Password-based Systems Might be Hacked through Keyboard Sounds
Author: Adam Bostwick, Business Development
Listen up! In yet another study showing the flaws in password-based computer security systems, the Southern Methodist University in Texas is reporting that it's possible to guess a person's password simply by listening to the sounds made by keyboard keys as they are pressed.
It seems each key makes a different sound - perhaps too subtle for most human ears to discern, but not too subtle for smartphones and other devices capable of "listening." The study showed that phones pick up on the acoustic signals and the differences made by various keys.
In their study, the researchers set up eight phones and placed them near the computer keyboard - from just inches away to several feet away. The study showed that the accuracy of determining what was being typed through the filter of the phone was as high as 41 percent.
While the accuracy number is not staggeringly high, the concern is that with many people still using very generic passwords hacking systems designed to decipher computer keyboard clicks the accuracy rate of grabbing overly simple passwords could be higher.
So what can we do? The remedies include using two-factor authentication, preferably with one of them having no potential audio element (such as a dongle or smartcard) or having one of the passwords auto-filled from a secure browser plug-in so there are no keyboard clicks.
With most of us filling our homes with devices that can "listen" to us - think Amazon Alexa, Apple's Siri, Google Assistant and more - protecting against potential hacks of whatever we are typing (not just passwords) will be near impossible. We've asked this question before - has convenience made us reckless with our security? For most of us, the answer is probably yes. But there are some simple steps, including two-factor authentication, that can certainly help keep our data more secure.