Experimental AI can steal PINs and passwords by listening to finger taps
Keyloggers aren’t the only way malicious hackers can get at your phone or tablet’s passcode.
In a preprint paper “A new acoustic side channel on smartphones“ published on Arxiv.org this week, researchers describe a novel attack that recovers characters typed on a virtual keyboard from sounds generated by finger taps.
“We found the device’s microphone(s) can recover this wave and ‘hear’ the finger’s touch,
and the wave’s distortions are characteristic of the tap’s location on the screen,”
the paper’s coauthors wrote. “Hence, by recording audio through the built-in microphone(s),
a malicious app can infer text as the user enters it on their device.”
They list a number of ways the attack might be mitigated — for instance, with physical switches
that allow users to switch off the microphones, mics that have lower sampling frequencies,
and additional glass layers on top of screens that could absorb most finger tap noise —
but concede that the most obvious solutions have design and usability drawbacks.
They instead posit (1) a mechanism that reports which sensors are active, and
(2) “a secure attention sequence” for passwords or other sensitive text entry that blocks all sensors temporarily.
Would you like to receive regular risk alerts according to your criteria that will help you to take
actions that resolve issues?
For more info or to book a demo session, contact us at firstname.lastname@example.org
Webinar: Is your whistleblower hotline effectively preventing risk?
Thursday, April 4 // 60 minutes // 10 AM PT, 1 PM ET
Say Hello and get connected - see introductions of our members here
Our Community grows primarily through referrals from our happy members.
If you enjoy our community, please invite your friends and colleagues to join
via this invitation link or by using the Invite tab on the website.
By the way, if you've got a frog for a picture, hurry up and replace it!