Can Your Keyboard’s Sound Leak Your Password? AI‑Powered Acoustic Eavesdropping

Lead: Attackers using machine learning only need to record a user’s input to harvest passwords and other information.

Recently, a development team in the United Kingdom trained a deep‑learning model that can remotely infer the characters being typed on a keyboard solely from audio recordings.

The model was trained on recorded keystrokes and can predict the typed content with an accuracy of up to 95 %. When the training data were collected via Zoom, the accuracy dropped slightly to 93 %.

This research shows that passwords and messages can be captured by anyone who can hear the keystroke sounds, whether the recording is made directly on the laptop or through a video‑call platform that virtually records the audio.

With the proliferation of smartphones and other devices equipped with high‑quality microphones, acoustic side‑channel attacks have become increasingly easy to execute.

The rapid progress of machine‑learning techniques makes such attacks more feasible and far more dangerous than previously imagined; essentially, a microphone and an algorithm are enough to compromise sensitive information.

Researchers note that “the ubiquity of keyboard sounds makes them an easily accessible attack vector, and victims often underestimate the risk of acoustic leakage. For example, people may hide their screen when entering passwords but rarely consider the sound of the keyboard.”

The team performed tests using a MacBook Pro. Recordings were made with a phone placed very close to the laptop during Zoom sessions; subtle waveform differences were captured, yet the machine‑learning system identified each keystroke with remarkable accuracy.

To mitigate the risk of keystroke theft, the researchers recommend varying typing styles, using random passwords instead of whole‑word phrases, injecting synthetic keystrokes during voice‑call attacks, and employing biometric protections such as fingerprint or facial recognition.

Editor: Xiao Mo