This is very cool. Very mildly worrying, but very cool. I would swear that every year for the last decade or so, I have seen articles about reading keyboard vibrations as a keylogger as a proof of...
This is very cool. Very mildly worrying, but very cool.
I would swear that every year for the last decade or so, I have seen articles about reading keyboard vibrations as a keylogger as a proof of concept. Over the years I think I have seen stuff like attaching a device under the table, or to the floor below, or to the device itself (which seems a bit silly since access to the keyboard means you could just put a hardware interceptor).
This would take a very, very targeted attack against your specific keyboard and maybe your specific typing style so I don't have any real concern with it.
I wouldn't be so sure about that. Record audio for long enough, assign each unique keystroke sound a random letter, and then it becomes a relatively simple 1 to 1 cypher that you could be solved...
This would take a very, very targeted attack against your specific keyboard and maybe your specific typing style so I don't have any real concern with it.
I wouldn't be so sure about that. Record audio for long enough, assign each unique keystroke sound a random letter, and then it becomes a relatively simple 1 to 1 cypher that you could be solved fairly easily.
Yeah, the uniqueness of the keyboard doesn't really matter. The nature of language means if you have a large enough sample + a way to discern each keystroke audibly, you could crack it.
Yeah, the uniqueness of the keyboard doesn't really matter. The nature of language means if you have a large enough sample + a way to discern each keystroke audibly, you could crack it.
I remember hearing about this forever ago. Surprised the accuracy is as low as 95%. Another interesting attack is via electromagnetic emissions. There's Tempest For Eliza which allows you to play...
I remember hearing about this forever ago. Surprised the accuracy is as low as 95%.
Another interesting attack is via electromagnetic emissions. There's Tempest For Eliza which allows you to play mp3s by simply displaying patterns on your screen. You can pick up the radio waves with an AM radio. I've tested this with modern LCDs and it works. Of course this means you can also read what's on monitors through walls and probably capture key strokes too. I assume the limit is your budget for RF equipment, spy balloons, etc.
The old article you linked to is far more interesting and dangerous than the OP article. Using these language models is certainly much more robust than this comparative model. But it has the...
The old article you linked to is far more interesting and dangerous than the OP article.
Using these language models is certainly much more robust than this comparative model. But it has the downside that you'd have to create a whole different model for other languages, where the same set of assumptions might not work so well.
What about twitch streamers? They're mic'd up for hours on end, and constantly providing samples by typing chat messages. Seems like they would be the perfect target for attacks like this.
What about twitch streamers? They're mic'd up for hours on end, and constantly providing samples by typing chat messages. Seems like they would be the perfect target for attacks like this.
Do streamers typically type loud enough to hear it though? I know some mechanical keyboards are loud but I can't really remember hearing much more than an occasional click on stream even from...
Do streamers typically type loud enough to hear it though? I know some mechanical keyboards are loud but I can't really remember hearing much more than an occasional click on stream even from particularly chunky ones.
That’s more on what kind of mic they use. If it’s a dynamic mic it’s unlikely to come through, but with a condenser they’d have to have some careful audio filtering and gating for it not to come...
That’s more on what kind of mic they use. If it’s a dynamic mic it’s unlikely to come through, but with a condenser they’d have to have some careful audio filtering and gating for it not to come through.
Interesting. You'd have to find times you can see what the streamer is typing. I'm sure you could do it though. If I were a streamer I'd make extra sure everything I have is 2 factor authentication.
Interesting. You'd have to find times you can see what the streamer is typing.
I'm sure you could do it though. If I were a streamer I'd make extra sure everything I have is 2 factor authentication.
Honestly, I'm pretty unimpressed with the article here. So all of this research, according to the article, is conducted on a MacBook Pro keyboard, which, yes, is reasonably ubiquitous in the tech...
