Skip to main content

Online passwords can be hacked by listening to keystrokes

(Image credit: Image source: Shutterstock/scyther5)

Cybersecurity experts from Southern Methodist University in Texas are claiming hackers can work out your password by listening to the sound of your keystrokes.

Yes, if they can pick up the sound of you typing in your password, they can guess what it is - with a 41 per cent accuracy. If they go for the most common words first, the percentage goes up even higher.

Turning on the computer’s microphone to listen for any passwords basically defeats its purpose, because if you can get such a virus installed on a machine, you might as well just install a keylogger.

But what if you can’t install anything on a target machine? Could you, for example, install an eavesdropping malware on the target’s smartphone, and have the phone listen to the keystrokes?

The researchers argue you could, and with surprising accuracy. One of the reasons this works is because of the various sensors the smartphones have, especially those that track if the device is on a desk or in a pocket. They tested how successful the practice could be, in a conference room full of people talking and typing, and with smartphone that were on the same table as the target laptop, but at varying distances.

Professor Eric Larson, the report’s co-author said: "Based on what we found, I think smartphone makers are going to have to go back to the drawing board and make sure they are enhancing the privacy with which people have access to these sensors in a smartphone."