Researchers have found an AI-driven attack that can steal passwords with up to 95% accuracy by listening to what you type on your keyboard.
Cornell University researchers trained an AI model on the audio recordings of people typing, and the AI learned to identify the different sounds that each key makes.
They tested it on a nearby phone’s integrated microphone listening for keystrokes on a MacBook Pro. When the microphone picked up the sound of a keystroke, the AI model could identify the key that was pressed with 95% accuracy. The team took it further by testing the AI’s ability to crack a password by listening to a Zoom call.
In this test, the AI was 93% accurate in reproducing the keystrokes. Over Skype, the model was 91.7% accurate. Before you blame your noisy keyboard for giving away your password, the volume of typing has very little to do with the attack.
The AI works by identifying the waveform, intensity, and time of each keystroke. For example, the AI can tell that you tend to press one key a fraction of a second later than others based on your typing style.
The researchers used CoAtNet, which is an AI image classifier, for the attack, and trained the model on 36 keystrokes on a MacBook Pro pressed 25 times each.
This attack is particularly concerning because it can be carried out using off-the-shelf equipment. A malicious actor could simply place a smartphone with a microphone near your keyboard and use the AI model to steal your passwords and other sensitive information.
Source: AI is now capable of stealing your passwords by listening to you type