Threat Actors Find Backdoor Way to Hack Passwords Using Sound of Keyboard Typing

September 3, 2019

Hikvision HikWire blog article password hacks by typing sounds

Hikvision Cyber Blogs: Tips to Prevent Exploits and Account Hacks


A new study found that hackers might have found a backdoor method to determine a person’s password by listening to the sounds made when a person is typing, according to an article in Security magazine.

From the study’s website announcement: “You likely know to avoid suspicious emails to keep hackers from gleaning personal information from your computer. But a new study from SMU (Southern Methodist University) suggests that it’s possible to access your information in a much subtler way: by using a nearby smart phone to intercept the sound of your typing. Researchers from SMU’s Darwin Deason Institute for Cybersecurity found that acoustic signals, or sound waves, produced when we type on a computer keyboard can successfully be picked up by a smartphone. The sounds intercepted by the phone can then be processed, allowing a skilled hacker to decipher which keys were struck and what they were typing.”

Researchers were looking to study gaps in security, and determine if a smartphone placed on the same table as a laptop could decipher the password keys typed in. Study results found 41 percent accuracy level in determining the words typed using a typical keyboard and smartphone. This held true even if the room was filled with other noise, such as people holding conversations.   

“We were looking at security holes that might exist when you have these ‘always-on’ sensing devices–that being your smartphone. We wanted to understand if what you’re typing on your laptop, or any keyboard for that matter, could be sensed by just those mobile phones that are sitting on the same table,” said Eric Larson, study author and assistant professor at SMU, in the article.

Hikvision Tips to Prevent Exploits and Account Hacks
Hikvision has an extensive library of cybersecurity blogs that offers tips to prevent exploits and account hacks, and protect passwords. A recent article, “New Study Finds Organizations have Concerns with Security Operation Centers, Uncovers Most Commonly Identified Exploits,” outlines common exploits which include malware attacks, exploiting known vulnerabilities, malicious insiders, and spear phishing.

Spear phishing is a special kind of phishing attack that targets a specific person or organization. Spear phishing emails typically have information about the victim in the email that makes the email seem like it’s from a credible source. Hikvision’s cybersecurity director, Chuck Davis, outlines examples of spear phishing in this blog.

Davis also discussed using password managers to reduce security concerns and risk of being hacked in this blog. In it, Davis said: “A Password Manager is a software tool that is used to store all of your passwords in an encrypted file so that you, and no one else, have very easy access to them, helping to minimize security concerns. Most modern password managers have additional features such as cloud storage, auto-filling fields, and password generators that make very good passwords. The cloud storage feature of password managers provides easy access to your passwords from different devices. While it sounds scary to have all of your passwords stored online, a good password manager will encrypt all of your password data before it is uploaded to the cloud and will make sure that only you have the keys (the master password that you set) to decrypt your passwords on each device.”

For more, view our complete list of cyber blogs here.

IMPORTANT! This model requires non-standard firmware. Do Not Install standard firmware (e.g. v.4.1.xx) on this model. Doing so will permanently damage your system. You must use custom firmware v.4.1.25 from the iDS-9632NXI-I8/16S product page.

By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION General Terms of Use . If you don’t agree to these terms, you may not download or use any of those materials.

If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the General Terms of Use above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).