A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.

New acoustic attack steals data from keystrokes with 95% accuracy::A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.

  • Coreidan@lemmy.worldEnglish
    1449·
    1 year ago

    I’ll believe it when it actually happens. Until then you can’t convince me that an algorithm can tell what letter was typed from hearing the action through a microphone.

    This sounds like absolute bullshit to me.

    The part that gets me is that the ONLY reason this works is because they first have to use a keylogger to capture the keystrokes of the target, then use that as an input to train the algorithm. If you switch out the target with someone else it no longer works.

    This process starts with using a keylogger. The fuck you need “ai” for if you have a keylogger?!? Lol.

    • Ironfist@sh.itjust.worksEnglish
      6·
      1 year ago

      I’m skeptical too, it sounds very hard to do with the sound alone, but lets assume that part works.

      The keylogger part could be done with a malicious website that activates the microphone and asks the user to input whatever. The site would know what you typed and how it sounded. Then that information could be used against you even when you are not in the malicious website.

      • Imgonnatrythis@lemmy.worldEnglish
        5·
        1 year ago

        Hard to do, but with a very standard keyboard like a Mac keyboard the resonance signatures should be slightly different based on location on the board, take into account pattern recognition, relative pause length between keystrokes, and perhaps some forced training ( ie. Get them to type know words like a name and address to feed algorithm) I think it’s potentially possible.

    • barryamelton@lemmy.mlEnglish
      1·
      1 year ago

      it doesn’t need a keylogger. Just needs a Videocall meeting, a Discord call meanwhile you type to a public call, a recording of you on youtube streaming and demoing something… etc.

    • HankMardukas@lemmy.worldEnglish
      32·
      1 year ago

      It’s bad now, but where we’re at with AI… It’s like complaining that MS paint in 1992 couldn’t make photorealistic fake images. This will only get better, never worse. Improvements will come quickly.

  • abraham_linksys@sh.itjust.worksEnglish
    371·
    1 year ago

    It looks like they only tested one keyboard from a MacBook. I’d be curious if other keyboard styles are as susceptible to the attack. It also doesn’t say how many people’s typing that they listened to. I know mine changes depending on my mood or excitement about something, I’m sure that would affect it.

  • the_beber@lemm.eeEnglish
    331·
    1 year ago

    Tangentially related: Did you know, that it‘s technically also possible to reconstruct sound via smartphone accelerometers and there‘s no restrictions on which apps can use it. Have fun with this info (:

    • Tangent5280@lemmy.worldEnglish
      61·
      1 year ago

      Reconstruct sound using smartphone accelerators? What do you mean? That accelerometers can act as speakers and produce sound? Or they can act as microphones and record sound as numerical data of vibrations etc? Can you point me to any articles or sources?

    • Aopen@discuss.tchncs.deEnglish
      4·
      1 year ago

      SpyApp is spying in background

      User thinks “why is battery draining so fast?”

      Opens battery setting

      Oh, this app shouldnt work right now

      Restricts SpyApp’s battery permissions

    • Ironfist@sh.itjust.worksEnglish
      2·
      1 year ago

      are you saying that a cellphone accelerometer can be used as a microphone? That sounds… interesting. Do you have a source?

      • Croquette@sh.itjust.worksEnglish
        2·
        1 year ago

        I am not the person you are replying to, but if the accelerometers are sensible enough, the vibration of the voice will be picked up by the accelerometer.

        Since the sound we make when talking are periodical, it can probably easier to track that periodicity and reconstruct the sound from there.

        It’s all my (un)educated guess.

    • Lojcs@lemm.eeEnglish
      1·
      1 year ago

      Iirc on newer versions of Android there are restrictions on polling rate of sensor data

    • Botree@lemmy.worldEnglish
      2·
      1 year ago

      Never knew my mutant blue switch keeb would come in handy one day. I’ve lubed the blue switches and added foam and tapes so now it sounds like a clicky-thocky blue-brown switches keeb.

  • chaorace@lemmy.sdf.orgEnglish
    201·
    1 year ago

    laughs in custom multi-layer orthogonal layout with one-of-a-kind enclosure & artisan keycaps

    • malloc@lemmy.worldEnglish
      6·
      1 year ago

      Only plebs type. I write all of my content in machine code with a custom compiler to translate it to QWERTY.

      NSA/CIA/DEA/Interpol/FBI still trying to decode my shitposts to this day

  • randint@lemm.eeEnglish
    10·
    1 year ago

    Assuming that this does not only work on English words, this is actually really terrifying.

    • lagomorphlecture@lemm.eeEnglish
      3·
      1 year ago

      I have to assume it could be modified to work on any language. You just have to know the keyboard layout for the language in question do you know what to listen for. Languages with a lot of accents like French maybe could be slightly more complicated but I seriously doubt that it couldn’t be done. I’m honestly not sure how the keyboard is set up for something like Chinese with so very many characters but again if this can be done, that can be done with some dedication and know how.

      • randint@lemm.eeEnglish
        3·
        1 year ago

        There are several different ways of inputting Chinese, but generally they all map 2~6 keystrokes to one or multiple Chinese characters, and then the user chooses one. I’d imagine it wouldn’t be much harder.

  • mudcrip@lemm.eeEnglish
    71·
    1 year ago

    I find this article kinda mid bc No link to og paper Article doesn’t specify what kinds of keystrokes were being detected (so title seems kind of clickbait)

    • probably not all kinds of keyboards if they only trained model on macbooks? Also no mention of kind of data used to demonstrate 95% accuracy
  • Marxism-Fennekinism@lemmy.mlEnglish
    3·
    1 year ago

    A very widespread implication of this is if you are on a call with a bad actor and are on speaker phone, and you enter your password while talking to them, they could potentially get that password or other sensitive information that you typed.

    Assuming it really is that accurate, a real-world attack could go something like this. Call someone and social engineer them in a way that causes them to type their login credentials, payment information, whatever, into the proper place for them. They will likely to this without a second thought because “well, I’m signing into the actual place that uses those credentials and not a link someone sent me so it’s all good! I even typed in the address myself so I’m sure there’s no URL trickery!” And then attempt to extract what they typed. Lots of people, especially when taking calls or voice conference meetings or whatever from their desk, prefer to not hold their phone to their ear of use a headset mic and instead just use their normal laptop mic or an desktop external one. And, most people stop talking when they’re focused on typing which makes it even easier. Hell if you manage to reach, say, the IT server department of a major company and play your cards right, you might even be able to catch them entering a root password for a system that’s remotely accessible.