Study suggests that AI can detect your password from the sound of keys being pressed

Date24 November 2023

Artificial Intelligence can work out a password by listening to individual keystrokes on a person’s keyboard, according to new research co-authored by Dr Maryam Mehrnezhad from the Department of Information Security at Royal Holloway, University of London.

The study, entitled ‘A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards’ was led by Joshua Harrison, from the University of Durham, and co-authored with Dr Maryam Mehrnezhad from Royal Holloway and Dr Ehsan Toreini from the University of Surrey.

Practically, the researchers pressed each of the 36 keys on a MacBook Pro 25 times in a row, including all letters and number, and using varying pressure and different fingers for typing. The sounds were recorded simultaneously over a Zoom call and on a smartphone that was placed a short distance from the keyboard.

The team then fed part of the data into a machine learning system which, over time, learned to recognise features of the acoustic signals associated with each key. The system was then tested on the rest of the data.

The study found that the machine learning system was able to accurately assign the correct key to a sound 95% of the time when the recording was made over a phone call, with successful recognition occurring 93% of the time when the recording was produced via a Zoom call.

The researchers believe that there are lots of areas for further research on this topic; including research into the use of smart speakers like Google Nest and Amazon’s Alexa.

Co-author Dr Maryam Mehrnezhad, said the following: "Side channel attacks have been around for many years. These types of attacks happen when the attacker uses extra (side channel) information, such as sound, processing time or motion sensors, to obtain a secret piece of information such as a PIN or password.

“In my previous work published in the International Journal of Information Security, we showed how we can use motion sensors on mobile phones to identify user PINs and touch actions (BBC, Guardian).

“In this new work published by the IEEE European Symposium on Security and Privacy workshop, we show how feasible and accurate acoustic side attacks can be without physical access to the victim's laptop and via recording the keystroke sounds from a distance or even during a Zoom call. We train a machine/deep learning algorithm with keystroke sounds and predict what key has been pressed on the laptop."

More news

Browse all news

ISG academic receives two teaching prizes

29 Jul 2024

Dr Joe Reddington, Lecturer in Information Security, has had two interventions recognised in the 2024 Royal Holloway Teaching Prize scheme.

ISG provides expert comment on CrowdStrike incident

22 Jul 2024

Dr Andrew Dwyer shares a round-up of the recent CrowdStrike incident, during which he provided expert comment to media outlets.

Cyber security for all: Meet Professor Lizzie Coles-Kemp

20 Jun 2024

Cyber security underpins almost every online interaction we have and has never been so important. We spoke to our Information Security Head of Department to find out more.

Wisdom partners with Brilliant Club

24 Jan 2024

Wisdom committee members Erin Hales and Emma Smith have teamed up with Brilliant Club to create a new course for delivery through the Brilliant Club Scholars Programme.