Researchers have designed a new attack, which makes it possible to use fingertips to trace which characters are entered on a virtual keyboard. That’s what Venturebeat reports. The attack is carried out with artificial intelligence (AI).
“We discovered that the microphone of a device can restore this wave and ‘hear’ the touch of the finger. The deformations in the wave are characteristic of the location of the tap on the screen,” says the researchers. “By recording audio via the built-in microphone, a rogue app can recognize text when the user enters it on the device.
These attacks are not new. There have been previous studies investigating the use of microphones to identify physical tests based on their unique characteristics. But soft keyboards make more difficult targets, because every tap takes place on the same surface.
Testing
The research team used an app that picks up the sound of the ticks and correlates them with keystrokes. It does this with a machine learning algorithm that is trained offline and tuned to a specific model of smartphone or tablet. Eventually, about 70 percent of self-recorded taps were given to a machine learning classifier. The remaining 30 percent was used to test the app.
To validate the approach, the researchers developed an Android app that requires users to enter words, letters and numbers into fields, while audio is recorded via microphones on the device. 45 testers used it in environments with a lot of ambient noise, including a library and a common room.
Ten participants were asked to touch ten times a number between 1 and 9 in random order. Ten others were asked to type 200 unique four-digit PINs. A third group was instructed to type random letters. A fourth and last group had to type words with five letters from an open source data set.
Results
The researchers now state that the model with two microphones correctly predicted some digits that were entered three times more often than a random guess in the worst case. In the best case scenario, it was able to guess 100 percent of the figures better. It also managed to guess 54 percent of the PINs after ten attempts, and 91 of the 150 four-digit PINs with less than twenty attempts.
When it came to letters and words, the model was three times better at guessing what it was all about than at random gambling. That’s when the sound was recorded with a single microphone.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.
11 hours ago