Honestly, I'm pretty unimpressed with the article here. So all of this research, according to the article, is conducted on a MacBook Pro keyboard, which, yes, is reasonably ubiquitous in the tech space and of course has a distinct, if muted, sound profile. It makes sense that an image recognition program could use waveforms to connect the typing sounds to specific keys. But then the author of this article generalizes the MacBook findings to all keyboards in a way that's not at all justified by the data:
Remember, the attack model proved highly effective even against a very silent keyboard, so adding sound dampeners on mechanical keyboards or switching to membrane-based keyboards is unlikely to help.
This is a completely unjustifiable journalistic leap. First of all, the keyboard on MacBooks is muted, yes, but far from silent compared to some custom model with, like, Boba U4 silents and a lot of foam. But that's completely a moot point. We have no evidence that the attack described here will have any bearing on custom keyboards, mechanical keyboard, or any pre-built keyboards that aren't the MacBook keyboard. Different keyboards have vastly different sound profiles, and my assumption is that to log keystrokes with any degree of accuracy, the program would have to know what keyboard you're using and have extensive examples of its sound profile (impossible with custom keyboards, and hell, probably most laptop keyboards owing to the fact that none have the relative ubiquity of the MacBook).
Is the attack in the article a concern for MacBook users? Probably. But the author generalizes this finding in an irresponsible way to all keyboards.
I think you're getting the wrong takeaway from the article. Sure, feeding training data from a MacBook only applies to a MacBook, but as long as your keyboard doesn't change then the attack as a...
Is the attack in the article a concern for MacBook users? Probably. But the author generalizes this finding in an irresponsible way to all keyboards.
I think you're getting the wrong takeaway from the article. Sure, feeding training data from a MacBook only applies to a MacBook, but as long as your keyboard doesn't change then the attack as a concept applies to the general case. If the attacker can replicate your keyboard then they can train the system on your keyboard.
I don't think that the article is a concern for MacBook users (in that they should go get a different keyboard out of fear). The general concern is justified for any mass-produced keyboard, and a hyper-specific attack could be done on a custom keyboard but I would imagine that there are better ways to spend your time for a hyper-specific attack.
The quote does seem ot indicate that the author believes that this attack vector would also be applicable to custom keyboard though, specifically this bit (emphasis mine): There does not seem to...
The quote does seem ot indicate that the author believes that this attack vector would also be applicable to custom keyboard though, specifically this bit (emphasis mine):
adding sound dampeners on mechanical keyboards or switching to membrane-based keyboards is unlikely to help.
There does not seem to be any evidence that modifying one's keyboard wouldn't prevent this attack vector from working; the author is merely assuming that because it works on a relatively silent keyboard, it will necessarily work on a different keyboard that has been modified to be quieter. This seems like a leap in logic at best to me.
I'm also curious how well it can handle modifier keys. I suppose it can be aware if a specific key is hit, then held, while another key is pressed (as when saving), but smaller keyboards use these...
I'm also curious how well it can handle modifier keys. I suppose it can be aware if a specific key is hit, then held, while another key is pressed (as when saving), but smaller keyboards use these "chords" much much more, and i'm curious to what level it could easily distinguish which layer you're on.
while multiple methods succeeded in recognising a press of the
shift key, no paper in the surveyed literature succeeded in recognising the ‘release
peak’ of the shift key amidst the sounds of other keys, doubling the search
space of potential characters following a press of the shift key.
Ah thanks. So yeah this is going to choke and die on any sort of smaller/layer heavy keyboard. Not like people are suddenly going to be diving into split ergo 40's or whatever for security...
Ah thanks. So yeah this is going to choke and die on any sort of smaller/layer heavy keyboard. Not like people are suddenly going to be diving into split ergo 40's or whatever for security reasons, but it certainly seems very possible to confuse the system. Just having your numpad on a layer (something I think even average users should consider) would do a ton to frustrate these features, as now every number and symbol is screwing up search space.
The article is not mentioning that these attacks are very old, going back to the days of type-writers, and that this new stuff is building on all that work.
