Skip to main content

Online passwords can be hacked by listening to keystrokes

(Image credit: Image source: Shutterstock/scyther5)

Cybersecurity experts from Southern Methodist University in Texas are claiming hackers can work out your password (opens in new tab)by listening to the sound of your keystrokes.

Yes, if they can pick up the sound of you typing in your password (opens in new tab), they can guess what it is - with a 41 per cent accuracy. If they go for the most common words first, the percentage goes up even higher.

Turning on the computer’s microphone to listen for any passwords (opens in new tab) basically defeats its purpose, because if you can get such a virus installed on a machine, you might as well just install a keylogger.

But what if you can’t install anything on a target machine? Could you, for example, install an eavesdropping malware on the target’s smartphone, and have the phone listen to the keystrokes?

The researchers argue you could, and with surprising accuracy. One of the reasons this works is because of the various sensors the smartphones have, especially those that track if the device is on a desk or in a pocket. They tested how successful the practice could be, in a conference room full of people talking and typing, and with smartphone that were on the same table as the target laptop, but at varying distances.

Professor Eric Larson, the report’s co-author said: "Based on what we found, I think smartphone makers are going to have to go back to the drawing board and make sure they are enhancing the privacy with which people have access to these sensors in a smartphone."

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.