Skip to main content

AI can now steal your passwords with almost 100% accuracy — here’s how

A digital depiction of a laptop being hacked by a hacker.
Digital Trends

Researchers at Cornell University have discovered a new way for AI tools to steal your data — keystrokes. A new research paper details an AI-driven attack that can steal passwords with up to 95% accuracy by listening to what you type on your keyboard.

The researchers accomplished this by training an AI model on the sound of keystrokes and deploying it on a nearby phone. The integrated microphone listened for keystrokes on a MacBook Pro and was able to reproduce them with 95% accuracy — the highest accuracy the researchers have seen without the use of a large language model.

Recommended Videos

The team also tested accuracy during a Zoom call, in which the keystrokes were recorded with the laptop’s microphone during a meeting. In this test, the AI was 93% accurate in reproducing the keystrokes. In Skype, the model was 91.7% accurate.

Before your throw away your loud mechanical keyboard, it’s worth noting that the volume of the keyboard had little to do with the accuracy of the attack. Instead, the AI model was trained on the waveform, intensity, and time of each keystroke to identify them. For instance, you may press one key a fraction of a second later than others due to your typing style, and that’s taken into account with the AI model.

In the wild, this attack would take the form of malware installed on your phone or another nearby device with a microphone. Then, it just needs to gather data from your keystrokes and feed them into an AI model by listening on your microphone. The researchers used CoAtNet, which is an AI image classifier, for the attack, and trained the model on 36 keystrokes on a MacBook Pro pressed 25 times each.

There are some ways around this kind of attack, as reported by Bleeping Computer. The first is to avoid typing your password in at all by leveraging features like Windows Hello and Touch ID. You can also invest in a good password manager, which not only avoids the threat of typing in your password but also allows you to use random passwords for all of your accounts.

What won’t help is a new keyboard. Even the best keyboards can fall victim to the attack due to its method, so quieter keyboards won’t make a difference.

Unfortunately, this is just the latest in a string of new attack vectors enabled by AI tools, including ChatGPT. Just a week ago, the FBI warned about the dangers of ChatGPT and how it’s being used to launch criminal campaigns. Security researchers have also seen new challenges, such as adaptive malware that can quickly change through tools like ChatGPT.

Jacob Roach
Former Lead Reporter, PC Hardware
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
Your politeness toward ChatGPT is increasing OpenAI’s energy costs 
ChatGPT's Advanced Voice Mode on a smartphone.

Everyone’s heard the expression, “Politeness costs nothing,” but with the advent of AI chatbots, it may have to be revised.

Just recently, someone on X wondered how much OpenAI spends on electricity at its data centers to process polite terms like “please” and “thank you” when people engage with its ChatGPT chatbot.

Read more
Kagi’s AI search assistant gives you access to all the big models in one place
Kagi search bar in light mode.

Kagi's "Assistant" feature, previously only available to Ultimate subscribers, is now rolling out to all tiers -- including the free trial tier. The feature gives you access to a range of different LLMs for both chatting and web-searching purposes.

If you don't know much about Kagi, it's a paid search engine that borrows its name from the Japanese word for "key." The concept is simple -- with Google, you pay for the service by allowing ads and data collection. With Kagi, you pay for the service with money to get a private and ad-free experience.

Read more
Fun things to ask ChatGPT now that it remembers everything
ChatGPT on a laptop

If you hadn't heard, ChatGPT's memory just got a whole lot better. Rolled out across the world to Plus and Pro users over the past few days, ChatGPT's various models can now reference almost any past conversation you had. It doesn't remember everything word for word, but can pull significant details, themes, and important points of reference from just about anything you've ever said to it.

It feels a little creepy at times, but ChatGPT can now be used for much more personalized tasks. OpenAI pitches this as a way to improve its scheduling feature to use it as a personal assistant, or to help you continue longer chats over extended periods of time. But it's also quite fun to see what ChatGPT can tell you by trawling throughh all your chatlogs. It's often surprising some of the answers it spits out in response.

Read more