Hackers Could Soon Steal Your Passwords And Secure Data Just By The Sounds Of What You’re Typing

typing on keyboard

iStockphoto / DragonImages

Cybersecurity is one of the most important measures in our daily lives but we spend almost little to no time talking about it. The average internet user rarely changes his/her password nor do they use robust passwords. People are lazy, and hackers know this.

Despite already having a remarkably easy time stealing sensitive data, things could get a lot easier for hackers in the coming days, according to the Wall Street Journal. There’s a growing body of research which shows how easy it is for hackers to pick up passwords, pins, and more just from the acoustic patterns of typing.

Think about how many tens of millions of passengers ride on public transportation every morning from New York to Chicago to Atlanta to San Francisco. All of them typing on their phones the entire time and going about their business. This could be a literal free-for-all for hackers:

A growing body of academic research suggests that acoustic signals, or sound waves, produced when we type on our phones could be used by hackers to glean text messages, passwords, PINs and other private information. Such attacks could occur, experts say, if smartphone users were to download an app infected with malware that gains access to such smartphone sensors as microphones, accelerometers and gyroscopes.

One recent study, one of the latest demonstrations of hacking that exploits acoustics, found that the microphones in Android devices can be used to pick up the vibrations that are produced when you use the virtual keyboard on your phone or tablet. The sound waves that are recorded can then be interpreted to discern where on the screen you tapped and which keys you struck. (via WSJ)

If this all sounds futuristic and farfetched, it’s really not. They ran a test with 45 participants (hackers) and the results are pretty staggering:

Based on results using 45 participants, the study’s researchers, from the University of Cambridge in England and Sweden’s Linköping University, were able to recover numerical codes, letters and whole words with some accuracy. For example, in 10 attempts, the researchers, using a machine-learning algorithm that classified each vibration, cracked seven out of 27 passwords on a smartphone and 19 out of 27 passwords on a tablet. (via WSJ)

When it comes to your smartphone, there’s a pretty easy fix here. Turn off the ‘clicking’ sound on your keyboard so that it doesn’t make any noise when you type. I personally feel like everyone should do this anyways because the keyboard click is akin to listening to music without headphones, it’s just blasting sound at strangers for no apparent reason.

As for ATMs and typing on a computer keyboard, this is a lot more complicated. Hackers could easily crawl these sounds at a place like Starbucks where people spend the day working on free Wi-Fi.

This isn’t the first alarming report on how hackers can use acoustics against unsuspecting individuals. There was a report back in 2012 about how hackers can use an iPhone’s accelerometer vibrations:

A number of previous studies have examined other ways that acoustic hacking of smartphones can take place. In one early paper in the field, from 2012, researchers at the University of Pennsylvania looked at how a smartphone’s accelerometer—which is used, for instance, to measure steps—can be repurposed by hackers to collect screen vibrations that can then be used to infer PINs and passwords. This paper hasn’t been published but was presented at an apps security conference in Orlando, Fla., in 2012. (via WSJ)

The report in the Wall Street Journal goes on to talk about how there are ‘telltale taps’ on the iPhone that can easily alert hackers to what’s happening:

Wall Street Journal

University of Pennsylvania researchers used machine learning in an Android test and found that their technology was successful in learning a PIN 43% of the time and a pattern 73% of the time after only five attempts.

Change your PINs regularly.

Change your passwords.

Turn off the clicker.

Read this Wall Street Journal article.