nixCraft , avatar

British researchers have trained an artificial intelligence to recognize keystrokes by sound. A smartphone placed near a laptop served as the microphone. How about copy & paste password using a password manager and protecting account with 2FA hardware keys? That would prevent the AI or not ?

  • Reply
  • Loading...
  • barnacl437 , avatar

    fr lmao, I always thought the typing sounds is almost indistinguishable except some specifically designed keys such as Enter, Backspace etc.

    also I wonder about the phone keypad which also produce differently pitched sounds 🐸

    outofcontrol , avatar

    @nixCraft I was going to pop in and say hey “password managers with autofill protect you…” until I read some posts that you still need that master password typed in. Doh! Just need more password managers to auto fill the password manager…😬

    stf , avatar

    @nixCraft copy/pasting is bad, by accident you can copy/paste the password after use into something else. also all those horrible websites that disallow pasting. much better is to generate key press events, can do easily with xdotool, or a soft HID device. tba if there is something more lightweight than the u-hid device though...

    adam , avatar

    @nixCraft So, it sounds like the takeaway lesson is to keep British researchers away from you and your computers?

    C_Duv , avatar

    @nixCraft Do we need physical keyboards that can shuffle their keys when password is to be typed (like bank websites do with their "visual digits keyboard")?

    qaspr , avatar

    @nixCraft To some extent security keys mitigate this, however most still require a PIN to be entered at some point, which will have the same problem.

    schenklklopfer , avatar

    @nixCraft Ctrl+C, Ctrl+V


    Takiro , avatar

    This isn't actually new. It's a known side-channel attack that didn't even need AI in the past.

    twoframesperminute , avatar

    @nixCraft Passkeys are the obvious answer.

    bzdev , avatar

    @nixCraft While the use of an AI system to recognize keystrokes by sound may be novel, this was actually done decades ago: 2004 according to a stackexchange posting:

    and (for the paper):

    You don't need AI software to do this.

    jhavok , avatar

    @nixCraft I have conjectured this would be possible. But is it able to do this for anyone on any keyboard, is it tuned to a particular keyboard, or is it trained on a particular person?

    paradroyd , avatar

    @nixCraft Admittedly, I haven't read the article yet, but it seems like this would likely be on a specific keyboard that it was trained on, and maybe even a specific typist's style, as opposed to it just being able to listen to -any- typing and figuring it out.

    realtime , avatar

    @nixCraft I very much suspect that this has to be trained for each specific keyboard and environment
    using a password manager and 2fa is a good idea regardless

    argv_minus_one , avatar


    Unless I'm mistaken, it needs to be trained on your exact keyboard in order to learn which key makes which sound. An attacker who can spend an hour alone with your keyboard could pull that off, but otherwise…

    electric_gumball , avatar

    Pretty sure that there was a paper out 10 to 15 years ago where researchers were doing the same thing, but using the laptop's microphone. No Ai was involved.
    Can't seem to find it to link to at the moment though.

    yuukayuuka , avatar

    @nixCraft the other thing about this is humans did this before AI streamers an youtubers if they are smart mute everything when typing if its personal an not for teaching.

    wraptile , avatar

    @nixCraft soon we'll adopt Sandwalk from Dune but for keyboards.

    SerhiyMakarenko , avatar

    @nixCraft Still you need to know the password to the password manager and type it to unlock that keychain on your computer.

    miki , avatar

    @nixCraft 2FA keys work if you're rich enough to afford them and if your housing situation is stable enough to have a place for them, probably not true for the majority of people globally. Password managers do help, but the ability to intercept your master password this way is useful on its own, and potentially far more destructive than intercepting a single password to a single website. It's tradeoffs all the way down.

    ChildlessBambino , avatar

    @nixCraft i would confused them by letting a cat on my keyboard

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • kamenrider
  • Lexington
  • cragsand
  • WarhammerFantasy
  • itdept
  • mead
  • RetroGamingNetwork
  • bjj
  • xyz
  • PowerRangers
  • AnarchoCapitalism
  • WatchParties
  • brutaldeathmetal
  • pixo
  • space_engine
  • Rutgers
  • MidnightClan
  • slaythespire
  • loren
  • neondivide
  • learnviet
  • mauerstrassenwetten
  • Teensy
  • steinbach
  • AgeRegression
  • jeremy
  • electropalaeography
  • artificial
  • All magazines