A noisy, clicky-clacky keyboard is the joy of (at least some) mechanical keyboard fans. But you might want to rethink that position, if the murderous glares of your family and coworkers aren’t enough to convince you already. A team of security researchers in the UK has created a system that can listen to your keystrokes and record exactly what you’re typing — even over a web conferencing app like Zoom.

To be clear, this isn’t an active threat “in the wild,” more of a proof of concept so that security managers can be aware of a potential danger. Researchers from Durham University, University of Surrey, and Royal Holloway University of London (PDF link) developed a two-step process: recording a selection of keystrokes from a specific keyboard via a compromised vector, like a smartphone loaded with targeted malware, then using those recordings to “train” an algorithm to determine the audible differences in the sound each individual key on the keyboard makes.

Put that data through an analysis program and you can “hear” what’s being typed with up to 95 percent accuracy. That’s via the local smartphone method — recordings made through Zoom and Skype were “just” 93 percent and 91.7 percent accurate, respectively.

For the tests the team used a MacBook Pro and an iPhone as the initial recording point, though the system was limited to just 36 keys, the primary letter and number keys. According to Bleeping Computer, the training system needed to “hear” each key pressed 25 times in a row in order to create a reliable training system, and it also needed the input of the keys in the form of the text being typed. After that, it was able to transcribe what was being typed based on audio alone. That means a system to replicate these results in the real world would probably need a lot more input in order to develop a reliable model; You don’t use the Z or X keys as often as E and A, for example.

the best password manager

Dashlane

Read our reviewPrice When Reviewed:Free I Advanced: $2.75/mo I Premium: $4.99/mo I Friends & Family: $7.49/moBest Prices Today:$4.99 at Dashlane

Key noise reduction doesn’t seem like a valid mitigation option, since laptop keys are about as quiet as it gets already. The researchers encourage those who want to protect themselves against this kind of attack use randomized passwords — a 20-character password with lots of uppercase letters and special characters would be sufficiently complex to prevent an automatic detection with a 95 percent accurate system. One of the best password manager programs might be helpful if you’re looking to keep your info safe.

Author: Michael Crider, Staff Writer

Michael is a former graphic designer who’s been building and tweaking desktop computers for longer than he cares to admit. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

Recent stories by Michael Crider:

Update now! Chome plugs its fifth emergency zero-day exploit of 2024Ring of bogus web shops steals 850K credit card numbersIf you get a phone call from LastPass, it’s a scam