DALLAS — As if you needed another cybersecurity issue to worry about, a team of researchers at Southern Methodist University have discovered that it is quite possible for hackers to use your smartphone’s sensor to intercept the sound of your keyboard typing. After picking up these sound waves, a skilled hacker could potentially analyze and decipher which keys were struck and piece together the words being typed.
Even in a loud and crowded room filled with people talking amongst each other and typing, researchers say they were able to capture and decode the majority of what was being typed.
“We were able to pick up what people are typing at a 41 percent word accuracy rate. And we can extend that out – above 41 percent – if we look at, say, the top 10 words of what we think it might be,” explains lead author Eric. C. Larson in a release.
All in all, hackers would only have to gain access to a smartphone’s sensor for mere seconds in order to possibly steal valuable information, according to researchers.
“Based on what we found, I think smartphone makers are going to have to go back to the drawing board and make sure they are enhancing the privacy with which people have access to these sensors in a smartphone,” Larson comments.
For the study, the authors wanted to recreate a real world office scenario as best they could. In order to accomplish this, they placed numerous people inside a conference room, and asked them to begin collaborating and taking notes on their laptops about a fictional upcoming project. Meanwhile, there were eight smartphones placed on the conference room table, all of which were anywhere from three inches to several feet away from the nearest keyboard.
Participants weren’t given any specific instructions or a script on how to interact with each other. Additionally, they were free to type down notes in whichever way they saw fit.
Researchers say one of the main factors that motivated them to perform this study is the fact that smartphones are pretty much always “on” all day and night. In this sense, these devices represent a constant open window for malicious hackers to peak through.
All modern smartphones contain various sensors intended to help the device “know” what is happening around it. For example, some sensors help smartphones determine if they are placed on a table or moving around in someone’s pocket. Certain sensors are only turned on during certain activities or when given permission, but others are always on.
“We used sensors that are always turned on, so all we had to do was develop a new app that processed the sensor output to predict the key that was pressed by a typist,” Larson says.
However, any would-be hacker looking to snoop on someone else’s keyboard typing would have to know the type of table the compromised smartphone is sitting on. For instance, the keyboard sounds made on a wooden table differ from those produced on a metal table.
All that being said, the authors believe they have discovered a very real, and plausible new way hackers may be stealing information. Even more unsettling, Larson and his team say that there really is no way to definitively know if you’re being hacked this way.
The study is published in the scientific journal Interactive, Mobile, Wearable and Ubiquitous Technologies.