Hackers can figure out passwords just from the sound of typing

'I think smartphone makers are going to have to go back to the drawing board,' a security researcher warns

Anthony Cuthbertson
Monday 19 August 2019 19:44 BST
Comments
Smartphone microphones are advanced enough to pick up the sound signals of different keys on a keyboard
Smartphone microphones are advanced enough to pick up the sound signals of different keys on a keyboard (Getty Images/iStockphoto)

Your support helps us to tell the story

This election is still a dead heat, according to most polls. In a fight with such wafer-thin margins, we need reporters on the ground talking to the people Trump and Harris are courting. Your support allows us to keep sending journalists to the story.

The Independent is trusted by 27 million Americans from across the entire political spectrum every month. Unlike many other quality news outlets, we choose not to lock you out of our reporting and analysis with paywalls. But quality journalism must still be paid for.

Help us keep bring these critical stories to light. Your support makes all the difference.

Hackers can figure out a person’s password by simply listening to them type on a keyboard, cyber security according to a new study.

Using the microphone found on a smartphone, the new method is so effective that it can be carried out in a noisy public space where multiple people are typing, researchers at Southern Methodist University in Texas found.

They discovered the technique by analysing the different sound waves produced when a key on a keyboard is struck.

After processing the acoustic signals, they were able to decode which keys were struck and in which order. This method could be used not only to crack a person’s password, but also decipher someone’s private emails or messages.

“Based on what we found, I think smartphone makers are going to have to go back to the drawing board and make sure they are enhancing the privacy with which people have access to these sensors in a smartphone,” said Eric Larson, an assistant professor at SMU who helped lead the study.

Smartphone apps often require users to accept permission for the app to access the device’s microphone as part of their terms of service.

This is usually to facilitate certain functions of the app, however it is conceivable that hackers could either create malicious apps for the purpose of spying, or hack existing apps in order to secretly hijack a phone’s microphone.

“We were looking at security holes that might exist when you have these ‘always-on’ sensing devices – that being your smartphone,” Dr Larson said. "We wanted to understand if what you’re typing on your laptop, or any keyboard for that matter, could be sensed by just those mobile phones that are sitting on the same table. The answer was a definite, ‘yes’.”

Support free-thinking journalism and attend Independent events

The researchers warned that the victim would have no idea that they are being hacked, however there are certain caveats to the method.

The attacker would need to know the material type of the table that the victim is typing on, as metal and wood surfaces produce different sound wave patterns.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in