We're not sure what possessed several Britain-based researchers to develop an data-stealing AI, but they thought it was a good idea to train a deep-learning model to snatch sensitive info just by "listening" for victims' keystrokes.
Great, just what we needed. More hacking methods for internet scammers.
It's not like malicious actors don't have enough cybercriminal tools under their belt. Why not add one more that now transforms something as innocuous as keyboard acoustics into a tool for malicious hacktivism? (h/t BleepingComputer)
How AI model steals data via keyboard acoustics
In a creepy new report, investigators delved into how they trained a deep-learning model to spy on victims' credentials by assigning each key with an actuation sound.
Researchers used a 16-inch MacBook Pro (2021) outfitted with an M1 Pro processor to run their experiment. The report highlighted that there are very few changes, if any, between MacBook Pro keyboards in recent years, adding that its data-stealing AI could potentially work with several predecessors "and potentially those in the future," too.
Next, the investigators placed a microfiber-wrapped iPhone 13 next to the MacBook Pro (the microfiber prevents the handset from picking up any vibrations from the desk). The researchers then collected training data by recording the different sounds produced by each key on the MacBook Pro.
As it turns out, just by listening to the keystrokes, the AI model could identify the right letters and symbols at a high accuracy rate of 95%. The investigators also tested how well the deep-learning model could pick up on keystrokes via Zoom. In other words, if a malicious actor crashed a Zoom call, could they potentially snatch your private data by "listening" to your keyboard's acoustics? The answer is yes, but at a slightly lower accuracy rate of 93%.
What can you do to circumvent this creepy AI tool?
Don't think that getting a quieter keyboard will protect you. According to the report, the keys' volume had no bearing on whether the deep-learning model correctly identified the keystrokes. Instead, it listens for waveforms and spectrograms to pinpoint which key is being pressed.
As BleepingComputer pointed out, switching to membrane-based keyboards or adding sound dampeners won't thwart the AI model much. The best thing you can do is use password managers and biometric authentication (e.g., fingerprint scanning).
Unfortunately, it's only a matter of time before this study falls into the wrong hands and malicious actors start rubbing their hands over all the cybercriminal chaos they're poised to cause.
It's worth noting that although this deep-learning model was only tested on a MacBook Pro, Apple laptops aren't the only machines susceptible to this data-stealing AI. Most laptop keyboards are vulnerable to this attack.
