A research paper titled “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards”, revealed that Artificial Intelligence (AI) can be used to decode passwords by analysing the sound produced by keystrokes.
About Acoustic Side Channel Attack:
- This technique uses the sounds produced by typing on a keyboard to determine what keys are being pressed.
- By analysing these unique sounds, hackers equipped with the right tools can decode the precise letters and numbers being typed.
- Researchers investigated the use of audio recordings taken from Zoom video conferencing calls, smartphone microphones, and off-the-shelf equipment and algorithms to launch ASCA attacks.
- The study found that when trained on keystrokes by a nearby phone, the classifier achieved an accuracy of 95%, the highest accuracy seen without the use of a language model.
- When a deep learning model was trained on the data with default values, the model was able to acquire a meaningful interpretation of the data.
- On a MacBook Pro, which features a keyboard identical in switch design to Apple’s models from the last two years, the model was able to achieve state-of-the-art accuracy with minimal training data.
- Additionally, when the AI model was made to recognise keystrokes using audio captured through a smartphone microphone, it was able to achieve 95% accuracy.
- This form of hacking could expose sensitive information like passwords and personal messages.
What are Side Channel Attacks (SCAs)?
- These are a method of hacking a cryptographic algorithm based on the analysis of auxiliary systems used in the encryption method.
- These can be performed using a collection of signals emitted by devices, including electromagnetic waves, power consumption, mobile sensors as well as sound from keyboards and printers to target devices.
- Once collected, these signals are used to interpret signals that can be then used to compromise the security of a device.
Q1) What is Hacking?
Hacking refers to the act of gaining unauthorized access to computer systems, networks, or digital devices with the intent of manipulating, stealing, or altering data or information.