nixCraft ,
@nixCraft@mastodon.social avatar

British researchers have trained an artificial intelligence to recognize keystrokes by sound. A smartphone placed near a laptop served as the microphone. How about copy & paste password using a password manager and protecting account with 2FA hardware keys? That would prevent the AI or not ?

ALT
  • Reply
  • Loading...
  • barnacl437 ,
    @barnacl437@mas.to avatar

    @nixCraft
    fr lmao, I always thought the typing sounds is almost indistinguishable except some specifically designed keys such as Enter, Backspace etc.

    also I wonder about the phone keypad which also produce differently pitched sounds 🐸

    outofcontrol ,
    @outofcontrol@phpc.social avatar

    @nixCraft I was going to pop in and say hey “password managers with autofill protect you…” until I read some posts that you still need that master password typed in. Doh! Just need more password managers to auto fill the password manager…😬

    stf ,
    @stf@chaos.social avatar

    @nixCraft copy/pasting is bad, by accident you can copy/paste the password after use into something else. also all those horrible websites that disallow pasting. much better is to generate key press events, can do easily with xdotool, or a soft HID device. tba if there is something more lightweight than the u-hid device though...

    adam ,
    @adam@mstdn.ca avatar

    @nixCraft So, it sounds like the takeaway lesson is to keep British researchers away from you and your computers?

    C_Duv ,
    @C_Duv@piaille.fr avatar

    @nixCraft Do we need physical keyboards that can shuffle their keys when password is to be typed (like bank websites do with their "visual digits keyboard")?

    qaspr ,
    @qaspr@mastodon.social avatar

    @nixCraft To some extent security keys mitigate this, however most still require a PIN to be entered at some point, which will have the same problem.

    schenklklopfer ,
    @schenklklopfer@chaos.social avatar

    @nixCraft Ctrl+C, Ctrl+V

    rules

    Takiro ,
    @Takiro@meow.social avatar

    @nixCraft
    This isn't actually new. It's a known side-channel attack that didn't even need AI in the past.

    twoframesperminute ,
    @twoframesperminute@mastodon.social avatar

    @nixCraft Passkeys are the obvious answer.

    bzdev ,
    @bzdev@fosstodon.org avatar

    @nixCraft While the use of an AI system to recognize keystrokes by sound may be novel, this was actually done decades ago: 2004 according to a stackexchange posting: https://security.stackexchange.com/questions/23322/keyboard-sniffing-through-audio-recorded-typing-patterns

    and (for the paper):

    https://www.davidsalomon.name/CompSec/auxiliary/KybdEmanation.pdf

    You don't need AI software to do this.

    jhavok ,
    @jhavok@mastodon.social avatar

    @nixCraft I have conjectured this would be possible. But is it able to do this for anyone on any keyboard, is it tuned to a particular keyboard, or is it trained on a particular person?

    paradroyd ,
    @paradroyd@mastodon.sdf.org avatar

    @nixCraft Admittedly, I haven't read the article yet, but it seems like this would likely be on a specific keyboard that it was trained on, and maybe even a specific typist's style, as opposed to it just being able to listen to -any- typing and figuring it out.

    realtime ,
    @realtime@fosstodon.org avatar

    @nixCraft I very much suspect that this has to be trained for each specific keyboard and environment
    using a password manager and 2fa is a good idea regardless

    argv_minus_one ,
    @argv_minus_one@mstdn.party avatar

    @nixCraft

    Unless I'm mistaken, it needs to be trained on your exact keyboard in order to learn which key makes which sound. An attacker who can spend an hour alone with your keyboard could pull that off, but otherwise…

    electric_gumball ,
    @electric_gumball@mastodon.social avatar

    @nixCraft
    Pretty sure that there was a paper out 10 to 15 years ago where researchers were doing the same thing, but using the laptop's microphone. No Ai was involved.
    Can't seem to find it to link to at the moment though.

    yuukayuuka ,
    @yuukayuuka@mastodon.cloud avatar

    @nixCraft the other thing about this is humans did this before AI streamers an youtubers if they are smart mute everything when typing if its personal an not for teaching.

    wraptile ,
    @wraptile@fosstodon.org avatar

    @nixCraft soon we'll adopt Sandwalk from Dune but for keyboards.

    SerhiyMakarenko ,
    @SerhiyMakarenko@mastodon.social avatar

    @nixCraft Still you need to know the password to the password manager and type it to unlock that keychain on your computer.

    miki ,
    @miki@dragonscave.space avatar

    @nixCraft 2FA keys work if you're rich enough to afford them and if your housing situation is stable enough to have a place for them, probably not true for the majority of people globally. Password managers do help, but the ability to intercept your master password this way is useful on its own, and potentially far more destructive than intercepting a single password to a single website. It's tradeoffs all the way down.

    ChildlessBambino ,
    @ChildlessBambino@mastodon.green avatar

    @nixCraft i would confused them by letting a cat on my keyboard

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • kamenrider
  • Lexington
  • cragsand
  • WarhammerFantasy
  • itdept
  • mead
  • RetroGamingNetwork
  • bjj
  • xyz
  • PowerRangers
  • AnarchoCapitalism
  • WatchParties
  • brutaldeathmetal
  • pixo
  • space_engine
  • Rutgers
  • MidnightClan
  • slaythespire
  • loren
  • neondivide
  • learnviet
  • mauerstrassenwetten
  • Teensy
  • steinbach
  • AgeRegression
  • jeremy
  • electropalaeography
  • artificial
  • All magazines