A group of researchers from three English universities has developed a method based on machine learning thanks to which it is possible to steal sensitive data, passwords, or private messages typed on the computer keyboard by analyzing the noise of the keys. The system works thanks to an algorithm for image recognition, which the researchers have trained to correlate the spectrogram of the noise of each key to the corresponding letter.

Various acoustic “side-channel” attacks based on the analysis of noise or electromagnetic signals emitted by a keyboard had already been demonstrated several times in the past. The system described in the study by Joshua Harrison, Ehsan Toreini, Maryam Mehrnezhad, however, uses a new method and demonstrates that, thanks to machine learning, these attacks can be performed more effectively.

The three researchers showed that the system works not only by analyzing a live recording but can also be applied to recordings of a Zoom or Skype call. What changes, in the various cases, is only the level of reliability of the interception: for recording with a smartphone placed near the keyboard (the optimal case) it reaches 95%. In the test performed using a recording via Zoom or Skype, the reliability drops to 93% and 91.7% respectively.

For the average user, the risk of an attack like the one described in the study still remains very low: the algorithm needs specific training for the keyboard to intercept and cannot be easily generalized. To train the system, the researchers pressed each key on a MacBook Pro keyboard twenty-five times, recording the sound with an iPhone placed nearby. They then performed the calibration of the machine learning algorithm with the advantage of perfect cataloging of the letters corresponding to each sound.

In short, as often happens with these case studies, we have the demonstration that the method can work in ideal conditions but that resources, determination and painstaking organization are needed to transport it into the real world. The risk is not non-existent, however, and scenarios can be imagined in which public exposure or the role of the victim could justify the expenditure of resources necessary for an attack of this kind. Take for example the case of a popular streamer typing into Twitch during a live stream. With enough patience and a little luck, an attacker could correlate keyboard sounds to words publicly typed in chat by the streamer, use that correlation to train the algorithm, and then intercept with relative reliability what the intended victim taps on the keyboard during his transmissions, including any passwords or private messages.

In the study, the researchers also offer methods to mitigate the risks of acoustic-type side-channel attacks. To deceive the algorithm, it is enough to change the typing style, for example by pressing the keys more or less strongly when typing a password. The particularly paranoid can turn off any microphones near the computer when sensitive data is being typed, or alternatively use software that inserts interference or white noise – even at inaudible frequencies – into all audio communications. Alternatively, the simplest and most secure method is the use of biometric authentication solutions, such as Touch ID, to select passwords previously saved on the browser or in the system keychain.

