This scary AI recognizes passwords by the sound of your typing::British researchers have trained an artificial intelligence to recognize keystrokes by sound. A smartphone placed near a laptop served as the microphone.
This news has been reported for months in increasingly sensationalist headlines. The short version is that you only have to worry if you are a slow typist in a high-espionage setting in which your system is physically secure so no one could use a physical or digital keylogger attack, but also has a sample of your typing and audio recording access to your computing area.
Not to mention that this was first done years ago by some agency using sound recordings and good old analysis.
I remember a cracked.com video several years ago saying the tilt sensors in a smartphone could potentially work as a keylogger by listening to a keyboard on the same desk
Old recycled news.
Last time: If you know the model and way of typing of the target you have a good likelyhood.
Does it recognize backspace, select all delete, a few curse words, slamming the desk and then the phrase “that’s what I fucking typed the first time!”
Password manager users feeling like untouchable gods after this one.
Enter master password:
hunter2
Can you really use all * as a master password?
KeepassXC with a Yubikey. Always buy a backup Yubikey folks.
Got a couple of keys, best thing I ever got tbh
So when my co workers complain about my custom mechanical keyboard being too loud, I should tell them I’m doing it to improve our cyber security.
That’s why I have 7 different brands of switches all different types on my keyboard.
Wouldn’t that make it easier for the AI?
But it’s the rubber dome keys that make up his password keys. The mechs are just a distraction.
galaxy brain
Not if you randomly jumple and replace the switches before typing each password
… or just use a password manager like a sensible person.
Removed by mod
Yes, but if it was specifically trained on your particular keyboard.
Or if you want to go further, have foamed + plate mount + mixed lubed and unlubed switch + different color of switch on top of mixed brands of cherry mx, kailh, gateron, outemu and or lesser known/premium switches on single keyboard, the cost may be unusually high and need custom printed pcb.
Maybe you’ll need to get use to typing on it as now comprised of various tactility and feedback feel.
This Scary AI Recognizes Your Password Just by Filming It!
For QWERTY users this is a problem
The layout is less of an issue, as long as the program analyzing the sounds of your keyboard can diferentiate between all keys, then it can remap to QWERTZ, AZERTY or sny other layout.
However, this attack seems quite involved, so if you are targeted, the attacker could find out the layout in use ahead of time (here in Sweden you are unlikely to find a person using anything but a Swedish layout), they could also fo some social engineering, and hold a chat conversation with you while using your phone to record keystrokes, it would take a while, but over time they could probably get a decently accurate map of your keyboard.
Wouldn’t it only be trained on a specific keyboard though, as anyone in the Mechanical keyboard community knows every keyboard sounds different. And that doesn’t even account for age, condition(dust, how many crisps have you eaten over your keyboard, etc).
So I highly doubt this could be effective beyond possibility being trained to work with a certain type of laptop. 16 inch MacBook Pros for example.
Doesn’t matter that much if you cast your malware broadly enough, for example requesting mic access from a web page. A large percentage of keyboards (especially business laptops) will be covered just by Mac + Lenovo.
You can just solve the problem altogether by using a password manager with a 2fa dongle like a nitro or yubi key
Good luck. I change the keycaps and switches on my board pretty much every week.
One solution would be a password mode where the keys randomly rearrange, so you are using different physical keys each time. Kinda like you can do with passcodes on Android. Ofc this implies some way of dynamically displaying the keys, but that would be cool in itself.
Or what about playing sounds that block out the clicking.
Rearranging the keys? My password’s pretty much muscle memory, typed fast enough in not really worried about people watching me enter it. Call me lazy, but having to pick and hit every key? No thanks.
Especially, this would be less secure since you have to search the keys every time and give the attacker time to read which key you typed. Best Password is no Password (private key).
Playing sounds? sure.
Rearranging keys - hell no.
“Huh… All of this guy’s passwords are CTRL-SHIFT-INS.”
i wonder why this works.
Because all keys on a keyboard sound slightly different, computers can detect those differences, and compare it with a baseline from either the same keyboard or a model just like it.
Try this: on any keyboard (a membrane keyboard especially if you have one) try quickly tapping one key 3 times and then another key 3 times. Move around the keyboard or alternate between two letters.
Can you hear that they make different sounds, but typing the same letter has roughly the same sound? The" plok" has a higher or lower pitch (frequency is the scientific word for it), and a trained AI can match that pitch to a letter if it has or can get an idea of what corresponds to what.
Why is it that humans can’t aimply NOT be evil?
Most of my passwords require key combinations on my heinous qmk config