There are a lot of ways that hackers can gain your private data such as infected files, hacking into your router, sending phishing emails, and so on. Not a lot would think that they would be able to obtain your data through the sound of your typing, but it appears that it's possible now too.
Hackers Listening In
A couple of British researchers conducted a study that shows how a hacker can record an audio of a person typing in order to steal their data. The fact is, this is not an entirely new modus operandi. It is just made simpler with the help of artificial intelligence.
Through a deep-learning-based algorithm, the sound of keystroke noises can automatically decode what is being typed. The research shows that hackers can decode data through this method 95% of the time, as mentioned in Gizmodo.
The hackers will be able to hear the sound through your smartphone's microphone, or even through virtual calls on the conferencing app, Zoom. Then, the sounds can be analyzed and generated into coherent and readable text.
Also called an "acoustic side-channel attack," the hackers will decode the sounds easier with the help of AI. The researchers believe that it would be easy to conduct these cyberattacks, especially if the threat actors do it in the right conditions.
If the hackers decide to make an effort, they can even record you when you're in a public place. Reports say that there are devices such as high-quality parabolics and other listening devices that can let them listen through the walls of your home.
Sadly, there's not much you can do to avoid these circumstances apart from a few preventive measures. Although it's not likely that a threat actor will target you, the slim chance is still enough for you to try and avoid them.
What Can You Do?
For one, you can avoid logging in with your credentials when there are apps that are actively using the mic such as conferencing apps, or even messaging platforms that have virtual call features as they have permission to access your mic.
The researchers also suggested that users can type randomly generated keystrokes to throw off the recording when they're on a voice call. It could effectively mess with the data that threat actors are trying to obtain from the sound of typing.
You could also switch to biometric login mechanisms since not only will it eliminate the need to type that can be recorded, but it also makes it harder for hackers to get into your accounts since they will need whatever biometric you're using.
If you're really committed to keeping worded passwords, you could even go as far as buying keyboards that don't make much sound. For instance, you can switch to keyboards with rubber dome or scissor switches to have a quieter keyboard.
Randomize your passwords to make it harder for AI to decipher what you're typing. Mix in a few symbols and capitalize a few letters. Typing in full words will make it easier for the threat actor to steal your credentials.