In recent times, hackers have traditionally targeted databases to initiate cyber attacks, aiming to pilfer critical credentials like account passwords. However, a recent study proposes a new angle: the exploitation of Artificial Intelligence (AI) technology to facilitate password theft.
A collaborative team of forensic experts, collaborating with scholars from esteemed institutions such as Durham, Surrey, and Royal Holloway Universities, has unearthed a startling revelation. They’ve found that AI tools can empower cyber-criminals to discern passwords by merely capturing a user’s keystroke patterns using a microphone.
The next time you utilize a microphone during a Zoom chat or while enjoying music, exercise caution, as the distinctive sounds of typing could be deciphered to deduce passwords from the recordings, uncovering the entered phrases.
Researchers involved in this experiment leveraged an iPhone positioned just 17 centimeters away from a Mac to decode words typed into the laptop. The intriguing aspect is that the differentiation between typing within a document or a web page remains somewhat enigmatic. Nonetheless, these scientists claim an impressive 95 percent success rate.
A similar assessment was conducted during the functioning of the Zoom meeting app, where researchers boast a 93 percent accuracy rate in password detection.
Dr. Ehsan Toreini, leading the Cybersecurity division at Surrey University, elucidates, “Since each keystroke produces a distinct sound, AI tools can deduce on-screen typing, providing us with an estimated idea of the phrase or password being input.”
This begs the question: could these advancements pave the way for acoustic cyber-attacks?
Undoubtedly, this could signify the future for cyber-criminals seeking to exfiltrate sensitive data. Acoustic attacks, involving sonic surveillance for capturing textual information, could indeed emerge as a new frontier for criminal endeavors, boasting an accuracy rate of nearly 96 percent.
Thus, this introduces another form of eavesdropping aimed at harvesting user passwords and other valuable credentials.
