Posted on August 19, 2019 at 5:46 PM
According to a study recently published in scientifical publication Interactive, Mobile, Wearable and Ubiquitous Technologies, cybercriminals are now armed with the ability to know what a specific person is typing on its keyboard by eavesdropping its keyboard strokes.
That way, hackers are now able to determine critical online passwords just by the sound of the person’s keystrokes, according to the study. To do that, the cybercriminals use a mobile phone and their expertise.
A Smartphone is Everything They Need
By conducting a series of tests, the researchers discovered they could detect what a particular user was typing in its keyboard with phenomenal accuracy, just by using a regular smartphone.
It has been demonstrated time and time again that public WiFi networks in cafes, libraries, restaurants, and airports are especially vulnerable to hacking attacks, and this piece of news could mean that numerous people are now in danger if they use their laptops in places like these.
The experts in online security at the Southern Methodist University in Texas spotted that the sound waves that the keys produce when we press them are prone to be picked up by smartphones and that, coupled with hackers’ resources and knowledge, could spell trouble.
The phone in question, managed by the hacker, is able to pick up and intercept the acoustic signals. Later, it will process them and let the cybercriminal know and decipher which specific keys were pressed and what was the person writing on its computer or laptop.
By using this method, hackers would be able to access social media accounts, banking platforms, and even institutional databases, among other things that may be very dangerous in the wrong hands.
The investigators at the mentioned institution could decode the majority of what was being written by using regular smartphones and keyboards, even in a room full of noise and other possible interferences. There was no need to implement extremely specialized technology or devices.
According to one of the study’s co-authors, professor Eric Larson, the team was able to detect what people were typing with 41 percent accuracy. He also said that they could extend that percentage of they looked at the top 10 words of what they thought it might be.
Only a Few Seconds
To the contrary of what some people may think, the process is also fast and efficient, as the research team discovered. The smartphone would only need a few seconds to gather the data being typed.
Larson stated that, according to what his team found, tech companies and smartphone makers would need to reevaluate some things at the moment of manufacturing and selling their devices, as they would need to enhance the privacy levels of the sensors related to the phone’s touchscreen or keyboard.
The experiment consisted of gathering lots of people in a conference room to simulate a real-life scenario. The people were talking to each other at normal levels and taking notes on their respective computers and laptops.
On the very same table in which the laptops and computers were located, there was a maximum of eight mobile phones that were put at a distance that ranged from three inches to various feet away from the laptop.
The participants of the experiment were allowed to talk at will, with no script, and researchers let them use shorthand or full sentences at the moment of typing in their laptops, with the chance to correct or leave typos, whichever option they chose.
Don’t Leave Sensors “Always On”
The researchers were looking for security vulnerabilities that could exist if the person had the “always-on” option enabled in the configuration of sensing devices, such as smartphones. As it turns out, there are plenty of possible exploits.
Larson explained that his team wanted to know whether what the person was typing in its laptop or computer was prone to be detected by mobile phones on the same table. He said that the results were reasonably conclusive towards a definite answer.
Smartphones have orientation-detection sensors. If they receive permission for being always on, cyber-attacks and security breaches are bound to happen.