Hackers Can Work Out Your Password By Listening To Your Keystrokes As You Type

Research from Southern Methodist University has revealed a new way to hack a person’s password.

At this stage, most internet users are likely savvy enough to dodge suspicious spear-phishing emails and know not to use the same password for every account. But new research from the Darwin Deason Institute for Cybersecurity at Southern Methodist University (SMU) in Texas suggests that hackers may be able to access your information in a novel way – by using a nearby smartphone to intercept the sound of your keystrokes.

The SMU researchers found, as explained in a paper published in the June edition of Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, that a smartphone can successfully pick up the sound waves produced when people type, which can then be processed by adept threat actors to discern what a person is typing.

The team was able to decode what was being typed by listening to keystrokes using a common smartphone, even in a noisy conference room amid the sound of other people typing and having conversations.

“We were able to pick up what people are typing at a 41pc word accuracy rate. And we can extend that out above 41pc if we look at, say, the top 10 words of what we think it might be,” said Eric C Larson, one of the two lead authors and an assistant professor in SMU Lyle School’s Department of Computer Science.

Larson explained that there are many kinds of sensors in smartphones that allow the phone to determine its orientation and detect when it is sitting still on a table or being carried in someone’s pocket. While some of these sensors require permission to switch on, many of them are always turned on by default.

The research team leveraged these always-on sensors and developed a new app that processed the sensor output to predict the key that was pressed by the typist.

With this form of hacking it is difficult, if not impossible, to know if it’s happening to you, but the team noted that there are a few caveats.

“An attacker would need to know the material type of the table,” Larson said, noting that someone typing on a wood table sounds different to someone typing on a metal tabletop.

“An attacker would also need a way of knowing there are multiple phones on the table and how to sample from them.”

RECENT NEWS

Big Techs Spending Soars With Data Centre Boom

The rapid expansion of data centres has turned Big Tech into big spenders. As companies strive to meet the growing deman... Read more

SEC's Oversight Over Digital Assets: Balancing Regulation And Innovation

As the digital asset market continues to expand, regulatory agencies like the Securities and Exchange Commission (SEC) a... Read more

Harnessing AI To Combat Cyber Risk: Strategies For Financial Institutions

Cyber threats pose an ever-present danger to financial institutions, requiring robust strategies to mitigate risks effec... Read more

Adaptation And Innovation: Revolut's Response To Banking License Delay Through Advertising Sales Push

As Revolut eagerly awaits the acquisition of its banking license, the fintech giant has demonstrated remarkable adaptabi... Read more

Riding The Wave: The Evolution Of Fintech Investment Strategies

The fintech industry has experienced unprecedented growth in recent years, captivating the attention of investors worldw... Read more

How Fintech Is Revolutionizing Traditional Banking

How fintech is revolutionizing traditional banking is a topic that is garnering positive and immense discourse within th... Read more

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy.