There is no defense when your digital fingerprint is used as AI training data.
The headline reads:
New acoustic attack steals data from keystrokes with 95% accuracy:
Highlights include:
A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.
What makes this so bad is that everyone has a unique keyboard entry fingerprint.
We all have a unique rhythm and groove to express ourselves on a keyboard.
Learning to change these patterns is slow, because typing is in a large part muscle memory.
Changing that is slow and intentional work, especially for veteran keyboard users.
Just as there is a personal keyboard usage pattern that can be detected, all content made by humans can be fed into a detection algorithm.
The same training that makes ChatGPT so effective can be applied to deanonymizing you on the internet.
How many millions would an attacker spend on compute if you could decode Elon typing out his eX-Twitter password?
Humans greatest weapon was pattern matching. We conquered the world in only 160 000 years.
Part of that was because our species out-pattern-matched every other competitor.
We’ve built math machines that can out-pattern-match us.
Dan Carlin’s WWI podcast series “Blueprint for Armageddon”
In this three hour marathon, Dan Carlin unfolds the intricate build up to the first World War.
In it, he makes the observation that WWI was the moment that homo sapiens crossed a threshold: When our weapons became better at killing us at scale than we were.
From there the scale went exponential.
We’ve scaled sophisticated math models to the point where we can detect the music of your keyboard.
Defensive Weaponized AI
A similar attack vector to the acoustic keyboard keylogger can be found in the world of competitive gaming.
Except it’s being used as a way to prevent cheating:
The proposition is to run a AI model that pattern-match a players unique playstyle- Down to the key/mouse stroke.
Compare that players patterns to a cheaters, and you can detect if the player is cheating.
What I find interesting about this is that its using the same approach as the acoustic keyboard password stealer.
It’s using weaponized AI in a defensive capacity.
In both cases, pattern matching a digital fingerprint is a profitable endeavor.
- For the rogues, cracking the digital blueprint of High Value Targets could do billions in damage.
- For the benevolent, a game studio would pay high subscription costs to reliably detect and track cheaters.
If there is an economic incentive in identifying digital fingerprints, then the investment will be made- especially since it has the bright shiny letters AI in it.
Building defensive applications of AI as a profitable business venture is likely the best way to inoculate ourselves from machines that can out-pattern-match us.
It’s more than “Can’t beat ‘em, join ‘em”.
It’s “Can’t beat ‘em, profit off ‘em”.
At least I hope that’s a viable option, because I posit that conventional digital security measures are becoming more and more obsolete as we scale AI.
No Safe Password
Consider the following passage from Google Cloud: Workload identity federation
In server architecture, a service account key
is a fancy term for “long password”.
We usually don’t type these passwords out, but they certainly do get copypasta’d.
What this acoustic keyboard attack demonstrates is that no password is safe- even if you call them service keys.
It also demonstrates that Google already has a proposed solution: Tie your credentials to the person.
That IAM thing it’s referencing is what grants server privileges to software engineers working at a company.
Who Are You?
If you lose access to Google/Microsoft/Apple account, you’re probably going to have a bad day.
Especially if you lose access because someone impersonated you.
That’s why Google and every other major platform puts so much effort into authenticating who a person is.
And most smaller companies defer to logging in with one of those major platforms:
At the end of the day, Google still needs to prove that its you that’s logging into that account, and not an impersonator- human or bot.
My argument is that targeted AI algorithms can be instructed to impersonate you with continually improving accuracy.