Mitigating Acoustic Side-Channel Attacks: Analyzing Keystrokes through Sound Recordings during Video Conferencing.

According to recent research, there’s a concerning cybersecurity risk linked to typing passwords while chatting on platforms like Zoom. The study found that artificial intelligence (AI) can discern keystrokes by analyzing typing sounds, potentially leading to cyber-attacks. With the widespread use of video conferencing tools and devices equipped with microphones, the threat of sound-based attacks has grown.

Researchers have developed a system that can accurately identify keys being pressed on a laptop keyboard based solely on sound recordings, achieving over 90% accuracy. Dr. Ehsan Toreini from the University of Surrey pointed out the increasing accuracy of such attacks, emphasizing the need for public discussions on AI governance, especially given the rise of smart devices with microphones in households.

The study, published in the IEEE European Symposium on Security and Privacy Workshops, details how the research team employed machine learning algorithms to associate acoustic signals with specific keys. By pressing each of the 36 keys on a MacBook Pro multiple times with varying approaches, the researchers collected sound data from both a Zoom call and a nearby smartphone.

The machine learning system learned to identify key-related acoustic features, potentially influenced by factors such as key proximity to the edge of the keyboard. Testing demonstrated that the system accurately matched keys to sounds, achieving 95% accuracy for phone call recordings and 93% for Zoom call recordings.

Although this work is considered a proof-of-concept and hasn’t been used to crack passwords, it underscores the vulnerability of laptops in public places. The researchers suggest mitigating risks by opting for biometric passwords or enabling two-step verification. Using the shift key to create a mix of upper and lower cases, numbers, and symbols is also recommended to counteract potential eavesdropping.

Experts, like Prof. Feng Hao from the University of Warwick, caution against typing sensitive information, including passwords, during video calls. Additionally, they mention that subtle movements of the shoulder and wrist captured in video could reveal side-channel information about typed keys, even if the keyboard isn’t visible.

Prof. Feng Hao from the University of Warwick, who was not directly involved in the study, pointed out the need for caution when typing sensitive information during video calls. He highlighted that beyond sound, even visual cues such as subtle shoulder and wrist movements could inadvertently leak side-channel information about typed keys, even when the keyboard isn’t in the camera’s view.

The researchers acknowledge that while their study serves as a proof-of-concept and hasn’t been employed to crack passwords or tested in real-world scenarios like coffee shops, it raises concerns about the broader potential for acoustic “side channel attacks.” These vulnerabilities could extend beyond laptops to any keyboard-enabled device, emphasizing the importance of safeguarding against such risks.

The use of video conferencing tools and devices with built-in microphones continues to grow, it’s crucial for individuals to be aware of the potential cybersecurity risks associated with sound-based attacks. Implementing stronger authentication methods, such as biometric passwords or two-step verification, and adopting typing practices that minimize the predictability of keystrokes, like using a mix of upper and lower cases along with numbers and symbols, can help mitigate these risks and enhance overall cybersecurity.

What is your reaction?

0
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly

You may also like

Leave a reply

Your email address will not be published. Required fields are marked *

More in Computers