New acoustic attack steals data from keystrokes with 95% accuracy::A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.
Can’t remember if the one I saw was movie or TV but I want to say the plot device in question (from the instance I remembered) was a small acoustic bug under the caps lock key. At the time I thought that was too far fetched to be possible. We live in a world…
I’ll believe it when it actually happens. Until then you can’t convince me that an algorithm can tell what letter was typed from hearing the action through a microphone.
This sounds like absolute bullshit to me.
The part that gets me is that the ONLY reason this works is because they first have to use a keylogger to capture the keystrokes of the target, then use that as an input to train the algorithm. If you switch out the target with someone else it no longer works.
This process starts with using a keylogger. The fuck you need “ai” for if you have a keylogger?!? Lol.
Is gonna sound crazy, but I think you can skip the keylogger step!
You could make a “keystroke-sound-language-model” (so like a language model that combines various modalities, e.g, flamingo), then train that with self-supervised learning to match “audio” with “text”, and have a system where:
You listen to your target for a day or so, let’s say, 1000 words typed in 🤷🏻♂️
Then the model could do something akin to anchor tokens in language-to-language translation, except in this case it would be more like fixing on easy words such as “the” to give away part of the sound-to-key map. Then keep running this mapping more parts of the keyboard
Eventually you try to extract passwords from your recordings and maybe bingo
I think it’s very narrow to think that, just because this research case requires a keylogger, these systems couldn’t evolve other time to combine other techniques
It’s bad now, but where we’re at with AI… It’s like complaining that MS paint in 1992 couldn’t make photorealistic fake images. This will only get better, never worse. Improvements will come quickly.
it doesn’t need a keylogger. Just needs a Videocall meeting, a Discord call meanwhile you type to a public call, a recording of you on youtube streaming and demoing something… etc.
That’s pretty much what the article says. The model needs to be trained on the target keyboard first, so you won’t just have people hacking you through a random zoom call
I think you might have misunderstood the article. In one case they used the sound input from a Zoom meeting and as a reference they used the chat messenges from set zoom meetings. No keyloggers required.
I haven’t read the paper yet, but the article doesn’t go into detail about possible flaws.
Like, how would the software differentiate between double assigned symbols on the numpad and the main rows?
Does it use spell check to predict words that are not 100% conclusive?
What about external keyboards? What if the distance to the microphone changes?
What about backspace? People make a lot of mistakes while typing. How would the program determine if something was deleted if it doesn’t show up in the text?
Etc.
I have no doubt that under lab conditions a recognition rate of 93% is realistic, but I doubt that this is applicable in the real world. Noboby sits in a video conference quietly typing away at their keyboard. A single uttered word can throw of your whole training data. Most importantly, all video or audio call apps or programs have an activation threshold for the microphone enabled by default to save on bandwith. Typing is mostly below that threshold.
Any other means of collecting the data will require you to have access to the device to a point where installing a keylogger is easier.
Never knew my mutant blue switch keeb would come in handy one day. I’ve lubed the blue switches and added foam and tapes so now it sounds like a clicky-thocky blue-brown switches keeb.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world
This is a most excellent place for technology news and articles.
English
That “95%” has about as much credibility and extremely specific test conditions as MPG for cars
Does the research presume the use of a qwerty keyboard?
I would think that would be a safe assumption most of the time. Less than 1% of typists use Dvorak, for example.
It uses the sounds it records and compares again the messages you send. So in theory it’s layout agnostic.
https://youtu.be/qvsNyOhYMkQ
I mean, human ears an only hear so much, but something tells me this is limited to certain kinds of keys.
flfflflfuddhfflfluddh
I think i saw this in a movie once. Does anyone remember what movie it was?
Can’t remember if the one I saw was movie or TV but I want to say the plot device in question (from the instance I remembered) was a small acoustic bug under the caps lock key. At the time I thought that was too far fetched to be possible. We live in a world…
deleted by creator
Good luck hearing my cherry reds as I type slowly and softly!
Fucking yikes
Van Eck Phreaking?
It was a pipe dream then, and it’s a pipe dream now.
Will a faraday bag help with a phone? Seeing how it blocks connections. You can unplug desktop mics.
There are specific bags for phones, so I assume so.
Sweet! More man-made horrors beyond my comprehension! I sure am glad we’re investing our time into things that will never be stolen or misused!
I’ll believe it when it actually happens. Until then you can’t convince me that an algorithm can tell what letter was typed from hearing the action through a microphone.
This sounds like absolute bullshit to me.
The part that gets me is that the ONLY reason this works is because they first have to use a keylogger to capture the keystrokes of the target, then use that as an input to train the algorithm. If you switch out the target with someone else it no longer works.
This process starts with using a keylogger. The fuck you need “ai” for if you have a keylogger?!? Lol.
Is gonna sound crazy, but I think you can skip the keylogger step!
You could make a “keystroke-sound-language-model” (so like a language model that combines various modalities, e.g, flamingo), then train that with self-supervised learning to match “audio” with “text”, and have a system where:
I think it’s very narrow to think that, just because this research case requires a keylogger, these systems couldn’t evolve other time to combine other techniques
It’s bad now, but where we’re at with AI… It’s like complaining that MS paint in 1992 couldn’t make photorealistic fake images. This will only get better, never worse. Improvements will come quickly.
it doesn’t need a keylogger. Just needs a Videocall meeting, a Discord call meanwhile you type to a public call, a recording of you on youtube streaming and demoing something… etc.
Well to train ai you need to known what the correct answer is.
That’s pretty much what the article says. The model needs to be trained on the target keyboard first, so you won’t just have people hacking you through a random zoom call
Sounds like a fantastic way to target a streamer, but it’s otherwise very limited.
I think you might have misunderstood the article. In one case they used the sound input from a Zoom meeting and as a reference they used the chat messenges from set zoom meetings. No keyloggers required.
I haven’t read the paper yet, but the article doesn’t go into detail about possible flaws. Like, how would the software differentiate between double assigned symbols on the numpad and the main rows? Does it use spell check to predict words that are not 100% conclusive? What about external keyboards? What if the distance to the microphone changes? What about backspace? People make a lot of mistakes while typing. How would the program determine if something was deleted if it doesn’t show up in the text? Etc.
I have no doubt that under lab conditions a recognition rate of 93% is realistic, but I doubt that this is applicable in the real world. Noboby sits in a video conference quietly typing away at their keyboard. A single uttered word can throw of your whole training data. Most importantly, all video or audio call apps or programs have an activation threshold for the microphone enabled by default to save on bandwith. Typing is mostly below that threshold. Any other means of collecting the data will require you to have access to the device to a point where installing a keylogger is easier.
I’m sweating. I use blue switches. Help.
Never knew my mutant blue switch keeb would come in handy one day. I’ve lubed the blue switches and added foam and tapes so now it sounds like a clicky-thocky blue-brown switches keeb.
Mx blue and unicomp here… HELP
When your ADHD fidgeting and a mic attached to your head become a super power. No one can read my keystrokes!
You have to train it on per device + per room basis and you don’t give everything access to your microphones
I’m just going to play a keyboard ASMR video while I type. Problem solved.