How big a threat are acoustic attacks?
These attacks are not widespread. The method prescribed needs the hacker to be within a few inches of you, or be connected by video conferencing as you type your password. However, the researchers could record a user’s keystrokes on a laptop—in this case, a commonly Apple MacBook—to guess what has been typed with up to 95% accuracy. Deep learning algorithms, a subset of artificial intelligence, makes this possible by learning input data with high efficacy. Security experts say that with AI algorithms becoming more accessible, such attacks hold the potential of becoming a significant threat.
Which tech can enable such attacks?
At the core of such attacks is the ability of deep learning algorithms to “learn” acoustic patterns from recordings, and then guess what is being typed from other recordings. This is unlike the threat posed by large language models and generative AI. This threat is akin to “keylogger” attacks—in which cyber criminals install malware on users’ devices, and use such malware to “log” what users are typing. However, generative AI, according to experts, could benefit from such deep learning algorithms by virtue of the larger data sets—and make the subsequent deep learning algorithms even more accurate.
What can we do to prevent such security breaches?
The authors of the paper said mixing up letter cases in a word, or using a mix of multiple incomplete words along with numbers and symbols, could make it hard for algorithms to predict passwords. Password rules, which ask to mix a set of characters, could help. Other safeguards include touchscreen typing in mute mode, or playing a sound while typing.
Aren’t there bigger threats from AI?
Generative AI poses a significantly greater threat. Attackers use LLMs and generative AI to create more convincing spear phishing campaigns. The greatest threat here lies in attackers using publicly available data on users to run highly personalized cyberattacks, which could cause a greater loss of personal data. Spear phishing includes impersonating a person or company to either install malware or steal information. With generative AI, this presents an even bigger threat than what it is today.
Are passwordless logins a solution?
One way to circumvent such a threat is passwordless logins. In May last year, Apple, Google and Microsoft announced that they will collaborate with the global FIDO Alliance for using passwordless logins in mainstream applications. These include the use of third-party authenticator apps, or on-device biometric authentication such as face and fingerprint scans. Microsoft offers passwordless logins to enterprise users, while Apple uses biometric authentication for almost all logins.
 "India reiterates opposition to China’s Belt and Road Initiative at SCO meet | External Affairs Defence Security News")
 "Trade deficit eases to $20.8 bn in Sept amid geopolitical challenges | Economy & Policy News")
 "HK-based Executive Centre to invest Rs 125 cr to grow India business | Company News")
