How to protect your privacy from acoustic side-channel attacks?

Researchers have discovered a new way to spy on what you type by listening to the sound of your keystrokes. Here’s what you need to know about this threat and how to defend yourself.

acoustic side-channel attacks

What are acoustic side-channel attacks?

Acoustic side-channel attacks (ASCA) are a type of cyberattack that exploits the sound emitted by your keyboard when you type. By recording and analyzing the sound of each keystroke, an attacker can infer what you are typing with high accuracy.

This is possible because different keys produce different sounds, depending on their location, size, shape, and material. For example, the space bar sounds different from the enter key, and the letter A sounds different from the letter B. By using machine learning techniques, an attacker can train a model to recognize the sound patterns of each key and map them to their corresponding letters.

How serious is this threat?

According to a recent paper by researchers from the University of Cambridge, the University of Oxford, and the University of Bristol, this threat is very serious and can be carried out with minimal equipment and effort. The researchers claim that they can turn typing sounds into text with 95% accuracy in some cases, using nothing but a nearby iPhone.

The researchers also demonstrate that this attack can be performed remotely, using popular video conferencing platforms like Zoom and Skype. They show that over Zoom, the accuracy of recorded keystrokes only drops to 93%, while over Skype it is still 91.7%. This means that an attacker can eavesdrop on your online meetings, chats, or calls and steal your sensitive information, such as passwords, credit card numbers, or personal messages.

The researchers say that this is the first time that such a high accuracy has been achieved for ASCA without relying on a language model. A language model is a tool that helps predict the next word or letter based on the previous ones, using statistical or probabilistic methods. For example, if you type “I love”, a language model might suggest “you” as the most likely next word. However, a language model also introduces some errors and limitations, such as being dependent on the language and context of the text. By using deep learning and self-attention transformer layers, the researchers were able to capture the sounds of typing and translate them into data without needing a language model.

How can you protect yourself?

As scary as this attack sounds, there are some ways to protect yourself from it. The simplest one is to change your typing style. The researchers note that skilled users who can rely on touch typing are harder to detect accurately, with single-key recognition dropping from 64% to 40% at the higher speeds enabled by the technique. Touch typing is a method of typing where you use all your fingers and do not look at the keyboard. By typing faster and more consistently, you can reduce the variations in sound and timing that an attacker can exploit.

Another way to protect yourself is to use randomized passwords with multiple cases. This makes it harder for an attacker to guess your password based on the sound alone, as they would also need to know the case of each letter. For example, if your password is “password”, an attacker might easily crack it by listening to your keystrokes. But if your password is “pAsSwOrD”, they would have a much harder time figuring out which letters are uppercase and which are lowercase.

A third way to protect yourself is to use a virtual keyboard or an alternative input device. A virtual keyboard is a software application that allows you to type on your screen using your mouse or touchpad. An alternative input device is a hardware device that replaces your keyboard with another form of input, such as a voice recognition system or a gesture control system. Both of these methods can prevent an attacker from capturing the sound of your keystrokes, as they do not produce any audible noise.


Acoustic side-channel attacks are a new and serious threat to your privacy and security. By listening to the sound of your keystrokes, an attacker can steal your personal information and compromise your accounts. To protect yourself from this attack, you should change your typing style, use randomized passwords with multiple cases, or use a virtual keyboard or an alternative input device. By following these tips, you can make it harder for an attacker to spy on what you type.

Leave a Reply

Your email address will not be published. Required fields are marked *