This scary AI recognizes passwords by the sound of your typing::British researchers have trained an artificial intelligence to recognize keystrokes by sound. A smartphone placed near a laptop served as the microphone.

  • gedaliyah@lemmy.world
    link
    fedilink
    English
    arrow-up
    46
    arrow-down
    2
    ·
    11 months ago

    This news has been reported for months in increasingly sensationalist headlines. The short version is that you only have to worry if you are a slow typist in a high-espionage setting in which your system is physically secure so no one could use a physical or digital keylogger attack, but also has a sample of your typing and audio recording access to your computing area.

    • YoorWeb@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      Not to mention that this was first done years ago by some agency using sound recordings and good old analysis.

    • Raxiel@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      I remember a cracked.com video several years ago saying the tilt sensors in a smartphone could potentially work as a keylogger by listening to a keyboard on the same desk

  • Daiken@lemmy.world
    link
    fedilink
    English
    arrow-up
    32
    ·
    11 months ago

    “As a defense measure, the researchers recommend that users use the ten-finger system when typing. In this case, the recognition rate of individual keys dropped significantly.”

    Lmao. If you know how to type, then it doesn’t work.

    This system also depends on the AI being trained on a particular keyboard. It’s probably not gonna work if you use a non MacBook computer.

    • Tathas@programming.dev
      link
      fedilink
      English
      arrow-up
      14
      ·
      11 months ago

      Years ago I got the (then) admin account password at work because one of the LAN admins typed with two pointer fingers and I just watched.

      • Alex@feddit.ro
        link
        fedilink
        English
        arrow-up
        5
        ·
        11 months ago

        Same, but at school. My account couldn’t log in for some reason, so the teacher logged me in as admin lmao

        • BorgDrone@lemmy.one
          link
          fedilink
          English
          arrow-up
          7
          ·
          11 months ago

          At my high school the admin password for the Novell server was 12345. Kind of obvious if you see someone type it in.

    • Kialdadial@iusearchlinux.fyi
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      I was wondering how it would be able to tell what keyboard someone is using like I switch between Dvorak and Qwerty all the time ( I can only type properly in Dvorak though ).

  • Appoxo@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    28
    ·
    11 months ago

    Old recycled news.

    Last time: If you know the model and way of typing of the target you have a good likelyhood.

  • TherouxSonfeir@lemm.ee
    link
    fedilink
    English
    arrow-up
    20
    ·
    11 months ago

    Does it recognize backspace, select all delete, a few curse words, slamming the desk and then the phrase “that’s what I fucking typed the first time!”

  • ThatFembyWho@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    13
    ·
    11 months ago

    One solution would be a password mode where the keys randomly rearrange, so you are using different physical keys each time. Kinda like you can do with passcodes on Android. Ofc this implies some way of dynamically displaying the keys, but that would be cool in itself.

    Or what about playing sounds that block out the clicking.

    • dukk@programming.dev
      link
      fedilink
      English
      arrow-up
      11
      ·
      11 months ago

      Rearranging the keys? My password’s pretty much muscle memory, typed fast enough in not really worried about people watching me enter it. Call me lazy, but having to pick and hit every key? No thanks.

      • Petter1@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        Especially, this would be less secure since you have to search the keys every time and give the attacker time to read which key you typed. Best Password is no Password (private key).

  • Copernican@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    11 months ago

    So when my co workers complain about my custom mechanical keyboard being too loud, I should tell them I’m doing it to improve our cyber security.

  • aname@lemmy.one
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    3
    ·
    11 months ago

    That’s why I have 7 different brands of switches all different types on my keyboard.

  • Adalast@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    11 months ago

    I once recognized the sounds of a girlfriend deleting texts by where her nail was hitting her phone screen in a specific pattern. That is more sad than impressive, I understand. Just saying that this makes sense and is not beyond human capability on its own.

    • stoy@lemmy.zip
      link
      fedilink
      English
      arrow-up
      8
      ·
      11 months ago

      Because all keys on a keyboard sound slightly different, computers can detect those differences, and compare it with a baseline from either the same keyboard or a model just like it.

    • Rentlar@lemmy.ca
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      11 months ago

      Try this: on any keyboard (a membrane keyboard especially if you have one) try quickly tapping one key 3 times and then another key 3 times. Move around the keyboard or alternate between two letters.

      Can you hear that they make different sounds, but typing the same letter has roughly the same sound? The" plok" has a higher or lower pitch (frequency is the scientific word for it), and a trained AI can match that pitch to a letter if it has or can get an idea of what corresponds to what.

  • LainOfTheWired@lemy.lol
    link
    fedilink
    English
    arrow-up
    3
    ·
    11 months ago

    Wouldn’t it only be trained on a specific keyboard though, as anyone in the Mechanical keyboard community knows every keyboard sounds different. And that doesn’t even account for age, condition(dust, how many crisps have you eaten over your keyboard, etc).

    So I highly doubt this could be effective beyond possibility being trained to work with a certain type of laptop. 16 inch MacBook Pros for example.

    • LainOfTheWired@lemy.lol
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      You can just solve the problem altogether by using a password manager with a 2fa dongle like a nitro or yubi key

    • iAvicenna@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      I suspect it also uses timing between each key stroke to basically triangulate all possible combinations (this method would at least have to know the exact starting key to construct the password from this distance info, that is why I said all possible combinations)