I have written many articles describing how the first steps in any cyber security plan has to be the recognition that you and your team need to be able to keep a secret. For instance the first secret is of course to keep any passwords you have been given access to, something less obvious is that our team always keeps security devices, such as firewalls, out of sight in locked cupboards.
But is becomes a lot hard to keep those secrets if a determined threat actor could know what you are typing, by “simply” listening to sounds the keyboard makes.
Acoustic Side Channel Attack on Keyboards Based on Typing Patterns (arxiv.org)
Alireza Taheritajar and Reza Rahaeimehr from the Augusta University have presented a paper demionstarting such an attack, even in loud enviroments. The attack has only been carried in laboratory conditions but they do speculate on the possibility of infecting computers with malware, via the usual channels, to carry out a real world attack. They even speculate on the production of compromise keyboards being available to buy.
Variations of side-channel cyber attacks, including listening to a CPU working, were a very popular topic for papers when I was at Edinburgh Napier University but it looks like this research moves the possiblility of a real side-channel attack nearer.
Your takeaway
This cyber attack is in the future. But coming back to keeping a secret. Do your people know their responsibilities when it comes to passwords? Does your IT company keep your secrets safe? We do.
Clive Catton MSc (Cyber Security) – by-line and other articles