Researchers Alitra Taheritajar and Reza Rakhaeimehr from Augusta University in the United States have introduced a new method of acoustic attack, as detailed in a recent publication. This method can determine a user’s keystrokes by analyzing unique sound signals and patterns of typed text. Remarkably, this attack can still be successful in noisy environments without the need for special recording equipment or a specific keyboard model, potentially making it more dangerous in real-world scenarios.
The attack operates by utilizing distinctive sound vibrations produced by different key presses and a specific text input pattern captured by specialized software. Various capture methods are discussed in the article, including the use of malicious software, malware, compromised applications, scripts, or USB devices.
While the success rate of this method averages at 43%, lower than other techniques, it does not require controlled recording conditions. Simply obtaining samples of the target’s typing is sufficient to match specific key sounds with corresponding text.
Sound recordings can be obtained through hidden microphones or infected devices like smartphones or laptops. By collecting data, a statistical model can be trained to create a profile of the user’s typing style based on the timing intervals between key presses.
The technique accounts for minor deviations in typing behavior, minimizing the impact of errors or noise during recording. Predictive accuracy is improved by using an English dictionary to filter potential text options. Notably, this attack excels in noisy environments, with various keyboard types, using low-quality microphones, and across different typing styles.
However, the method has limitations. It may be challenging to profile individuals who infrequently use computers or possess inconsistent typing habits. Results from testing on 20 subjects indicated success rates ranging from 15% to 85%, showcasing the differing vulnerabilities of subjects to such attacks.
Researchers highlighted that quiet keyboards could pose challenges in modeling and reduce keystroke prediction effectiveness. Despite these limitations, this new approach underscores the importance of understanding digital security and the potential threats associated with everyday technology use.