Skip to main content

Study suggests that AI can detect your password from the sound of keys being pressed

Study suggests that AI can detect your password from the sound of keys being pressed

  • Date10 August 2023

Artificial Intelligence can work out a password by listening to individual keystrokes on a person’s keyboard, according to new research co-authored by Dr Maryam Mehrnezhad from the Department of Information Security at Royal Holloway, University of London.

typingjpg.png

The study, entitled ‘A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards’ was led by Joshua Harrison, from the University of Durham, and co-authored with Dr Maryam Mehrnezhad from Royal Holloway and Dr Ehsan Toreini from the University of Surrey.

Practically, the researchers pressed each of the 36 keys on a MacBook Pro 25 times in a row, including all letters and number, and using varying pressure and different fingers for typing. The sounds were recorded simultaneously over a Zoom call and on a smartphone that was placed a short distance from the keyboard.

The team then fed part of the data into a machine learning system which, over time, learned to recognise features of the acoustic signals associated with each key. The system was then tested on the rest of the data.

The study found that the machine learning system was able to accurately assign the correct key to a sound 95% of the time when the recording was made over a phone call, with successful recognition occurring 93% of the time when the recording was produced via a Zoom call.

The researchers believe that there are lots of areas for further research on this topic; including research into the use of smart speakers like Google Nest and Amazon’s Alexa.

Co-author Dr Maryam Mehrnezhad, said the following: "Side channel attacks have been around for many years. These types of attacks happen when the attacker uses extra (side channel) information, such as sound, processing time or motion sensors, to obtain a secret piece of information such as a PIN or password.

“In my previous work published in the International Journal of Information Security, we showed how we can use motion sensors on mobile phones to identify user PINs and touch actions (BBC, Guardian). 

“In this new work published by the IEEE European Symposium on Security and Privacy workshop, we show how feasible and accurate acoustic side attacks can be without physical access to the victim's laptop and via recording the keystroke sounds from a distance or even during a Zoom call. We train a machine/deep learning algorithm with keystroke sounds and predict what key has been pressed on the laptop."

Related topics

Explore Royal Holloway

Get help paying for your studies at Royal Holloway through a range of scholarships and bursaries.

There are lots of exciting ways to get involved at Royal Holloway. Discover new interests and enjoy existing ones.

Heading to university is exciting. Finding the right place to live will get you off to a good start.

Whether you need support with your health or practical advice on budgeting or finding part-time work, we can help.

Discover more about our academic departments and schools.

Find out why Royal Holloway is in the top 25% of UK universities for research rated ‘world-leading’ or ‘internationally excellent’.

Royal Holloway is a research intensive university and our academics collaborate across disciplines to achieve excellence.

Discover world-class research at Royal Holloway.

Discover more about who we are today, and our vision for the future.

Royal Holloway began as two pioneering colleges for the education of women in the 19th century, and their spirit lives on today.

We’ve played a role in thousands of careers, some of them particularly remarkable.

Find about our decision-making processes and the people who lead and manage Royal Holloway today.