Researchers have unveiled a pioneering “deep learning-based acoustic side-channel attack” that demonstrates a remarkable 95% accuracy in deciphering laptop keystrokes recorded by a nearby phone. This breakthrough technique, introduced by academics Joshua Harrison, Ehsan Toreini, and Maryam Mehrnezhad, achieves an unprecedented accuracy rate of 93% when trained on keystrokes captured through Zoom video conferencing software, setting a new standard for this medium.
Side-channel attacks, which exploit physical effects during data processing, including acoustics, electromagnetic radiation, and more, have the potential to compromise user privacy and security, serving as a means for malicious actors to access confidential data.
The ubiquity of keyboard acoustic signals exposes a significant attack vector that victims often underestimate, leading them to neglect concealing their keystrokes’ sounds. This vulnerability can be exploited by cybercriminals to gain unauthorized access to sensitive information, such as passwords. The researchers emphasize that despite the absence of a completely side-channel-free implementation, countermeasures are crucial to mitigate the risks.
To execute the attack, the academics conducted experiments using 36 keys from an Apple MacBook Pro, capturing variations in pressure and finger placement during 25 consecutive key presses for each character. Data collection occurred through a phone in close proximity to the laptop and via Zoom.
The subsequent phase of the attack involved isolating individual keystrokes and transforming them into mel-spectrograms. These spectrograms were then processed by a deep learning model known as CoAtNet (short for convolution and self-attention networks), enabling precise classification of the keystroke images. To bolster defenses against this type of attack, the researchers propose adopting changes in typing style, employing randomized passwords, and integrating randomly generated fake keystrokes to thwart voice call-based attacks. This innovative research highlights the importance of staying ahead of emerging cyber threats and implementing robust security measures to safeguard sensitive data.
