Hackers can steal passwords by listening to how you type
Hackers are always on the lookout to mine personal information of people and use it as a means to defraud them. They've used phishing and brute force attacks for years, and now, their modus operandi is becoming even more stealthy. Case in point: a new trick that allows hackers to steal your passwords just by listening to how you type. Here's all about it.
Typing on the virtual keyboard of a smartphone generates soundwaves, minute vibrations specific to each individual keystroke. These sounds are difficult to hear, but researchers from Cambridge University and Sweden's Linköping University have shown that they can be decoded with a sophisticated app and algorithm and used to predict what exactly you are typing, even passwords.
To explain their theory, first reported by the Wall Street Journal, the researchers asked 45 different people to use smartphones infected with a malware disguised as an app. The group stood at locations with different background noise levels and entered text on their phone. As that happened, the malicious app on their devices recorded minute wave distortions occurring from every single keystroke.
Once the sound waves were recorded, the team's machine learning algorithm was able to decrypt the sound waves. The system used the waves to determine where they were generated (the location on keyboard), thereby decoding the exact letters - and words - the subjects were typing. This, the researchers said, can easily be used for mining confidential pin codes, passwords, etc.
If your passwords are compromised, hackers can easily log into your net banking account and transfer money into theirs. Not to mention, they could even use your details to shop from online marketplaces, copy your online identity or even spy on your personal conversation.
That said, hackers just have to install a malicious app on your phone to hack its microphone and record typing-related wave distortions. Yes, there is a way to deny microphone permissions, but most users allow permissions without even looking if it's required by a particular app. According to the researchers, however, a manual switch to turn off smartphone mic could avoid such attacks.