Type Carefully: Your Keyboard Could Reveal All Your Secrets to Hackers
Researchers Alireza Taheritadjar and Reza Rahaeimehr from Augusta University in the United States have introduced a new acoustic attack method that can determine what a user is typing based on the unique sound signals of keyboard keys and typing patterns. Interestingly, this attack works even in noisy environments, does not require special recording equipment or a specific keyboard model, making it potentially more dangerous in real-world situations.
The attack leverages the distinctive sound vibrations produced by different key presses and the specific typing style, which are captured by specialized software. The article discusses various capture methods, but in the context of this attack, it could involve malware, malicious websites or browser extensions, compromised applications, cross-site scripts, or even compromised USB keyboards.
Although the average success rate of this method is only 43%—lower than other known techniques—it does not require controlled recording conditions. All that’s needed is to obtain typing samples from the target to link specific key sounds to text.
Audio can be recorded using hidden microphones or through infected devices such as smartphones or laptops. The collected data is used to train a statistical model that creates a profile of the user’s individual typing style, based on the time intervals between key presses.
Calculating Time Intervals
This technique takes into account even minor deviations in typing behavior, which helps reduce the impact of errors or noise during recording. The accuracy of text prediction increases by using an English dictionary to filter guesses. A key feature of this attack is its high effectiveness in noisy environments, with different keyboard models, low-quality microphones, and any typing style of the victim.
Identifying Pressed Keys
This method also has its limitations: it is difficult to profile people who rarely use computers and have not developed a consistent typing style, as well as professional typists with very high typing speeds. Testing on 20 subjects showed a range of success from 15% to 85%, indicating varying vulnerability among individuals to this type of attack.
The researchers also noted that using quiet keyboards can make it harder to train the model and reduce the effectiveness of key press prediction. Nevertheless, this new approach highlights the importance of digital security awareness and the potential threats associated with everyday use of familiar technologies.