With nothing but a MacBook Pro and an iPhone, researchers have managed to create a program capable of stealing your data as you type it — typing in your passwords in a Zoom or Skype call has just become a bit more dangerous.
As security measures continue to get better, so too do malicious programs and one interesting study has found that you can accurately predict keystrokes using sound waves. Though this is a scary concept, there are a few caveats.
You might want to turn off your mic
As originally reported by bleepingcomputer, researchers have trained a deep learning model to steal confidential information from keystrokes. It can use your built-in microphone to predict which keys you type with up to 95% accuracy.
To do this, it listens to keystrokes you make and matches them to previous behaviors and habits. Initially, it needs a way of recording sound and needs to know which keys you are pressing but will then be able to identify your strokes with just audio.
In the study, researchers pressed 36 keys on a MacBook Pro 25 times each and recorded all the sounds it makes. They then analyzed their waveform and produced spectrograms. Patterns were found between them, accurately guessing which key was pressed and when.
They recorded these presses with an iPhone 13 mini 17cm away from the keyboard and managed to capture strokes with a 95% accuracy from the phone, 93% accuracy from Zoom, and 91.7% accuracy from Skype. This is presumably down to lower-quality audio in those apps.
If you want to avoid a malicious actor using a program like this against you, there are a few things you should do. Firstly, don’t allow people you don’t trust to see which keys you are typing. Make sure you never type in your password when on a call with others.
Though it seems unlikely that someone is lurking in your calls to steal your data, being a little extra careful can ease any worries going into a chat. You could even try typing in your password in unique ways – making it extra long and seemingly random. This 95% accuracy means much less on a string of random letters and numbers. You could also use Apple’s own password manager to avoid this worry altogether.