this post was submitted on 09 Dec 2023
170 points (82.7% liked)

Technology

59666 readers
2703 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

This scary AI recognizes passwords by the sound of your typing::British researchers have trained an artificial intelligence to recognize keystrokes by sound. A smartphone placed near a laptop served as the microphone.

top 50 comments
sorted by: hot top controversial new old
[–] gedaliyah@lemmy.world 66 points 11 months ago (2 children)

This news has been reported for months in increasingly sensationalist headlines. The short version is that you only have to worry if you are a slow typist in a high-espionage setting in which your system is physically secure so no one could use a physical or digital keylogger attack, but also has a sample of your typing and audio recording access to your computing area.

[–] YoorWeb@lemmy.world 2 points 11 months ago

Not to mention that this was first done years ago by some agency using sound recordings and good old analysis.

[–] Raxiel@lemmy.world 1 points 11 months ago

I remember a cracked.com video several years ago saying the tilt sensors in a smartphone could potentially work as a keylogger by listening to a keyboard on the same desk

[–] Appoxo@lemmy.dbzer0.com 37 points 11 months ago

Old recycled news.

Last time: If you know the model and way of typing of the target you have a good likelyhood.

[–] tsonfeir@lemm.ee 36 points 11 months ago

Does it recognize backspace, select all delete, a few curse words, slamming the desk and then the phrase “that’s what I fucking typed the first time!”

[–] Daiken@lemmy.world 32 points 11 months ago (2 children)

"As a defense measure, the researchers recommend that users use the ten-finger system when typing. In this case, the recognition rate of individual keys dropped significantly."

Lmao. If you know how to type, then it doesn't work.

This system also depends on the AI being trained on a particular keyboard. It's probably not gonna work if you use a non MacBook computer.

[–] Tathas@programming.dev 14 points 11 months ago (2 children)

Years ago I got the (then) admin account password at work because one of the LAN admins typed with two pointer fingers and I just watched.

[–] ultra@feddit.ro 5 points 11 months ago (1 children)

Same, but at school. My account couldn't log in for some reason, so the teacher logged me in as admin lmao

[–] BorgDrone@lemmy.one 7 points 11 months ago

At my high school the admin password for the Novell server was 12345. Kind of obvious if you see someone type it in.

[–] Chriswild@lemmy.world 5 points 11 months ago

What the fuck

[–] Kialdadial@iusearchlinux.fyi 2 points 11 months ago

I was wondering how it would be able to tell what keyboard someone is using like I switch between Dvorak and Qwerty all the time ( I can only type properly in Dvorak though ).

[–] onelikeandidie@lemmy.world 23 points 11 months ago (2 children)

Password manager users feeling like untouchable gods after this one.

[–] ryannathans@aussie.zone 26 points 11 months ago (2 children)
[–] jwt@programming.dev 25 points 11 months ago (1 children)
[–] diviledabit@lemmy.world 21 points 11 months ago

Can you really use all * as a master password?

[–] onelikeandidie@lemmy.world 7 points 11 months ago

me with my yubikey

[–] Eezyville@sh.itjust.works 4 points 11 months ago (1 children)

KeepassXC with a Yubikey. Always buy a backup Yubikey folks.

[–] onelikeandidie@lemmy.world 1 points 11 months ago

Got a couple of keys, best thing I ever got tbh

[–] ThatFembyWho@lemmy.blahaj.zone 13 points 11 months ago (2 children)

One solution would be a password mode where the keys randomly rearrange, so you are using different physical keys each time. Kinda like you can do with passcodes on Android. Ofc this implies some way of dynamically displaying the keys, but that would be cool in itself.

Or what about playing sounds that block out the clicking.

[–] dukk@programming.dev 11 points 11 months ago (1 children)

Rearranging the keys? My password’s pretty much muscle memory, typed fast enough in not really worried about people watching me enter it. Call me lazy, but having to pick and hit every key? No thanks.

[–] Petter1@lemm.ee 3 points 11 months ago

Especially, this would be less secure since you have to search the keys every time and give the attacker time to read which key you typed. Best Password is no Password (private key).

[–] DogMuffins@discuss.tchncs.de 2 points 11 months ago

Playing sounds? sure.

Rearranging keys - hell no.

[–] Carter@feddit.uk 13 points 11 months ago

"Huh... All of this guy's passwords are CTRL-SHIFT-INS."

[–] lauha@lemmy.one 11 points 11 months ago (3 children)

That's why I have 7 different brands of switches all different types on my keyboard.

[–] BreakDecks@lemmy.ml 15 points 11 months ago (3 children)

Wouldn't that make it easier for the AI?

