It looks like they only tested one keyboard from a MacBook. I'd be curious if other keyboard styles are as susceptible to the attack. It also doesn't say how many people's typing that they listened to. I know mine changes depending on my mood or excitement about something, I'm sure that would affect it.
this post was submitted on 06 Aug 2023
191 points (92.8% liked)
Technology
58942 readers
3531 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
My wife types with her fists when I’m trying to have Zoom meetings.
Coworkers amirite 🙄
Tangentially related: Did you know, that it‘s technically also possible to reconstruct sound via smartphone accelerometers and there‘s no restrictions on which apps can use it. Have fun with this info (:
Thanks, I hate it.
are you saying that a cellphone accelerometer can be used as a microphone? That sounds... interesting. Do you have a source?
SpyApp is spying in background
User thinks "why is battery draining so fast?"
Opens battery setting
Oh, this app shouldnt work right now
Restricts SpyApp's battery permissions
Assuming that this does not only work on English words, this is actually really terrifying.
I have to assume it could be modified to work on any language. You just have to know the keyboard layout for the language in question do you know what to listen for. Languages with a lot of accents like French maybe could be slightly more complicated but I seriously doubt that it couldn't be done. I'm honestly not sure how the keyboard is set up for something like Chinese with so very many characters but again if this can be done, that can be done with some dedication and know how.
There are several different ways of inputting Chinese, but generally they all map 2~6 keystrokes to one or multiple Chinese characters, and then the user chooses one. I'd imagine it wouldn't be much harder.
I’m sweating. I use blue switches. Help.
Mx blue and unicomp here.. HELP
laughs in custom multi-layer orthogonal layout with one-of-a-kind enclosure & artisan keycaps
Only plebs type. I write all of my content in machine code with a custom compiler to translate it to QWERTY.
NSA/CIA/DEA/Interpol/FBI still trying to decode my shitposts to this day
I find this article kinda mid bc No link to og paper Article doesn't specify what kinds of keystrokes were being detected (so title seems kind of clickbait)
- probably not all kinds of keyboards if they only trained model on macbooks? Also no mention of kind of data used to demonstrate 95% accuracy
Phreaking for the modern era. With phones the key tones are different. With keystrokes it’s not. Are they measuring the time between each key press and using that to come up with possible words?
Sweet! More man-made horrors beyond my comprehension! I sure am glad we're investing our time into things that will never be stolen or misused!
I mean, human ears an only hear so much, but something tells me this is limited to certain kinds of keys.
flfflflfuddhfflfluddh
A very widespread implication of this is if you are on a call with a bad actor and are on speaker phone, and you enter your password while talking to them, they could potentially get that password or other sensitive information that you typed.
Assuming it really is that accurate, a real-world attack could go something like this. Call someone and social engineer them in a way that causes them to type their login credentials, payment information, whatever, into the proper place for them. They will likely to this without a second thought because "well, I'm signing into the actual place that uses those credentials and not a link someone sent me so it's all good! I even typed in the address myself so I'm sure there's no URL trickery!" And then attempt to extract what they typed. Lots of people, especially when taking calls or voice conference meetings or whatever from their desk, prefer to not hold their phone to their ear of use a headset mic and instead just use their normal laptop mic or an desktop external one. And, most people stop talking when they're focused on typing which makes it even easier. Hell if you manage to reach, say, the IT server department of a major company and play your cards right, you might even be able to catch them entering a root password for a system that's remotely accessible.
Is very convoluted, but yeah, could work
That "95%" has about as much credibility and extremely specific test conditions as MPG for cars
Fucking yikes
Does the research presume the use of a qwerty keyboard?
It uses the sounds it records and compares again the messages you send. So in theory it's layout agnostic.
So key loggers then? They’ve been around for a long long time.
That's a liberal extension of the definition. I wouldn't consider this anywhere close to traditional/established key logging.
No you’re not getting it. They use key loggers to train the AI and they need to use the targets keystrokes to do it. Without that they cannot train the AI to be able to use the microphone to figure the key strokes out.
It all starts with a traditional keylogger and that’s why this is silly.
Wasn't that a thing already? Thought it was part of the Snowden releases.
Can we, one day, have a research, a project where DL, AI, LLM (w' the f*ck you call it) solving real and useful problems?
I swear, these techs are boring as f .
I always thought this was a thing. Didn't know when it'd come to fruition though.
I think i saw this in a movie once