Researchers have trained a deep learning AI model to “hear” computer keyboard keys with up to 95% accuracy.
Αν και υπάρχει περιθώριο βελτίωσης, ο βασικός mechanical has Artificial Intelligence that "listens" to the keys of a computer keyboard using conventional microphones, for example a modern smartphone, and records the keystrokes.
Researchers Joshua Harison, Ehsan Toreini and Maryam Mehrnezhad published the research paper A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards (PDF) this week.
To prove the theory, the researchers trained an AI model on a MacBook Pro. This was done by pressing the keyboard keys multiple times so that the AI could learn the different key sounds. They analyzed the waveforms of the sounds of each of the keys pressed and noticed that each keystroke had a unique waveform.
After being trained, the AI was able to recognize keystrokes with 95% accuracy on the MacBook Pro test device using a conventional smartphone microphone. The researchers report that accuracy would drop to 93% if the training was done via Zoom, and that it would drop even further when using VOIP to record the sounds.
The model supports local and remote espionage provided that there is some device that captures the target's keystrokes and that it is properly trained. One of the main drawbacks of a potential attack is that the learned AI model needs to be trained on individual keyboards to be able to detect the keys accurately.
Also, the attack works best when using mechanical keyboards or other noisy keyboards. Less works better when using quieter keyboards than a target.
Οι ερευνητές αναφέρουν ότι κακόβουλοι χρήστες θα μπορούσαν να χρησιμοποιήσουν την τεχνητή νοημοσύνη σε στοχευμένες attacks για να αποκτήσουν κωδικούς πρόσβασης και άλλες ευαίσθητες πληροφορίες, για παράδειγμα κατά τη διάρκεια βιντεοκλήσεων.
Attacks using the described AI model to detect keystrokes using audio devices should not concern you at this time. Although there is a possibility attacks on high-value targets, large-scale attacks do not seem feasible at this time.