this post was submitted on 08 Aug 2023
69 points (91.6% liked)

Technology

34788 readers
344 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
 

Laptops more susceptible to having keyboard recorded in quieter areas, like coffee shops, libraries, offices. Previous attempts at keylogging VoIP calls achieved 91.7 percent top-5 accuracy over Skype in 2017 and 74.3 percent accuracy in VoIP calls in 2018.

top 16 comments
sorted by: hot top controversial new old
[–] autotldr@lemmings.world 12 points 1 year ago

This is the best summary I could come up with:


In their paper A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards (full PDF), UK researchers Joshua Harrison, Ehsan Toreini, and Marhyam Mehrnezhad claim that the trio of ubiquitous machine learning, microphones, and video calls "present a greater threat to keyboards than ever."

Laptops, in particular, are more susceptible to having their keyboard recorded in quieter public areas, like coffee shops, libraries, or offices, the paper notes.

Combining the output of the keystroke interpretations with a "hidden Markov model" (HMM), which guesses at more-likely next-letter outcomes and could correct "hrllo" to "hello," saw one prior side channel study's accuracy jump from 72 to 95 percent—though that was an attack on dot-matrix printers.

The Cornell researchers believe their paper is the first to make use of the recent sea change in neural network technology, including self-attention layers, to propagate an audio side channel attack.

Because of this, the potential for a second machine-bolstered system to correct the false keys, given a large language corpus and the approximate location of a keystroke, seems strong.

The 2013 "Dropmire" scandal that saw the US spying on its European allies was highly likely to have involved some kind of side channel attack, whether through wires, radio frequencies, or sound.


I'm a bot and I'm open source!

[–] flameguy21@lemm.ee 11 points 1 year ago

Mechanical keyboard users in shambles

[–] shutz@lemmy.ca 8 points 1 year ago

Unless you turn on "original sound for musicians" Zoom uses AI to filter the audio for voices mainly. I rarely if ever hear any keystrokes or mouse clicks anymore... Lots of other non voice noises get filtered out.

[–] Fredselfish@lemmy.ml 7 points 1 year ago (2 children)

Basically if on a zoom call they can record my key strokes and steal our passwords?

[–] deweydecibel@lemmy.ml 12 points 1 year ago (2 children)

Only if you leave your mic unmuted.

This is a troubling advancement, they all are, but the methods of countering this specific one are plentiful.

Really, what's needed is a more robust mute function with a good voice recognition system that automatically cuts off the mic when you're not speaking. That, and people need to learn to use push to talk.

[–] SloppySoftwareSyntax@lemmy.ml 9 points 1 year ago (2 children)

Also left out of the headline is the fact that this attack was specifically designed to be leveraged against one specific common laptop, a MacBook. Admittedly, if you are using one it can be a concern, but it’s safe to assume that unless your attacker knows the exact model of computer you are using and dedicates serious resources in to building a targeted attack like this, you’re fine.

The tiniest variation will likely dramatically improve your security.

As a cybersecurity researcher, there are plenty of other attacks that are cheaper and easier to implement that you should be concerned about.

[–] FaceDeer@kbin.social 8 points 1 year ago (1 children)

The tiniest variation will likely dramatically improve your security.

Security via having lots of crumbs and hair and crud built up inside your keyboard. Check.

[–] Rhodin@kbin.social 1 points 1 year ago

So, just leave it with my kids and dog for 10 minutes?

[–] C4d@lemmy.world 2 points 1 year ago

Yes. Why go to all the trouble of doing very technical things when you can instead do moderately technical but very cunning things?

An old episode of the defunct Reply All podcast comes to mind: “what kind of idiot gets phished?”

https://gimletmedia.com/shows/reply-all/rnhoww/

[–] C4d@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

How long before they can recreate enough of your keyboard and screen via webcam using the reflections from your glasses / eyeballs?

[–] neptune@dmv.social 3 points 1 year ago* (last edited 1 year ago)

I mean there's a lot of ifs here. Is your microphone next to your keyboard? Is someone on the calling attempting this with mature software? Do you they know you are typing your password or something else sensitive?

I would imagine passwords are harder to pin down, assuming it's like cryptography. If someone types three sentences that's a lot of coherent data to work with. If someone types 1234BossSucks! then from a cryptography perspective, going to be a low chance to understand.

My I'll informed two cents.

Edit:

Reading more of the bot summary, and yeah, this sounds more like cryptography. If the microphone can hear your key strokes, data like the volume, timbre, overall rhythm, etc, can be collected and mapped to possible text.

[–] django@discuss.tchncs.de 5 points 1 year ago

New security guideline just dropped: frequently rotate your keyboard layout.

[–] philluminati@lemmy.ml 2 points 1 year ago

I’m a Nigerian Prince. Pls zoom with me!

[–] Myro@lemm.ee 1 points 1 year ago

That's super interesting! Spooky, next to your AI-generated voice being used for fraud, but something I had not thought about before.

[–] WhiteRice@lemmy.ml 1 points 1 year ago

Reminds me the researcher working to recreate sound from microvibrations in videos. Spooky stuff. Cool

[–] TCB13@lemmy.world 1 points 1 year ago* (last edited 1 year ago)