Keyboard clicks giving away passwords?

Next story

A university in California has conducted a study looking into translating the sound of keystrokes into text.


We’ve covered a few novel ways in which hackers can steal information or access accounts: hiding details in images, using AI or dodgy word documents and simply reusing passwords from other breaches.

A new study have shown that the click-clacking of your keyboard when typing can be decoded and made sense of: the sounds of the keyboard keys can be listened to and hackers can now work out which tap is which key.

There is a difference between a given keyboard, as Microsoft and Mac keyboards will sound different, but even keys on the same keyboard will vary in sound.

The University of California, Irvine (UCI) conducted a study, entitled Don’t Skype & Type, and found that any typing done during a video call, such as Skype, could be recorded and translated into text.

From this, hackers could learn confidential information such as passwords, security questions and other important personal information.

It seems like an extreme way of stealing info, but as all data has value it could be a sneaky way for hackers to gain information. Mark James, ESET IT Security Specialist, explores this avenue of cyberattack.

Have you seen any similar attacks in the past?

“We have seen similar types of attacks both physical and digital in the past, its why security key codes are tone neutral.

“It’s why we should consider how clean or dirty our keyboards are, but we need to put this into perspective; it will only work on certain keyboards, the headset used may also very much affect the success rate of this type of attack.

“It is possible this could enable someone to steal your credentials but I think there’s a lot of other things you should have on your list of security worries before this particular one.

Are we likely to see this exploited in the wild soon?

“I don’t personally think this attack method will gain much headway, it is an attack without doubt and one you should consider along with all the other methods used to attain your details without permission.”

What’s the oddest hack or way of acquiring information you’ve heard of? Let us know on Twitter @ESETUK

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.