Call it a sign of new cybersecurity times.
A new paper claims: With only Zoom audio to go on, an AI can decode keystroke sounds with a startling 93 percent accuracy. And it can decode what — no, not if, but what — you’re typing.
It’s an ominous discovery, and the cybersecurity implications loom large. In the (yet-to-be-peer-reviewed) paper, a UK-based team of researchers emphasizes the modern ubiquity of microphone-equipped personal devices, which has, in turn, given rise to a new wave of audio-targeted cyberattacks; add “recent developments in deep learning” to the mix, they say, and you have a dangerous cybersecurity cocktail that could leave sensitive information like passwords exposed to savvy bad actors.
The researchers’ concerns aren’t a stretch. Microphones really are everywhere, and though the researchers trained their model on a 2021 Macbook Pro, most keyboards out there are more or less the same. So, in theory, if someone were to train their own AI-powered eavesdropping bot, they’d be able to target the vast majority of devices out there, without having to train multiple models.
The training process for the “classifier,” as the model is referred to in the paper, was also surprisingly simple. The researchers pressed 36 keys on the Macbook Pro a total of 25 times each, recording the keystrokes on two different mediums: a nearby iPhone’s microphone and Zoom audio.
The program learned from there, and later, when tested on each medium, the classifier achieved respective reading accuracies of 95 and 93 percent. When compared to similar keystroke readers of the not-so-distant past, this classifier, according to the research, has proven itself to be the most successful. Call it a sign of the (new cyber-insecure) times.
“I can only see the accuracy of such models, and such attacks, increasing,” study co-author Ehsan Toreini, a lecturer in software security at the UK’s University of Surrey, told The Guardian, additionally expressing concerns over the prevalence of microphone-equipped smart devices in homes. (Big gulp.)
If you’re now stressed about your own cybersecurity, there remain a few mitigation techniques. AI is still apparently very bad at knowing when you hit the shift button, so incorporating capitals into your passwords might help. You can also try to switch up your typing technique, or simply opt for fingerprint and face-reading safety procedures when available (and, as a general rule, two-step authenticators are a sound security practice.)
Still, the next time you’re taking minutes on corporate secrets during a video call, consider going analog.
More on cybersecurity in the AI era: Scammers Use Voice Cloning AI to Trick Grandma into Thinking Grandkid Is in Jail