this post was submitted on 06 Aug 2023

17 points (71.8% liked)

Cybersecurity

5683 readers

7 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

New acoustic attack steals data from keystrokes with 95% accuracy (www.bleepingcomputer.com)

submitted 1 year ago by Lanky_Pomegranate530@lemmy.world to c/cybersecurity@sh.itjust.works

18 comments fedilink hide all child comments

top 18 comments

sorted by: hot top controversial new old

[–] Vendetta9076@sh.itjust.works 8 points 1 year ago

This isnt a new attack. Its been around for years. The newest scary development of this was that a website with a decent frontend was made for it but that was months ago. Use a password manager.

[–] Grass@geddit.social 8 points 1 year ago

Time to make a keyboard that self switches between qwerty, colemak, etc and has some sort of indicator of it's layout, and spits out random recordings of its own key presses, and you just have to be insane to type on it correctly.

[–] MrMamiya@feddit.de 8 points 1 year ago

To whom it may concern,

Whoops we ruined everything.

Best regards, Humanity

[–] Alto@kbin.social 5 points 1 year ago (1 children)

Streamers especially are going to have to be incredibly careful going forward

[–] Silentrizz@sh.itjust.works 2 points 1 year ago

Not as much as you might think. A lot of audio communication softwares these days have some sort of background noise filter, not saying thay are perfect but they have been increasingly in effectiveness and adoption. My graphics card (nvidia) even supports it and works well. That plus my quiet switches, I'm not too worried about myself, or tech savvy streamers.

The biggest target is probably the elderly and less tech savvy, who are also more likely to fall for scams, and probably have less password entropy (which would make this software more accurate).

[–] teft@startrek.website 5 points 1 year ago

I felt a great disturbance in the Force, as if millions of mechanical keyboards suddenly cried out in terror and were suddenly silenced. I fear something terrible has happened.

[–] MomoTimeToDie@sh.itjust.works 5 points 1 year ago (2 children)

How does that even work? Like, all the keys are generally manufactured to the same standards such that any physical difference in keys causing different sounds is a combination of user damage and random factory errors, no?

[–] Corkyskog@sh.itjust.works 2 points 1 year ago

Distance from microphone?

[–] Rin@lemm.ee 1 points 1 year ago (1 children)

Probably, but it's definitely there. I managed to tell that one of my friend's pin had the same key twice in it because i heard the same kind of sound twice.

[–] MomoTimeToDie@sh.itjust.works 3 points 1 year ago

I mean sure, but "same key twice" isn't exactly a specific character to type. I mean I hit caps lock twice typing my password for this site.

[–] Newtra@lemmy.ml 3 points 1 year ago

I can't wait for passwords to be replaced with a cryptographic solution. Even with a password manager, login forms are an unnecessary waste of time.

[–] Dogeek@sh.itjust.works 3 points 1 year ago (1 children)

What if the keyboard is not made of homogenous switches? Some reds, silvers, blues and browns thrown randomly around the keyboard ought to defeat the model, right?

[–] winterayars@sh.itjust.works 6 points 1 year ago (1 children)

As long as they can't train the model on your specific keyboard yeah. If they can it would probably be even easier for it since the keys would be more distinct.

[–] Dogeek@sh.itjust.works 2 points 1 year ago

Yeah that would make my keyboard signature even more unique. Though you could always hotswap some keys around every few weeks

[–] _haha_oh_wow_@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago) (1 children)

What makes this new or different from previous methods? Just because "AI"?

[–] MomoTimeToDie@sh.itjust.works 4 points 1 year ago (1 children)

Were you previously able to identify what someone typed with 96% precision based entirely on the sound of their keyboard? Because I would wager most people cannot

[–] _haha_oh_wow_@sh.itjust.works 3 points 1 year ago* (last edited 1 year ago) (1 children)

My point is, this is not a new thing: They have previously been able to effectively keylog based on sound. What makes this different?

https://miloserdov.org/?p=3209

https://news.ycombinator.com/item?id=18568795

https://gizmodo.com/website-can-track-mechanical-keyboard-typing-just-by-li-1848890545

[–] MomoTimeToDie@sh.itjust.works 0 points 1 year ago

This one is different from other similar attacks because it works against extremely quiet keyboards