My wife is not the only person who remarks about how loudly I type. Apparently I hit the keys like I did when I learnt to type on a typewriter.
My 60-words-a-minute touch-typing is not what it used to be, but my typing teacher would be proud to know I retained some of her instructions. She was known as Mrs Home Keys at Rhodes University for her repeated reminders to bring your fingers back to those keys.
I like to console myself that I at least hammer away with 10 fingers, unlike some old-school journos who still use only two.
I’m not sure whether my lingering experience from the typewriter era would be of much use for a remarkable — and frightening — new hack analysing your keyboard typing.
Three British academics have shown that an artificial intelligence (AI) deep learning model can steal data just by listening to a person typing — with an astonishing 95% accuracy — using a smartphone’s microphone.
To do this, Joshua Harrison (from Durham University), Ehsan Toreini (University of Surrey) and Maryam Mehrnezhad (Royal Holloway University of London) recorded keystrokes on a MacBook Pro laptop. They used an iPhone 13 mini, which was 17cm away, to record each key being pressed 25 times in a row.
Their hack is known as a side-channel attack — one that doesn’t try to undermine a security protocol itself but uses other means to exploit weaknesses.
“With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices, acoustic side-channel attacks present a greater threat to keyboards than ever,” the academics write in a paper published this month. “Our results prove the practicality of these side-channel attacks via off-the-shelf equipment and algorithms.”
That this sounds like a futuristic movie plot seems to be coincidental — but the potential for industrial espionage appears real
The academics also tested their attack over Zoom; it was 93% accurate. Conceivably, someone else on a Zoom call could listen in and record what you are typing. This is obviously most concerning when it’s your passwords you’re entering.
They warn that the “ubiquity of keyboard acoustic emanations makes them not only a readily available attack vector, but also prompts victims to underestimate (and therefore not try to hide) their output”.
For example, most people will hide their screen when typing in a password, but “will do little to obfuscate their keyboard’s sound”.
While keyboard sounds have become less pronounced over time, conversely the “technology with which their acoustics can be accessed and processed has improved dramatically”.
That this sounds like a futuristic movie plot seems to be coincidental — but the potential for industrial espionage appears real. Imagine two teams of lawyers negotiating a deal. If one bunch were less scrupulous, and wanted to find out what the others were up to, they could effectively eavesdrop on what was being typed. Until this month, it was a movie plot. Now it’s (technically) possible.
Be careful what you type. Someone may be listening.
*Shapshak is editor-in-chief of Stuff.co.za and executive director of Scrolla.Africa
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.