Laptops more susceptible to having keyboard recorded in quieter areas, like coffee shops, libraries, offices. Previous attempts at keylogging VoIP calls achieved 91.7 percent top-5 accuracy over Skype in 2017 and 74.3 percent accuracy in VoIP calls in 2018.

  • Kinglink@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    I thought this type of attack had been known and used for a while. Though in the previous styles I’ve seen it’s usually required at least some understanding of the keyboard layout and preparations (hearing each key pressed previously) I don’t know if they’ve jumped that gap, or made some rather huge assumptions. (The victim has the same keyboard as X or the victim has a known keyboard.)

    Actually would be interesting to see laptops randomize their keys for passwords, though that would be hellish to type a known password on. I mostly do my password from touch memory.

    • Lmaydev@programming.dev
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      The researchers used a 2021 MacBook Pro to test their concept, a laptop that “features a keyboard identical in switch design to their models from the last two years and potentially those in the future,” typing on 36 keys 25 times each to train their model on the waveforms associated with each key

      • Kinglink@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        I think my question is more “Does this only work on MacBook Pro” though now I wonder how much the angle the Mac Book is open will matter to the program, or if an external microphone will affect it (or completely throw it off).

        Not trying to tear this down, but more understand the scope needed for this attack to work, or what could break this approach.

        • Lmaydev@programming.dev
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          They used an iPhone 13 mini, 17 cm away, to record the keyboard’s audio for their first test. For the second test, they recorded the laptop keys over Zoom, using the MacBook’s built-in microphones, with Zoom’s noise suppression set to its lowest level. In both tests, they were able to achieve higher than 93 percent accuracy, with the phone-recorded audio edging closer to 95-96 percent.

          So it can be listened to by a nearby device or over zoom it seems.

      • jpj007@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Now I’m wondering if they trained the AI on the exact same machine that they used in their testing. Seems to me that tiny variances in the keyboards of even the exact same model could have significant effects on this sort of thing. And then there’s different levels of wear from usage, crumbs in the keyboard, etc.

        I’d be amazed if it is actually this accurate across all machines of the same model.

        • Lmaydev@programming.dev
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Yeah it’s more a proof of concept really. The fact it works at different distances shows it doesn’t have to be identical but there’s a lot of factors to take into consideration.

          Creating a much larger training set with all sorts of variations would be the next step.

  • clearedtoland@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    This saves me time by letting Carl directly know he’s an idiot rather than waiting until I mistakenly message him instead of my coworker.

    • Kinglink@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      Part of me agrees, and part of me reverts to my “Stop adding shit I didn’t ask for in my OS” especially if it doesn’t work correctly and people just disable it. Though people will also talk while typing passwords sometimes and so this attack still works.

      Not complaining about this idea, but more the fucking bloat that all software takes on, but Windows seems to really push to the limit.

  • dan1101
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    Those of us with mechanical keyboards are sweating

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    2
    ·
    1 year ago

    This is the best summary I could come up with:


    In their paper A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards (full PDF), UK researchers Joshua Harrison, Ehsan Toreini, and Marhyam Mehrnezhad claim that the trio of ubiquitous machine learning, microphones, and video calls “present a greater threat to keyboards than ever.”

    Laptops, in particular, are more susceptible to having their keyboard recorded in quieter public areas, like coffee shops, libraries, or offices, the paper notes.

    Combining the output of the keystroke interpretations with a “hidden Markov model” (HMM), which guesses at more-likely next-letter outcomes and could correct “hrllo” to “hello,” saw one prior side channel study’s accuracy jump from 72 to 95 percent—though that was an attack on dot-matrix printers.

    The Cornell researchers believe their paper is the first to make use of the recent sea change in neural network technology, including self-attention layers, to propagate an audio side channel attack.

    Because of this, the potential for a second machine-bolstered system to correct the false keys, given a large language corpus and the approximate location of a keystroke, seems strong.

    The 2013 “Dropmire” scandal that saw the US spying on its European allies was highly likely to have involved some kind of side channel attack, whether through wires, radio frequencies, or sound.


    I’m a bot and I’m open source!