A new study by a group of British researchers has shown that artificial intelligence models can determine what users are typing on their computers, such as passwords, with very high accuracy by listening to and analyzing keyboard typing sounds.

The study, which was published during the IEEE (Institute of Electrical and Electronics Engineers) European Symposium on Security and Privacy, warned that the technology posed a serious security risk to users because it could steal data through microphones built into electronic devices we use during the day.

But how does this technology work? And what are the expected risks? How can it be reduced?

The researchers created an artificial intelligence model that can recognize the sounds of typing on an Apple MacBook Pro computer keyboard, and after training this model on keystrokes recorded by a nearby phone, it is able to determine which key is pressed with up to 95% accuracy, based only on the sound of a keystroke.

The researchers indicated that when using voices collected by a computer during Zoom conversations to train a voice classification algorithm, the prediction accuracy dropped to 93%, which is a high and alarming percentage and is considered a record for this method.

The researchers collected training data by pressing 36 keys on a MacBook Pro keyboard 25 times per key with different fingers and varying degrees of pressure, then recording the sound of each keystroke using a smartphone placed next to the computer keyboard or via Zoom call made from a computer.

They then created waveforms and spectral images from recordings showing the clear differences of each key and performed data processing steps to amplify the waveforms that could be used to determine the sound of the keys.

After testing the model on this data, they found that it was able to identify the correct key from smartphone records at 95%, from Zoom call records at 93%, and from Skype call records at 91.7%, which is lower, but all the same very much, and anxiety.

With the rise in the use of video conferencing tools such as Zoom, the ubiquity of devices with built-in microphones, and the rapid development of artificial intelligence technologies, these attacks can collect a lot of user data, such as passwords, the researchers say. You can easily access discussions and messages, as well as other sensitive information.

Unlike other side-channel attacks that require special conditions and are limited in data transfer rate and distance, voice attacks have become much easier due to the abundance of devices that have microphones and can make high-quality audio recordings, especially with the rapid development of technology. . machine learning.

Of course, this is not the first study of voice cyberattacks, as there are many studies that have shown how vulnerabilities in the microphones of smart devices and voice assistants, such as: Alexa, Siri and (Google Assistant) Google Assistant, can be used in cyberattacks, but the real danger is here is how accurate the AI ​​models are.

The researchers say that in their research they used the most advanced methods, artificial intelligence models and achieved the highest accuracy so far, and over time these attacks and models will become more accurate.

Dr Ihsan Tourani, who participated in the study at the University of Surrey, said: “These attacks and models will become more accurate over time, and as smart devices with microphones become more common in homes, there is an urgent need for public discussion about how to organize artificial intelligence attacks.

The researchers advised users who are concerned about these attacks to change the password writing pattern, for example: use the Shift key to create a mixture of uppercase and lowercase letters with numbers and symbols so as not to know the entire password.

They also recommend using biometric authentication or password management apps so you don’t have to manually enter sensitive information.

Other potential defenses include using software to play keypress sounds or white noise to distort the sound of keyboard buttons being pressed.

In addition to the mechanisms proposed by the researchers; A Zoom spokesperson posted a comment on this study to BleepingComputer, advising users to manually adjust the background noise isolation feature in the Zoom app to reduce background noise, disable the default microphone when joining a meeting, and disable the microphone when typing during a meeting to help keep their information safe and protected from such attacks.