The constant deep-learning advancements, widespread microphones, and online services are actively escalating the threat of acoustic side-channel attacks on keyboards.
An innovative deep learning model uses a nearby phone’s microphone to classify laptop keystrokes with 95% accuracy and 93% accuracy when trained on Zoom recordings, setting new benchmarks for acoustic attack implementation.
While all these findings are recently unveiled by cybersecurity researchers from the following British universities:-
- Joshua Harrison from Durham University
- Ehsan Toreini from the University of Surrey
- Maryam Mehrnezhad Royal Holloway University of London
Data Targeted by the Attack
The targeted acoustic attack compromises data security, potentially leaking the following data to malicious third parties:-
- Other sensitive information
Unlike other side-channel attacks with limitations, acoustic attacks are now simpler with widespread microphone-bearing devices.
These devices enable high-quality audio captures without special conditions or data rate restrictions.
While rapid machine learning advancements enable feasible and highly dangerous sound-based side-channel attacks, surpassing previous expectations.
Design of the Attack
To initiate the attack, keystrokes are recorded on the target’s keyboard for training the prediction algorithm. This can be done using a nearby microphone or an infected phone with microphone access.
The Zoom-based recording of keystrokes links typed messages to sound recordings by rogue participants. Researchers trained data by pressing 36 keys on a modern MacBook Pro 25 times and capturing the produced sounds.
‘CoAtNet’ trained with spectrogram images, an image classifier that required experimentation with the following elements to achieve optimal prediction accuracy:-
- Learning rate
- Data splitting parameters
While in this experiment following things are used by the security analysts:-
- Standard Apple laptop keyboard
- iPhone 13 mini (Positioned 17cm from target)
Here below, we have mentioned the accuracy achievements of CoANet:-
- From smartphone recordings: 95% accuracy
- Zoom: 93% accuracy
- Skype captures 91.7% accuracy.
Here below, we have mentioned all the recommendations offered by the cybersecurity researchers:-
- Alter typing styles or employ randomized passwords to counter acoustic side-channel attacks.
- Additional defense measures involve software-based replication of keystroke sounds, white noise, or audio filters for keystrokes.
- Make sure to use biometric authentication where possible.
- Ensure the use of robust password managers.