The sound of you typing on your keyboard could reveal your password

As if password authentication's coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in.
The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate way to guess your password by listening to the sound of you typing it on your keyboard.
Computers typically have lots of side channels, such as noises, heat, and changes in electromagnetic emissions, which can be hoovered up and analysed by adversaries to learn more about what's happening on the computer.
Side channel research can get a little far-fetched and impractical at times but it serves a useful purpose in improving our knowledge about what's possible.
This research is firmly rooted in the possible, starting with the decision to monitor sound, rather than something more exotic.
The ubiquity of keyboard acoustic emanations makes them not only a readily available attack vector, but also prompts victims to underestimate their output.
When typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard's sound.
The researchers also used real-world attack scenarios, such as snooping on a laptop keyboard using the microphone on a smartphone in the same room, and by capturing the sound on a Zoom call.
As it is in so much cybersecurity research, Artificial Intelligence is centre stage.
The new password-busting technique uses Deep Learning to determine which of a keyboard's 36 keys are being pressed.
The algorithm was taught using 25 presses on each key of an Apple laptop using different fingers and different pressures.
The sounds from the key presses were processed extensively before being turned into images, and then fed into a deep learning algorithm used for image classification.
The method presented in this paper achieved a top-1 classification accuracy of 95% on phone-recorded laptop keystrokes, representing improved results for classifiers not utilising language models and the second best accuracy seen across all surveyed literature.
When implemented on the Zoom-recorded data, the method resulted in 93% accuracy, an improved result for classifiers using such applications as attack vectors.
All targets of cybercrime are not created equal, and there are nation state agencies willing to spend millions to compromise specific people.
It is not difficult to imagine an intelligence agency using a technique like this, and it isn't too far fetched for industrial espionage either.
If you are concerned about this it's worth noting that entering a password with a password manager makes almost no sound.
If you think you're genuinely at risk from techniques like this you should be looking beyond passwords at things like passkeys anyway.
Cybersecurity risks should never spread beyond a headline.
Keep threats off your devices by downloading Malwarebytes today.


This Cyber News was published on www.malwarebytes.com. Publication date: Tue, 12 Dec 2023 12:43:05 +0000


Cyber News related to The sound of you typing on your keyboard could reveal your password

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
The sound of you typing on your keyboard could reveal your password - As if password authentication's coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, ...
1 year ago Malwarebytes.com
How to Share a Wi-Fi Password: A Step-by-Step Guide - You can unsubscribe at any ...
2 months ago Techrepublic.com
Gamers Warned of Potential CS2 Exploit That Can Reveal IP Addresses - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Best Password Generators of 2024 to Secure Your Accounts - Overview of best password generators to secure online accounts. We have various password generators to help us protect our accounts and practical barriers to protect our sensitive information. We have compiled this list of the best password ...
6 months ago Cyberdefensemagazine.com
Hackers Use Fingertip Friction Sound To Steal Fingerprints - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
9 months ago Cybersecuritynews.com
Poyfill.io claims reveal new cracks in supply chain security The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
5 months ago Go.theregister.com
US Man Jailed 8 Years for SIM Swapping and Apple Support Impersonation - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 year ago Hackread.com
Is it possible to use an external SSD to speed up your Mac - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
Defend Your Business: Testing Your Security Against QakBot and Black Basta Ransomware - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
6 months ago Securityboulevard.com
What is Biometric Security? Your Body Becomes Your Key - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
11 months ago Hackersonlineclub.com
VMware vCenter RCE Vulnerability: What You Need to Know - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
5 months ago Securityboulevard.com
5 Types of Crypto You Didn't Know Existed - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
9 months ago Hackread.com
Google Kubernetes Engine Vulnerabilities Could Allow Cluster Takeover - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
New acoustic attack determines keystrokes from typing patterns - Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise. Though the method achieves an average success rate of ...
9 months ago Bleepingcomputer.com
Lee County student Chromebooks hacked in 'Cyber Monday prank' - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Nbc-2.com
Google to Delete Inactive Gmail Accounts From Today - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Particle Network's Intent-Centric Approach Aims to Simplify and Secure Web3 - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Stellar Cyber Bridges Cybersecurity Skills Gap with First-of-Its-Kind University Program - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Microsoft Outlook Vulnerability Exploited by Russian Forest Blizzard APT - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Int'l Dog Breeding Org WALA Exposes 25GB of Pet Owners Data - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 year ago Hackread.com
Q3 2023 Cyber Attacks Statistics - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackmageddon.com
Fake Lockdown Mode Exposes iOS Users to Malware Attacks - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Flashpoint Uncovers 100,000+ Hidden Vulnerabilities, Including Zero-Days - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)