Researchers trained a deep learning model with keypress sounds from all recent Apple laptops. If it can hear you type, it can predict your credentials — with scary accuracy.
And, yes, even over Zoom, Twitch or Slack Huddle. In this week’s Secure Software Blogwatch, we turn up the music.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: the michael rosurripere.
Sing loudly at login
What’s the craic? Bill Toulas reports — “New acoustic attack steals data from keystrokes”:
“Rapid advancements”
A team of researchers … has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%. When Zoom was used, … the prediction accuracy dropped to 93%, which is still dangerously high.
…
It could leak people's passwords, discussions, messages, or other sensitive information to malicious third parties. … The abundance of microphone-bearing devices … combined with the rapid advancements in machine learning, make sound-based side-channel attacks feasible. … The attack model proved highly effective even against a very silent keyboard, so adding sound dampeners on mechanical keyboards or switching to membrane-based keyboards is unlikely to help.
So, what is likely to help? Aaron Leong adds — “This AI Can Steal Your Password With Alarming Accuracy”:
“Easy to train”
Stay vigilant with how you enter your personal information on your computer. Password managers and biometric authentication … can help minimize the need for manual entry. The paper also suggests frequently changing your password or typing style, which are effective, but less practical methods.
…
The research … proves that acoustic-based attacks are rather easily developed and dangerous if used by nefarious individuals. CoAtNet was relatively easy to train, as it only required the British team to gather data by pressing 36 keys on the MacBook Pro 25 times.
Horse’s mouth? Joshua Harrison, Ehsan Toreini and Maryam Mehrnezhad offer some wordy motivation — “A Practical, Deep Learning-Based, Acoustic Side-Channel Attack on Keyboards”:
“Results outperform previous work”
The ubiquity of keyboard acoustic emanations makes them not only a readily available attack vector, but also prompts victims to underestimate (and therefore not try to hide) their output. … When typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound.
…
The state-of-the-art CoAt Network … combines more traditional convolutional … deep learning (DL) … models with transformers. … With the recent developments in both the performance of (and access to) both microphones and DL models, the feasibility of an acoustic attack on keyboards begins to look likely [and] a large portion of the population could be at risk.
…
In this paper: … We propose a novel technique to deploy deep learning models featuring self-attention layers for an … acoustic side-channel attack … on a keyboard for the first time. … We propose and implement a practical deep learning-based acoustic side channel attack on keyboards. We use self-attention transformer layers in this attack on keyboards for the first time. … We evaluated our designed attack in real–world attack scenarios [and] our results outperform those of previous work.
Is it a big deal, though? Shaitan thinks it’s pretty big:
That's a pretty big deal: First of all people type passwords and other sensitive things while on teams calls and such all the time.
But an even bigger issue, if you have a microphone enabled device nearby while you work it can be scraping content all day. If it can hear you say, "Hey Google," or, "Hey Siri," then it is listening.
But 95%, while high, is the per-character accuracy. So, many attempts will fail — especially with a long passphrase. SideQuark explains the flaw in that argument:
For each stroke, the most likely key is the top choice. Most models return a probability distribution per key, and it's very likely the other keys are in the top 2 or 3.
Then you simply have the password cracker start trying passwords ordered by probability. … I bet it breaks your sentence within very few tries.
Why not just use a key logger? That’s not the point, says u/luziferius1337:
If you can execute code on the target machine, use a key logger. Easier, more reliable and stealthier data use. This is not the point of this attack vector.
…
Hack into a Zoom meeting, stay silent/undetected, record all audio and decipher all typed text. You may get a random login to a random system, if someone logs in somewhere. You can also use this to target people who voluntarily broadcast their keyboard sounds, like Twitch streamers, etc.
How easy is it? Use the force, Luke90:
Actually applying this as an attack in the wild seems like it would need to overcome a lot of hurdles. … But hey, I'm sure a lot of genuinely dangerous exploits started out with even more abstract proofs of concept than this and it's certainly interesting.
…
Being a terrible typist could be a good defence. … If someone's constantly making and correcting typos … it's going to be harder to work [out] what actual keys were pressed.
When I say, “He say, she say, we say. Make. Some. Noise,” illogicalpremise kills me:
Make some noise! … I read the whole paper … and I'm pretty skeptical of how well this would work outside an experimental setup.
…
If you sit silently in a silent room, doing nothing but typing sensitive text during a video call with untrusted parties on a common/known device then maybe there's a real threat here. But I see no reason for most people to panic.
Is it? u/thispostcouldbemore thinks for themself:
We are going down a slippery slope. My only hope is that … counters will be developed — with counters for the counters that counter the previous counters.
Meanwhile, Logan Naym always — always — gives us more to worry about:
It is not just passwords. They would have access to my snarky comments about how boring the meeting is too.
And Finally:
You have been reading Secure Software Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or ssbw@richi.uk. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: Taiki Ishikawa (via Unsplash; leveled and cropped)
Keep learning
- Get up to speed on securing AI/ML systems and software with our Special Report. Plus: See the Webinar: The MLephant in the Room.
- Find the best building blocks for your next app with RL's Spectra Assure Community, where you can quickly search the latest safe packages on npm, PyPI and RubyGems.
- Learn how you can go beyond the SBOM with deep visibility and new controls for the software you build or buy. Learn more in our Special Report — and take a deep dive with our white paper.
- Commercial software risk is under-addressed. Get key insights with our Special Report, download the related white paper — and see our related Webinar for more insights.
Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.