Skilled hackers can use a smartphone to listen to what keys you are typing on your keyboard so they can gain access to personal information, a new study has warned.
Researchers from SMU’s Darwin Deason Institute for Cybersecurity found that acoustic signals, or sound waves, produced when typing on a computer keyboard can successfully be picked up by a smartphone.
The sounds intercepted by the phone can then be processed, allowing a skilled hacker to decipher which keys were struck and what they were typing.
SMU researchers noted that being hacked this way would be “very scary”, because victims would have no way of knowing they had been compromised.
Under a set of controlled conditions, researchers could decode much of what was being typed using common keyboards and smartphones – even in a noisy conference room filled with the sounds of other people typing and having conversations.
“We were able to pick up what people are typing at a 41 percent word accuracy rate,” said Eric C. Larson, one of the report’s authors.
“We were looking at security holes that might exist when you have these ‘always-on’ sensing devices. We wanted to understand if what you’re typing on your laptop, or any keyboard for that matter, could be sensed by just those mobile phones that are sitting on the same table.”
While a smartphone listening to and deciphering your keyboard might seem like a plot device from a Hollywood spy thriller, an Australian cybercrime expert told nine.com.au this method of hacking is in fact feasible.
“On the face of it, it does seem farfetched – however it could be the case that when this attack is used in tandem with other information gathering techniques, this may become a concerning development,” Julian Plummer, co-founder of tech company Midwinter, said.
“According to haveibeenpwned.com, there have been 397 major password breaches from websites, with over 8,418,474,549 accounts impacted. That means there are over 8 billion user names and passwords available in the public domain, which are easily accessed by hackers.
“So, if hackers know the identity of their victim, the hacker can look up their username and password from the list of 8 billion accounts. If this information is used in-tandem with the technique from the SMU, the combined attack could be lethal. It would be a trivial task for the attacker to then drill down to potential passwords for the victim.”
Plummer said this kind of hacking attack underlined the importance of password managers. A password manager creates, remembers and fills in your passwords as you navigate the internet.
Smartphones use many kinds of sensors to know its orientation and detect when it is sitting still on a table or being carried in someone’s pocket.
Some sensors require the user to give permission to turn them on, but many of them are always activated.
The SMU study was published in the June edition of the journal Interactive, Mobile, Wearable and Ubiquitous Technologies.
© Nine Digital Pty Ltd 2019