Hackers can work out your online passwords just from the sound of your keystrokes, study finds
Hackers are able to work out your online passwords just from the sound of your keystrokes, a new study has revealed.
The latest cyber threat involves criminals using a mobile phone to eavesdrop on their victim’s keyboard strokes.
In tests researchers were able to detect what was being typed with remarkable accuracy using just a smartphone.
It could be a major threat to people who use laptop computers in public places like coffee shops, libraries and on public transport.
Cybersecurity experts from Southern Methodist University in Texas found that sound waves produced when we type on a computer keyboard can successfully be picked up by a smartphone.
The acoustic signals intercepted by the phone can then be processed, allowing a skilled hacker to decipher which keys were struck and what they were typing.
The researchers were able to decode much of what was being typed using common keyboards and smartphones – even in a noisy conference room where others were typing and talking.
Study co-author Professor Eric Larson said: “We were able to pick up what people are typing at a 41 percent word accuracy rate. And we can extend that out – above 41 percent – if we look at, say, the top 10 words of what we think it might be.”
The research discovered it would take just seconds to obtain information on what someone is typing.
Prof Larson said: “Based on what we found, I think smartphone makers are going to have to go back to the drawing board and make sure they are enhancing the privacy with which people have access to these sensors in a smartphone.”
In a bid to create a real-life scenario, researchers arranged several people in a conference room, talking to each other and taking notes on a laptop.
Placed on the same table as their laptop or computer, were as many as eight mobile phones, kept anywhere from three inches to several feet feet away from the computer.
Study participants were not given a script of what to say when they were talking, and were allowed to use shorthand or full sentences when typing. They were also allowed to either correct typewritten errors or leave them, as they saw fit.
Prof Larson said: “We were looking at security holes that might exist when you have these ‘always-on’ sensing devices – that being your smartphone.
“We wanted to understand if what you’re typing on your laptop, or any keyboard for that matter, could be sensed by just those mobile phones that are sitting on the same table. The answer was a definite yes.”
Mobile phones contain sensors to detect orientation and whether it is sitting still on a table or being carried in someone’s pocket. Some sensors require the user to give permission to switch them on, but many are always on.
Prof Larson said: “A successful interception of this sort could potentially be very scary because there’s no way to know if you’re being hacked this way.”
The study was published in science journal Interactive, Mobile, Wearable and Ubiquitous Technologies.