This new attack uses the sound of your keystrokes to steal your passwords

Person typing on keyboard
(Image credit: Shutterstock.com)

Two researchers from Augusta University, in Georgia, U.S., demonstrated a novel way to steal people’s passwords that would put even James Bond to shame.

Alireza Taheritajar and Reza Rahaeimehr published a paper called “Acoustic Side Channel Attack on Keyboards Based on Typing Patterns” which is just as weird as it sounds.

According to the research, there is a way to deduce a person’s password (or any other word that’s typed into a computer) by simply listening to them type.

Is it feasible?

The method is not as accurate as some other side channel attacks, as the researchers suggested the accuracy of this attack is around 43%. To pull it off, all the attackers would need is a relatively small sample of the victim’s typing (just a few seconds, apparently), but would need more than one recording.

Furthermore, they would need an English dictionary. The mitigating circumstance here is that the recording doesn’t have to be particularly “clean”. It could have significant background noise, or come from multiple different keyboards, and still work.

In theory, a threat actor could place a smartphone, or a similar microphone-equipped device, in the relative vicinity of the victim and record them typing. From that recording, they would be able to establish certain patterns, which could then be used to determine potential words. The English dictionary would help to predict which words would make most sense in the context of the sentence.

While it sounds ominous, there are quite a few moving parts that need to align perfectly, for the attack to be pulled off.

For one, the attacker needs to either be really close to the victim, have a recording device nearby (a smart speaker would suffice, apparently), or have malware installed that’s capable of leveraging the computer’s microphone. Then, the attacker needs to type in their password, as well as a bunch of other words.

They cannot be a professional typist, or be able to type fast in general, as that messes with the predictions. Then, the attackers can analyze the recordings and will still end up with just a 43% chance of success.

Via Bleeping Computer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
Cartoon Phishing
Over a billion credentials stolen were stolen in malware attacks in 2024
Person using finger print authentication
Passwords out, passkeys in: The future of secure authentication
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Everything you need to know about phishing
Robotic hand clicking on captcha 'I am not a robot'.
Double clicking danger - experts warn just two clicks can let attackers steal your accounts
password manager
I'm a security expert - here are my biggest tips for creating a secure password for work and home life to stay safe online
Latest in Security
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
A digital representation of blockchain.
Malicious npm packages use devious backdoors to target users
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
Latest in News
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app announced, available today on iOS and Android devices – and here's what it does
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games
An image of the Nintendo Switch 2
Nintendo Switch 2 pre-orders will start on April 2 according to Best Buy Canada
Person printing
Microsoft’s latest Windows 11 update exorcises possessed printers that spewed out pages of random characters
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long