LONDON: Cybersecurity experts are warning users to exercise caution while typing passwords during Zoom calls, as a new artificial intelligence (AI) tool has emerged with the capability to steal passwords by listening to keystrokes with an alarming accuracy rate of approximately 90%.
A recent study conducted by researchers from Durham, Surrey, and Royal Holloway universities has shed light on a new form of cyberattack that leverages AI to identify passwords based on the distinct sounds of keystrokes. As the use of video conferencing platforms like Zoom continues to rise, this method of sound-based cyberattack poses a significant risk to users’ online security.
The researchers’ findings, published on August 3, revealed that microphones have the ability to capture and identify unique typing patterns associated with each key. By training an AI model using sound data recorded from keystrokes, the researchers achieved remarkable accuracy in deciphering text, including passwords, from the recorded keystroke sounds.
AI Tool Can Successfully Trace Password
The process involved pressing each of the 36 keys on a MacBook Pro while recording the accompanying sounds. The collected sound data was then used to train the AI model, which successfully recognized the unique patterns associated with each key. In tests using Zoom video conferencing software, the AI model accurately interpreted keystrokes with an impressive accuracy rate of 93% when the sounds were captured from a MacBook Pro. The accuracy rate further increased to 95% when using an iPhone 13 mini.
As the adoption of video conferencing platforms continues to grow and more devices equipped with microphones become ubiquitous, the risk of such sound-based cyberattacks becomes even more pronounced. Cybersecurity experts emphasize the importance of remaining vigilant during online activities and being cautious while typing sensitive information, including passwords, especially when using platforms that have access to microphones.
In light of this emerging threat, users are advised to take extra precautions to protect their passwords and personal information, including using secure and unique passwords for different accounts, enabling two-factor authentication, and regularly updating their software and security measures.
