listening to your keyboard, learns your passwords by typing | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Kaspersky’s in-house team of cybersecurity experts are warning about new “acoustic side-channeling attacks” — or ASCA — as they use sophisticated AI to listen to your keyboards to work out what you’re typing… email addresses, passwords, phone numbers, private messages, and more.


The hackers using this new ASCA method rely on the sounds being typed into a keyboard; using AI, the hackers will determine what you’re typing. If the hackers have the right equipment, they can analyze the sounds you’re making by tapping on your keyboard, and possibly decode the exact letters that you’re typing in.

ASCAs are another type of side-channel attack, exploiting unintended lines of communication leakage within a system; they’re dangerous as they target indirect channels like power consumption and electromagnetic emissions… or the sounds of your keyboard.

A research paper titled “A Practical Deep Learning-Basic Acoustic Side Channel Attack on Keyboards” teased that AI could be used in ASCAs and that AI could be used to decode passwords by analyzing the sound of keystrokes being pressed by users. Researchers discovered that if an AI model was trained well enough to recognize keystrokes, then hackers would have 95% accuracy on identifying exactly what you’re typing. Scary stuff.

Hackers using AI-powered attacks: listening to your keyboard, learns your passwords by typing 9022

Kaspersky explained in its blog post: “When we enter a credit card number or password, we can hide the keyboard from prying eyes, but protecting yourself from eavesdropping isn’t so easy. It’s not quite there yet, but imagine someone in a café or on the train potentially stealing your password, credit card number, or even your private messages just by listening to you typing“.

The firm offers some advice on how to not fall victim to an AI-powered ASCA attack, such as using two-factor authentication, as 2FA acts as an additional layer of verification before logging into password-protected accounts. Kaspersky says to avoid typing passwords or other secret information during conference calls, but an AI-powered hacker using the sounds of your keyboard isn’t something you can easily avoid.

You’ll have a personal and consistent pattern of typing into your keyboard, with Kaspersky noting you could “mix up your typing style” to avoid hackers, but I truly don’t see people doing that. I certainly wouldn’t change my typing style up, as I’m literally typing an article explaining this AI-powered sound-focused hack. Kaspersky says “both super-slow and super-fast typing can work wonders”. Right.


Click Here For The Original Story From This Source.


National Cyber Security