Three British researchers used artificial intelligence to identify text from keyboard sound. The program’s accuracy is 95% when the recording is made by a microphone close to the person typing, according to data from the study conducted by the Universities of Durham, Surrey and Royal Halloway.
British professors warn of the risk of malicious people using the keyboard interception technique to steal passwords and also snoop on sensitive information.
Espionage techniques that involve interpreting signals emitted by a device are called side channel attacks (SCAs). The interceptor can pick up electromagnetic waves, battery drain, moving sensors and also sounds.
Side channel attacks are known. They have already successfully decoded Intel processors, printers and the Enigma machine —the one intercepted by the father of computing Alan Turing, as shown in the movie “The Imitation Game” (2014).
What the British research — released in pre-print (still without peer review) — shows is that advances in machine learning increase the performance of sound interpretation techniques.
To carry out the analysis, the researchers first defined the design of the sound wave and then used a mathematical technique to transform it into a signal. The AI can then receive these signals and suggest the most likely words.
It was already possible to detect what was typed on mechanical — and noisy — keyboards. The new study tested notebook keyboards, which, although quieter, have similar structures and, during use, emit similar sounds, which would facilitate the reproduction of the interception technique, according to the authors.
Even so, it is very difficult to achieve the same result on different keyboards, according to USP computer science professor Marcelo Finger, who has already developed AIs that detect patterns based on sound samples.
Passwords that contain whole words are more vulnerable to AI attacks. Even if the model misunderstands the meaning of a key, AIs can correct words by working with prediction of known words —that is, indicating the next most likely word—, according to Eerke Boiten, a professor at the University of Leicester.
Finger claims that artificial intelligence should be more accurate in longer typing chunks, due to the statistical characteristic of its operation. The algorithm has more information to work with and to correct the wrong keys.
Another risk factor is that the proliferation of digital devices increases the number of microphones on the streets and in homes and, with that, increases the chance of having recordings with the necessary quality for interpretation with greater fidelity.
Smartphones, personal assistants —like Alexas—, smartwatches and even smart bulbs, in some cases, can record audio. The simplest objects are the most vulnerable to cyberattacks.
According to the technology company Ericsson, it is difficult to protect against side channel attacks, since the strategy exploits physical characteristics of the devices. One form of protection is the use, by electronics manufacturers, of strategies to confuse the signals emitted by the devices.
In the case of Zoom, the algorithm of the British study manages to hit 93% of what was typed – below the maximum precision of the program. A noise filter in the application makes it difficult to differentiate the sound of the keys.
The technology cuts off part of the sound waves, which are transformed into intelligible code by artificial intelligence. To get around this barrier, British scientists solved the problem with a technique called data augmentation.
Based on the patterns recorded with the sound recorded in a microphone and mathematical operations, the researchers are able to fill in the sections cut by the filter. The data augmentation also served to train the machine learning model with virtual information.
The research was initiated by researcher Joshua Harrison, from the University of Durham, and co-authored by professors Ehsan Toreini, from the University of Surrey, and Maryan Mehrnezhad, from the Royal Holloway University of London.
“Our work sheds light on a new form of virtual attack possible with machine learning [treinamento de programas a partir de exemplos]”, says Toreini, who guided the writing of the article. In cybersecurity research, it is common to test loopholes before criminals exploit them.
Finger, from USP, claims that the study still needs to be reproduced by other scientists to have their numbers tested. “But the methodology makes sense.”