Yep, you read that right: your shoulders. According to a study recently conducted by researchers from the University of Texas and the University of Oklahoma, newly developed software allowed researchers to effectively guess what a user was typing with up to 93 percent accuracy by tracking the movements of their shoulders on a Zoom call.
How can your shoulders show what you are typing?
Think of Newton’s third law: “Every action has an equal and opposite reaction,” as Davey Winder of Forbes explains:
Whatever your personal typing style, when you press a key, a ‘reaction force’ in the opposite direction is produced. This force then moves from the fingers on the keyboard all the way to the shoulder muscles and joints, which absorb it. This force creates small and subtle, but measurable, movements of the shoulders. Because each finger, connected by different wrist bones with different joints in the Carpus area, the researchers write, ‘the reaction force of a keystroke propagates slightly differently through the arm and shoulder muscles and joints, depending on which finger was used to press the key.’
By recording these movements and cross-referencing them with dictionary word-profiles, the software could effectively “guess” what was being typed – but the hacker would either have to be on a call with you where you were typing the password, or at least be able to access the video feed and record it.
Not so fast
Before you freak out, there are a couple of things to note:
- The researchers could attain that level of accuracy only when the passwords were one of the top 1 million most-used passwords; the accuracy level dropped to just 18.9 percent for passwords not in that database.
- Since the study was conducted under controlled conditions, a variety of factors can lessen the accuracy with which passwords are predicted, including variables like wired headphones or long hair on the user, ambient lighting, and extraneous user movement. When the environment wasn’t highly controlled, the accuracy rate dropped down to 20 percent.
- In the future, combining audio access with video could increase the accuracy with which hackers could guess passwords; in the study, inferences were based solely off the visual video feed.
Should I be worried?
The short answer is: no. Right now, the software algorithm is not out there for just anyone to use – so far, only the researchers of this study have it. Secondly, given the accuracy of the software at this time, it does not appear to be a major threat for most people. For now, just be sure that you have randomly generated or complex passwords, use two-factor authentication when possible, and make sure your software and operating systems are up-to-date. You can also cover your camera when it is not in use. Oh, and growing your hair long and bouncing in your chair on your Zoom calls wouldn’t hurt, either.