The article is not mentioning that these attacks are very old, going back to the days of type-writers, and that this new stuff is building on all that work.
I've been thinking that this reminds me of a class i took on cyphers, Enigma & WWII. The only new stuff is using AI to discern the input, the rest is old, oldschool codebreaking.
I've been thinking that this reminds me of a class i took on cyphers, Enigma & WWII. The only new stuff is using AI to discern the input, the rest is old, oldschool codebreaking.
Well, today it works on MacBooks. They don't need it to work on every computer, just any computer mass purchased by targeted organizations. Say you want to hack the army, go buy a Dell Latitude...
It makes sense that an image recognition program could use waveforms to connect the typing sounds to specific keys.
Well, today it works on MacBooks. They don't need it to work on every computer, just any computer mass purchased by targeted organizations. Say you want to hack the army, go buy a Dell Latitude and run your mapper on that. Or if your local corporation throws out a bunch of HP boxes, well there's our vector.
No, it's not a one size fits all hack but it's a start to something.
Maybe the answer could be randomized tuning plates installed at the factory, or randomized screw tensions (last macbook I pulled apart had 50+ screws holding the keyboard on)... but maybe that...
Maybe the answer could be randomized tuning plates installed at the factory, or randomized screw tensions (last macbook I pulled apart had 50+ screws holding the keyboard on)... but maybe that would have no impact.
Or greatly limit the scope of an attack by not reusing passwords, using a password manager (no typing), using long passwords (better chance misread), and use some sort of 2FA. Like... all the stuff you should be doing anyways.
Well I think a bug thing with this is that you can get the information typed in even without getting the password etc Like, every organization that actually cares about security will never use...
Well I think a bug thing with this is that you can get the information typed in even without getting the password etc
Like, every organization that actually cares about security will never use only a password for identification anyway. Usually it'll be password+card or password+fingerprint (also known as, some you know and something you have)
Does this fall apart with different layouts or different languages? I use an alternate keyboard layout (colemak if anyone caress). I wonder if this would just pick up gibberish or if it would be...
Does this fall apart with different layouts or different languages? I use an alternate keyboard layout (colemak if anyone caress). I wonder if this would just pick up gibberish or if it would be able to quickly adjust
I think that if you knew the different languages it'd be very easy to adjust As a doul language user, there are very simple tools that swap the text from one language to the other in case you...
I think that if you knew the different languages it'd be very easy to adjust
As a doul language user, there are very simple tools that swap the text from one language to the other in case you forget to switch your keyboard
The stupid solution to this is to make your keyboard even louder in a more uniform way. One of my keyboards has a pretty beefy solenoid in it that drowns out the sound of the actual keystroke, and...
The stupid solution to this is to make your keyboard even louder in a more uniform way. One of my keyboards has a pretty beefy solenoid in it that drowns out the sound of the actual keystroke, and the solenoid is of course an unchanging sound.
There's really a simple solution to this that makes this attack irrelevant. Two-factor authentication is on nearly every secure account these days and is only becoming more common. Your password...
There's really a simple solution to this that makes this attack irrelevant. Two-factor authentication is on nearly every secure account these days and is only becoming more common. Your password could be 12345 and if you have 2fa no "hacker" is getting into your account.
Of course I know about the times 2fa has been breached with social engineering to get sim cards or via phishing but those are really uncommon and require the attacker to have a much deeper knowledge of someone than just recording their keyboard. Not to mention they're pretty easily fixable with training and the slow transition to biological 2fa. (Yes I know bio-2fa carries its own issues with it, but you could say that about any form of security)
Those are really only relatively uncommon, and only because a lot of attacks go out against arbitrary targets. But this attack is single-target anyway. They already have deeper knowledge about...
Of course I know about the times 2fa has been breached with social engineering to get sim cards or via phishing but those are really uncommon
Those are really only relatively uncommon, and only because a lot of attacks go out against arbitrary targets.
