Skip to main content

Study suggests that AI can detect your password from the sound of keys being pressed

Study suggests that AI can detect your password from the sound of keys being pressed

  • Date10 August 2023

Artificial Intelligence can work out a password by listening to individual keystrokes on a person’s keyboard, according to new research co-authored by Dr Maryam Mehrnezhad from the Department of Information Security at Royal Holloway, University of London.

typingjpg.png

The study, entitled ‘A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards’ was led by Joshua Harrison, from the University of Durham, and co-authored with Dr Maryam Mehrnezhad from Royal Holloway and Dr Ehsan Toreini from the University of Surrey.

Practically, the researchers pressed each of the 36 keys on a MacBook Pro 25 times in a row, including all letters and number, and using varying pressure and different fingers for typing. The sounds were recorded simultaneously over a Zoom call and on a smartphone that was placed a short distance from the keyboard.

The team then fed part of the data into a machine learning system which, over time, learned to recognise features of the acoustic signals associated with each key. The system was then tested on the rest of the data.

The study found that the machine learning system was able to accurately assign the correct key to a sound 95% of the time when the recording was made over a phone call, with successful recognition occurring 93% of the time when the recording was produced via a Zoom call.

The researchers believe that there are lots of areas for further research on this topic; including research into the use of smart speakers like Google Nest and Amazon’s Alexa.

Co-author Dr Maryam Mehrnezhad, said the following: "Side channel attacks have been around for many years. These types of attacks happen when the attacker uses extra (side channel) information, such as sound, processing time or motion sensors, to obtain a secret piece of information such as a PIN or password.

“In my previous work published in the International Journal of Information Security, we showed how we can use motion sensors on mobile phones to identify user PINs and touch actions (BBC, Guardian). 

“In this new work published by the IEEE European Symposium on Security and Privacy workshop, we show how feasible and accurate acoustic side attacks can be without physical access to the victim's laptop and via recording the keystroke sounds from a distance or even during a Zoom call. We train a machine/deep learning algorithm with keystroke sounds and predict what key has been pressed on the laptop."

Related topics

Explore Royal Holloway