Preventing Acoustic Keylogging Attacks
19 September 2023

Preventing Acoustic Keylogging Attacks

19 September 2023

A trending story a few weeks ago revealed that researchers from several British universities have trained a deep-learning model capable of stealing data from keyboard keystrokes with just a microphone. 

The report, first covered by BleepingComputer, revealed that this particular acoustic keylogging deep learning model has an accuracy of 95% when using a microphone placed next to a keyboard. Perhaps most alarmingly, the model has a 93% accuracy when recording keystrokes over the popular meeting software Zoom.

Acoustic keylogging is another example of the dangers posed by passwords and knowledge-based authentication protocols. Due to the nature of keylogging, it only takes one employee or customer to manually enter a password on a monitored device to have their security compromised. 

This article will explore the threat of acoustic keylogging in more detail and highlight why moving towards a passwordless, biometric MFA solution like Keyless makes all the difference in preventing your organization's sensitive data from falling into the wrong hands. 

What is acoustic keylogging?

Acoustic keylogging is a type of side-channel attack that exploits the implementation of a routine physical security measure, rather than identifiable vulnerabilities within a protected system. 

Unlike traditional keylogging attack methods (which rely on criminals installing hardware or software to steal user credentials), a successful keylogging attack doesn't require the criminal to have access to the device. They only need the sound of a user entering their credentials and access to an AI algorithm capable of decoding the keystroke data. This can make it very difficult for security teams to detect and defend against, as this audio information may already be accessible online. 

For example, a published webinar may feature one of the presenters entering their user details as part of a demo. Alternatively, keyloggers can record a user entering their details as part of a social engineering scam taking place on a video or telephone call. Once the keystroke audio is captured, it's only a matter of time before criminals can exploit the information. Therefore, the best method for neutralizing the threat of acoustic keylogging is to eliminate password-based authentication altogether. 

How companies can prevent acoustic keylogging attacks

Switching to biometric authentication processes eradicates acoustic keylogging attack risk instantly, as criminals would only be able to access the sound of a user taking a selfie or tapping their fingerprint on a device to attempt to gain access to a secured system. 

Moreover, a solution like Keyless provides additional layers of security within its biometric authentication protocols. For instance, it leverages the user's device as a second authentication factor, rendering attacks from external acoustic keylogging technologies useless. 

Combining biometrics and device-based authentication also delivers additional benefits from a user experience perspective. Customers/employees no longer have to remember passwords or re-register their biometrics template whenever they get a new device. 

With its Zero-Knowledge Biometrics ™ technology, Keyless enables users to enroll their biometric data in seconds before encrypting it on the user's device, sending it to a secured cloud server, and deleting the information entirely from the user's device. Once this process is complete, users can switch devices, upgrade their equipment, and recover their account access seamlessly without raising support tickets with IT helpdesk teams. 

Finally, Keyless allows organizations to step up their security measures for specific scenarios, such as actioning high-value transactions. Once a user has entered their credentials, the solution can prompt the user to input their biometrics data again to ensure that their users and sensitive data stay protected. 

Nullify all forms of keylogging with Keyless

The threat of acoustic keyloggers is real and evolving, so safeguarding your sensitive company information by eradicating knowledge-based authentication factors is imperative. 

Keyless is an award-winning, passwordless, and phishing-resistant multi-factor authentication solution that uses biometrics to dramatically reduce account takeover fraud and improve the user experience for both customers and the workforce. 

By implementing Keyless, your organization can say goodbye to passwords and hello to improved security. 

Thanks to Keyless' robust and privacy-focused solution, malicious actors using deep-learning, augmented acoustic keyloggers are no longer a concern, as, with Keyless, the user becomes the key. 

By staying vigilant and proactive, you can effectively mitigate keylogger risks and ensure the security of your digital assets.

Interested in finding out more? To see how Keyless compares to password-based authentication solutions, why not request a demo today.

Get In Touch

Find out how our private-by-design MFA can help your organization prevent ATOs, improve UX, and protect your bottom line.