Researchers Discover AI Attack That Can Steal Passwords
Researchers from Cornell University have discovered a new AI-driven attack that has the ability to steal passwords with an alarming accuracy rate of up to 95%. The attack works by listening to the sound of keystrokes on a keyboard, allowing the AI to decipher which keys were pressed based on the unique audio patterns they produce.
To train the AI model, the researchers used audio recordings of people typing and taught the AI to recognize the distinct sounds made by each key. In their experiments, the team tested the AI’s accuracy by using a nearby phone’s integrated microphone to listen for keystrokes on a MacBook Pro. The AI was able to identify the pressed keys with an accuracy rate of 95%.
Taking the experiment further, the researchers also tested the AI’s ability to crack passwords by listening to a Zoom call. In this scenario, the AI was able to reproduce the keystrokes with an accuracy rate of 93%. Over Skype, the model achieved an accuracy rate of 91.7%.
Interestingly, the volume of typing has very little impact on the success of the attack. The AI model focuses on identifying the waveform, intensity, and timing of each keystroke. For instance, the AI can detect subtle differences in typing styles, such as a slight delay in pressing a specific key compared to others.
The researchers utilized an AI image classifier called CoAtNet for the attack. The model was trained on 36 different keystrokes on a MacBook Pro, with each key being pressed 25 times.
One of the most concerning aspects of this attack is that it can be carried out using off-the-shelf equipment. A malicious actor could simply place a smartphone with a microphone near a target’s keyboard and utilize the AI model to steal passwords and other sensitive information.
To protect oneself from this type of attack, experts recommend avoiding typing passwords altogether. Instead, features like Windows Hello and Touch ID can be used to authenticate users. Additionally, employing a password manager to generate and store strong passwords can be an effective measure, as it eliminates the need to remember multiple passwords.
In conclusion, this AI-driven attack poses a significant threat to individuals’ privacy and security. By listening to the unique audio patterns of keystrokes, the AI can accurately decipher passwords with up to 95% accuracy. It is crucial for users to be aware of this attack and take necessary precautions to protect their sensitive information.
