Hackers can figure out a person’s password by simply listening to them type on a keyboard, cyber security according to a new study.
Using the microphone found on a smartphone, the new method is so effective that it can be carried out in a noisy public space where multiple people are typing, researchers at Southern Methodist University in Texas found.
They discovered the technique by analysing the different sound waves produced when a key on a keyboard is struck.
After processing the acoustic signals, they were able to decode which keys were struck and in which order. This method could be used not only to crack a person’s password, but also decipher someone’s private emails or messages.
“Based on what we found, I think smartphone makers are going to have to go back to the drawing board and make sure they are enhancing the privacy with which people have access to these sensors in a smartphone,” said Eric Larson, an assistant professor at SMU who helped lead the study.
Smartphone apps often require users to accept permission for the app to access the device’s microphone as part of their terms of service.
This is usually to facilitate certain functions of the app, however it is conceivable that hackers could either create malicious apps for the purpose of spying, or hack existing apps in order to secretly hijack a phone’s microphone.
“We were looking at security holes that might exist when you have these ‘always-on’ sensing devices – that being your smartphone,” Dr Larson said. “We wanted to understand if what you’re typing on your laptop, or any keyboard for that matter, could be sensed by just those mobile phones that are sitting on the same table. The answer was a definite, ‘yes’.”
The researchers warned that the victim would have no idea that they are being hacked, however there are certain caveats to the method.
The attacker would need to know the material type of the table that the victim is typing on, as metal and wood surfaces produce different sound wave patterns.