But this attack is single-target anyway. They already have deeper knowledge about their target the moment they chose to go for such a long audio sample. And in cases like that, classical 2FA (text message or email) has been shown to be not very effective.
Long term, cryptographic keys are really the only way forward.
This is very cool. Very mildly worrying, but very cool.
I would swear that every year for the last decade or so, I have seen articles about reading keyboard vibrations as a keylogger as a proof of concept. Over the years I think I have seen stuff like attaching a device under the table, or to the floor below, or to the device itself (which seems a bit silly since access to the keyboard means you could just put a hardware interceptor).
This would take a very, very targeted attack against your specific keyboard and maybe your specific typing style so I don't have any real concern with it.
I wouldn't be so sure about that. Record audio for long enough, assign each unique keystroke sound a random letter, and then it becomes a relatively simple 1 to 1 cypher that you could be solved fairly easily.
Yeah, the uniqueness of the keyboard doesn't really matter. The nature of language means if you have a large enough sample + a way to discern each keystroke audibly, you could crack it.
I remember hearing about this forever ago. Surprised the accuracy is as low as 95%.
Another interesting attack is via electromagnetic emissions. There's Tempest For Eliza which allows you to play mp3s by simply displaying patterns on your screen. You can pick up the radio waves with an AM radio. I've tested this with modern LCDs and it works. Of course this means you can also read what's on monitors through walls and probably capture key strokes too. I assume the limit is your budget for RF equipment, spy balloons, etc.
The old article you linked to is far more interesting and dangerous than the OP article.
Using these language models is certainly much more robust than this comparative model. But it has the downside that you'd have to create a whole different model for other languages, where the same set of assumptions might not work so well.
Yeah exactly
This is more something for intelligence agencies to worry about rather than the average person
What about twitch streamers? They're mic'd up for hours on end, and constantly providing samples by typing chat messages. Seems like they would be the perfect target for attacks like this.
Do streamers typically type loud enough to hear it though? I know some mechanical keyboards are loud but I can't really remember hearing much more than an occasional click on stream even from particularly chunky ones.
That’s more on what kind of mic they use. If it’s a dynamic mic it’s unlikely to come through, but with a condenser they’d have to have some careful audio filtering and gating for it not to come through.
Interesting. You'd have to find times you can see what the streamer is typing.
I'm sure you could do it though. If I were a streamer I'd make extra sure everything I have is 2 factor authentication.
Honestly, I'm pretty unimpressed with the article here. So all of this research, according to the article, is conducted on a MacBook Pro keyboard, which, yes, is reasonably ubiquitous in the tech space and of course has a distinct, if muted, sound profile. It makes sense that an image recognition program could use waveforms to connect the typing sounds to specific keys. But then the author of this article generalizes the MacBook findings to all keyboards in a way that's not at all justified by the data:
This is a completely unjustifiable journalistic leap. First of all, the keyboard on MacBooks is muted, yes, but far from silent compared to some custom model with, like, Boba U4 silents and a lot of foam. But that's completely a moot point. We have no evidence that the attack described here will have any bearing on custom keyboards, mechanical keyboard, or any pre-built keyboards that aren't the MacBook keyboard. Different keyboards have vastly different sound profiles, and my assumption is that to log keystrokes with any degree of accuracy, the program would have to know what keyboard you're using and have extensive examples of its sound profile (impossible with custom keyboards, and hell, probably most laptop keyboards owing to the fact that none have the relative ubiquity of the MacBook).
Is the attack in the article a concern for MacBook users? Probably. But the author generalizes this finding in an irresponsible way to all keyboards.
I think you're getting the wrong takeaway from the article. Sure, feeding training data from a MacBook only applies to a MacBook, but as long as your keyboard doesn't change then the attack as a concept applies to the general case. If the attacker can replicate your keyboard then they can train the system on your keyboard.
I don't think that the article is a concern for MacBook users (in that they should go get a different keyboard out of fear). The general concern is justified for any mass-produced keyboard, and a hyper-specific attack could be done on a custom keyboard but I would imagine that there are better ways to spend your time for a hyper-specific attack.
