Researchers in the US have warned that using laptop devices in a public place could allow hackers to easily steal passwords. The study found that crafty cybercriminals were able to discern someone’s password from the sound of them typing on the keyboard.
After picking up the sound waves produced by a user typing on the keyboard via a smartphone, the hackers can analyse the sound to figure out which keys have been used and in what order they were struck with a high degree of accuracy.
Dr Eric C Larson, an author of the study conducted by Southern Methodist University, said: “We were able to pick up what people are typing at a 41 per cent word accuracy rate. And we can extend that out – above 41 per cent – if we look at, say, the top 10 words of what we think it might be.”
- ‘Hacker-for-hire’ Sentenced for Cybercrime Offences
- European Central Bank Hacked
- WhatsApp Security Flaws Could Allow Hackers to Manipulate User Messages
To put their theory to the test the researchers arranged several people in a conference room and had them talk to each other while taking notes on a laptop.
Smartphones were placed on the same table as the laptops to gather the sound waves produced by their typing. The test revealed that the smartphones were able to identify the sound of the typing even though participants were allowed to write whatever they wanted.
Professor Mitch Thornton, the lead author of the study, explained: “There are many kinds of sensors in smartphones that cause the phone to know its orientation and to detect when it is sitting still on a table or being carried in someone’s pocket.
“Some sensors require the user to give permission to turn them on, but many of them are always turned on. We used sensors that are always turned on, so all we had to do was develop a new app that processed the sensor output to predict the key that was pressed by a typist.”
Although this does raise concerns about typing in public places, researchers pointed out that there were some restrictions to the method that would make it hard for a hacker to steal a password using this method.
Larson explained: “An attacker would need to know the material type of the table. An attacker would also need a way of knowing there are multiple phones on the table and how to sample from them.”
The researchers are now calling on smartphone manufacturers to address the issue and to improve privacy on their devices. Larson said: “Based on what we found, I think smartphone makers are going to have to go back to the drawing board and make sure they are enhancing the privacy with which people have access to these sensors in a smartphone.”