[–] wreckedcarzz@lemmy.world 14 points 11 months ago

But it's the rubber dome keys that make up his password keys. The mechs are just a distraction.

galaxy brain

[–] Whelks_chance@lemmy.world 8 points 11 months ago (1 children)

Not if you randomly jumple and replace the switches before typing each password

[–] d3Xt3r@lemmy.nz 4 points 11 months ago (1 children)

... or just use a password manager like a sensible person.

[–] Viking_Hippie@lemmy.world 1 points 11 months ago* (last edited 11 months ago)

You're right but...which part of this exchange implied anyone trying to be sensible?

[–] lauha@lemmy.one 1 points 11 months ago

Yes, but if it was specifically trained on your particular keyboard.

load more comments (2 replies)
[–] Copernican@lemmy.world 11 points 11 months ago

So when my co workers complain about my custom mechanical keyboard being too loud, I should tell them I'm doing it to improve our cyber security.

[–] homesweethomeMrL@lemmy.world 10 points 11 months ago

This Scary AI Recognizes Your Password Just by Filming It!

[–] ristoril_zip@lemmy.zip 9 points 11 months ago (2 children)

For QWERTY users this is a problem

[–] stoy@lemmy.zip 6 points 11 months ago

The layout is less of an issue, as long as the program analyzing the sounds of your keyboard can diferentiate between all keys, then it can remap to QWERTZ, AZERTY or sny other layout.

However, this attack seems quite involved, so if you are targeted, the attacker could find out the layout in use ahead of time (here in Sweden you are unlikely to find a person using anything but a Swedish layout), they could also fo some social engineering, and hold a chat conversation with you while using your phone to record keystrokes, it would take a while, but over time they could probably get a decently accurate map of your keyboard.

[–] Mataresian@lemmy.dbzer0.com 1 points 11 months ago

Wouldn't it also be able to crack it in the future as long as it's accurate enough? As long as it's able to accurately recognise what key is which it can crack it like the enigma code.

[–] LainOfTheWired@lemy.lol 9 points 11 months ago (3 children)

Wouldn't it only be trained on a specific keyboard though, as anyone in the Mechanical keyboard community knows every keyboard sounds different. And that doesn't even account for age, condition(dust, how many crisps have you eaten over your keyboard, etc).

So I highly doubt this could be effective beyond possibility being trained to work with a certain type of laptop. 16 inch MacBook Pros for example.

[–] flamingo_pinyata@sopuli.xyz 4 points 11 months ago

Doesn't matter that much if you cast your malware broadly enough, for example requesting mic access from a web page. A large percentage of keyboards (especially business laptops) will be covered just by Mac + Lenovo.

[–] iAvicenna@lemmy.world 1 points 11 months ago

I suspect it also uses timing between each key stroke to basically triangulate all possible combinations (this method would at least have to know the exact starting key to construct the password from this distance info, that is why I said all possible combinations)

[–] LainOfTheWired@lemy.lol 1 points 11 months ago

You can just solve the problem altogether by using a password manager with a 2fa dongle like a nitro or yubi key

[–] Adalast@lemmy.world 8 points 11 months ago

I once recognized the sounds of a girlfriend deleting texts by where her nail was hitting her phone screen in a specific pattern. That is more sad than impressive, I understand. Just saying that this makes sense and is not beyond human capability on its own.

[–] Ziro427@lemmy.world 8 points 11 months ago

So.. at what point will paranoid people start screaming at their keyboards while typing, "just in case"?

[–] gwkt@lemmy.world 8 points 11 months ago

finally that monstrosity of a password keyboard from Unnecessary Inventions will come in handy

[–] Bratwurstboy@iusearchlinux.fyi 6 points 11 months ago

Good luck. I change the keycaps and switches on my board pretty much every week.

[–] alienanimals@lemmy.world 6 points 11 months ago

I feel like you could type really slowly to throw it off. How would it know the distance to each key if you set a standard interval between each one?

[–] Grass@sh.itjust.works 5 points 11 months ago

Most of my passwords require key combinations on my heinous qmk config

[–] gibbedygook@sh.itjust.works 5 points 11 months ago (2 children)
[–] stoy@lemmy.zip 8 points 11 months ago

Because all keys on a keyboard sound slightly different, computers can detect those differences, and compare it with a baseline from either the same keyboard or a model just like it.

[–] Rentlar@lemmy.ca 3 points 11 months ago* (last edited 11 months ago)

Try this: on any keyboard (a membrane keyboard especially if you have one) try quickly tapping one key 3 times and then another key 3 times. Move around the keyboard or alternate between two letters.

Can you hear that they make different sounds, but typing the same letter has roughly the same sound? The" plok" has a higher or lower pitch (frequency is the scientific word for it), and a trained AI can match that pitch to a letter if it has or can get an idea of what corresponds to what.