The quote does seem ot indicate that the author believes that this attack vector would also be applicable to custom keyboard though, specifically this bit (emphasis mine):
There does not seem to be any evidence that modifying one's keyboard wouldn't prevent this attack vector from working; the author is merely assuming that because it works on a relatively silent keyboard, it will necessarily work on a different keyboard that has been modified to be quieter. This seems like a leap in logic at best to me.
I'm also curious how well it can handle modifier keys. I suppose it can be aware if a specific key is hit, then held, while another key is pressed (as when saving), but smaller keyboards use these "chords" much much more, and i'm curious to what level it could easily distinguish which layer you're on.
here's the paper: https://arxiv.org/pdf/2308.01074.pdf
Ah thanks. So yeah this is going to choke and die on any sort of smaller/layer heavy keyboard. Not like people are suddenly going to be diving into split ergo 40's or whatever for security reasons, but it certainly seems very possible to confuse the system. Just having your numpad on a layer (something I think even average users should consider) would do a ton to frustrate these features, as now every number and symbol is screwing up search space.
The article is not mentioning that these attacks are very old, going back to the days of type-writers, and that this new stuff is building on all that work.
I've been thinking that this reminds me of a class i took on cyphers, Enigma & WWII. The only new stuff is using AI to discern the input, the rest is old, oldschool codebreaking.
Well, today it works on MacBooks. They don't need it to work on every computer, just any computer mass purchased by targeted organizations. Say you want to hack the army, go buy a Dell Latitude and run your mapper on that. Or if your local corporation throws out a bunch of HP boxes, well there's our vector.
No, it's not a one size fits all hack but it's a start to something.
Maybe the answer could be randomized tuning plates installed at the factory, or randomized screw tensions (last macbook I pulled apart had 50+ screws holding the keyboard on)... but maybe that would have no impact.
Or greatly limit the scope of an attack by not reusing passwords, using a password manager (no typing), using long passwords (better chance misread), and use some sort of 2FA. Like... all the stuff you should be doing anyways.
This is not new, its just getting better slowly.
Well I think a bug thing with this is that you can get the information typed in even without getting the password etc
Like, every organization that actually cares about security will never use only a password for identification anyway. Usually it'll be password+card or password+fingerprint (also known as, some you know and something you have)
Does this fall apart with different layouts or different languages? I use an alternate keyboard layout (colemak if anyone caress). I wonder if this would just pick up gibberish or if it would be able to quickly adjust
I think that if you knew the different languages it'd be very easy to adjust
As a doul language user, there are very simple tools that swap the text from one language to the other in case you forget to switch your keyboard
If your typing is picked up by a Zoom call, then you had it coming. /s
The stupid solution to this is to make your keyboard even louder in a more uniform way. One of my keyboards has a pretty beefy solenoid in it that drowns out the sound of the actual keystroke, and the solenoid is of course an unchanging sound.
As someone with a mechanical keyboard, I feel attacked. haha!
There's really a simple solution to this that makes this attack irrelevant. Two-factor authentication is on nearly every secure account these days and is only becoming more common. Your password could be 12345 and if you have 2fa no "hacker" is getting into your account.
Of course I know about the times 2fa has been breached with social engineering to get sim cards or via phishing but those are really uncommon and require the attacker to have a much deeper knowledge of someone than just recording their keyboard. Not to mention they're pretty easily fixable with training and the slow transition to biological 2fa. (Yes I know bio-2fa carries its own issues with it, but you could say that about any form of security)
Those are really only relatively uncommon, and only because a lot of attacks go out against arbitrary targets.
But this attack is single-target anyway. They already have deeper knowledge about their target the moment they chose to go for such a long audio sample. And in cases like that, classical 2FA (text message or email) has been shown to be not very effective.
Long term, cryptographic keys are really the only way forward.