widespread microphone-bearing devices.
These devices enable high-quality audio captures without special conditions or data rate restrictions.
While rapid machine learning advancements enable feasible and highly dangerous sound-based side-channel attacks, surpassing previous expectations.
Design of the Attack
To initiate the attack, keystrokes are recorded on the target’s keyboard for training the prediction algorithm. This can be done using a nearby microphone or an infected phone with microphone access.
The Zoom-based recording of keystrokes links typed messages to sound recordings by rogue participants. Researchers trained data by pressing 36 keys on a modern MacBook Pro 25 times and capturing the produced sounds.
Keystroke isolation process (Source – Arxiv)
‘CoAtNet’ trained with spectrogram images, an image classifier that required experimentation with the following elements to achieve optimal prediction accuracy:-
-
Epoch
-
Learning rate
-
Data splitting parameters
Waveform and corresponding mel-spectrogram (Source – Arxiv)
While in this experiment following things are used by the security analysts:-
-
Standard Apple laptop keyboard
-
iPhone 13 mini (Positioned 17cm from target)
-
Zoom
Accuracy Achievements
Here below, we have mentioned the accuracy achievements of CoANet:-
-
From smartphone recordings: 95% accuracy
-
Zoom: 93% accuracy
-
Skype captures 91.7% accuracy.
Recommendations
Here below, we have mentioned all the recommendations offered by the cybersecurity researchers:-
-
Alter typing styles or employ randomized passwords to counter acoustic side-channel attacks.
-
Additional defense measures involve software-based replication of keystroke sounds, white noise, or audio filters for keystrokes.
-
Make sure to use biometric authentication where possible.
-
Ensure the use of robust password managers.
