AI’s new attack can silently harvest passwords by analyzing keystrokes

Aug 7, 2023, 6:40 PM UTC
4 mins read
AI's new attack can silently harvest passwords by analyzing keystrokes
A woman with number code on her face while looking afar. (Photo by cottonbro studio from Pexels)

A team of researchers at Cornell University has unveiled a cutting-edge cyber threat that employs artificial intelligence to pilfer sensitive information, specifically honing in on your keystrokes. This novel AI-driven attack, meticulously outlined in a groundbreaking research paper, exposes a disquieting reality: passwords can now be swiped with an alarming accuracy of nearly 95% by eavesdropping on the auditory cues of your keyboard input.

The method employed by these researchers is as ingenious as it is disconcerting. By skillfully training an AI model on the distinctive acoustic patterns generated by keystrokes, the researchers were able to deploy this auditory espionage on a nearby smartphone. This tech-savvy microphone, when positioned near a MacBook Pro, adeptly discerned and replicated the keystrokes with unparalleled precision—marking a remarkable milestone in accuracy unachieved without resorting to the vast resources of a colossal language model.

Even the realm of virtual meetings, known for their inherent challenges, proved to be a potential minefield for cybersecurity. During a Zoom call experiment, where keystrokes were recorded via the laptop’s built-in microphone, the AI showcased its proficiency by replicating the keystrokes with an astonishing 93% accuracy. A parallel test conducted over Skype yielded a commendable accuracy rate of 91.7%, further emphasizing the disturbing capabilities of this AI-driven breach.

Interestingly, the efficacy of this surreptitious attack was not tethered to the volume of the keyboard’s audible output, contrary to popular belief. Rather, the AI model’s success hinged upon its keen comprehension of the nuanced interplay between waveform dynamics, intensity levels, and timing peculiarities associated with individual keystrokes. The subtleties of a user’s typing cadence, such as a fractional delay in pressing one key relative to others, were ingeniously woven into the AI’s algorithm, elevating its accuracy to unprecedented levels.

In practical terms, the potential malefactor would employ malware strategically ensconced within your smartphone or a proximate device boasting a microphone. This inconspicuous software would then surreptitiously collect the audible data emitted from your keystrokes, subsequently feeding this clandestinely gathered information into a meticulously trained AI model. The study employed CoAtNet, an AI image classifier, as the linchpin for orchestrating this incursion. Impressively, the model’s proficiency was cultivated via intensive training sessions involving 36 distinct keystrokes, each executed 25 times, on a MacBook Pro.

With mounting concerns over this newfound chink in the cybersecurity armor, solutions are already being advocated by security experts. Leading the charge is the judicious avoidance of manual password entry altogether, a paradigm shift facilitated by innovative mechanisms like Windows Hello and Touch ID. The robust efficacy of password managers also surfaces as a formidable strategy, ensuring not only the circumvention of keystroke-based threats but also empowering users to embrace complex, randomized passwords across their digital landscape.

In a curious twist, the resilience of your keyboard—whether loud and clacky or hushed and refined—bears no discernible impact on its vulnerability to this pioneering attack vector. The assault’s efficacy is deeply entrenched in its methodology, rendering even the most meticulously engineered keyboards susceptible to its covert machinations.

Tragically, this disconcerting revelation is but the latest testament to a growing litany of cyber threats turbocharged by AI innovations. Merely a week prior, the FBI sounded the alarm regarding the perils posed by ChatGPT, shedding light on its malevolent application in criminal enterprises. Furthermore, security aficionados have found themselves grappling with a dynamic landscape, wherein the advent of adaptive malware capable of rapid metamorphosis—courtesy of tools like ChatGPT—has ushered in a new era of challenges.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x