Terrifying AI works out your password by listening to the sounds as you type

Although the accuracy did take a hit when listening to the clicks of a keyboard over a video call feed, the terrifying AI was still able to determine a secure alpha-numeric password with 93% accuracy. Thankfully, there’s no evidence of scammers using this technique to steal passwords in the wild.

This troubling demonstration was put together by British researchers from Durham University, the University of Surrey, and Royal Holloway University of London to show the power of AI and the need to move away from traditional methods of securing devices and apps, like passwords. The findings were published in a research paper.

To craft this attack, researchers used Deep Learning – a form of AI that mimics the learning process of the human brain – to determine which of the 36 keys on the keyboards were pressed.

By pressing each key on the laptop 25 times with different fingers and varying pressures, the AI was able to learn the sound of each key. The waveforms of these key presses were processed and turned into images. This enabled the AI to compare the shape of the waveform in real-time as it listened to the sound of somebody typing a password on the keyboard.

While the algorithm was trained on a single machine, MacBook Pro with an M1 processor and 16-inch display released in 2021, the University researchers claim the AI is likely to be able to guess passwords on other laptops of the same model ...even if accuracy dipped slightly. Techniques like this could be commodified in the future.

Is this an attack you need to worry about? Should you avoid typing a password when on a video call?

In their assessment of the research, security experts at Malwarebytes claim that most people shouldn’t be concerned about this proof-of-concept. For the vast majority of people, there are much simpler ways to crack their passwords and infiltrate online accounts.

However, not all targets of cybercrime are not created equal. Agencies from nation-states with six-figure budgets to compromise specific people will likely investigate this sort of technology.

“It isn’t too far-fetched for industrial espionage either,” Malwarebytes experts wrote in a blog post about the findings.

If you are concerned about AI listening to the sounds as you type, researchers have offered some techniques to throw off the algorithm. Switching between upper- and lower-case characters makes it tougher for AI to determine the exact password, while special characters can also make things more complicated.

But the single biggest change you can make to confuse the eavesdropping AI is typing with ten fingers as this had a significant impact on the recognition rate of individual keys, researchers admit.

If you’re looking to improve the security of your online accounts, a password manager can be a brilliant asset. These applications generate secure alphanumeric passwords for every online account (and populate login details for you) so that even if one of your passwords is hacked, leaked, or guessed by an AI’s acute hearing — you don’t need to worry about any other details.

LATEST DEVELOPMENTS

• Warning to Gmail, Outlook, and Yahoo users: You can't ignore this security advice
• If you're using a password on this list – change it now

Google offers a password manager with its popular Chrome web browser, while Apple includes its iCloud Keychain with all of its devices.

Third-party options like 1Password now offer password-free login, so you don’t even need to worry about the strength of the password that secures the vault of your other login details.