Researchers in the UK claim to have translated the sound of laptop keystrokes into their corresponding letters with 95 percent accuracy in some cases.

That 95 percent figure was achieved with nothing but a nearby iPhone. Remote methods are just as dangerous: over Zoom, the accuracy of recorded keystrokes only dropped to 93 percent, while Skype calls were still 91.7 percent accurate.

In other words, this is a side channel attack with considerable accuracy, minimal technical requirements, and a ubiquitous data exfiltration point: Microphones, which are everywhere from our laptops, to our wrists, to the very rooms we work in.

102 points

New policy from the corporate office: If you are working in a public place, like a coffee shop, please scream while typing your login password.

permalink
report
reply
48 points

I screamed my password and now I got hacked. Thanks for nothing!

permalink
report
parent
reply
10 points

use the onscreen keyboard

much more secure

why won’t my bank stop calling me

permalink
report
parent
reply
1 point
1 point

Here is an alternative Piped link(s):

https://piped.video/HsvyjePPFRs?si=So4iKVWAUPXNjGVe

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I’m open-source; check me out at GitHub.

permalink
report
parent
reply
91 points

Quite scary considering the accuracy and how many open mics everyone is surrounded by without even realizing it. Not to mention if any content creator types their password while live streaming or recording they could get their accounts stolen.

permalink
report
reply
47 points

One more reason to switch to a password manager, even though they could still find out the master password…

permalink
report
parent
reply
30 points

Probably still have some safety if you’re using two-factor, or have a master key in addition to a password (e.g. 1Password).

permalink
report
parent
reply
13 points
*

Or use a local password safe like keepass.

permalink
report
parent
reply
7 points

Only if you have to type it in to unlock your vault. Now, bear with me.

Bitwarden (maybe others) lets you set a PIN to unlock your vault. Normally, you would think this is a less secure setup, easier to crack with the method outlined in this article. Except with Bitwarden you have to set up the pin in every browser extension and every app install.

Meaning, unless they have access to your device, the PIN to unlock one instance of Bitwarden could be different from the PIN for another. They also don’t have to be strictly 4-digit PINs, either. I highly recommend password managers, but for my money, Bitwarden has all my love.

Disclaimer: I am on no way affiliated with Bitwarden. But I could be if they paid me!

permalink
report
parent
reply
4 points

but then I have to remember the PIN for each one of my devices. there should be some kind of app for storing those.

permalink
report
parent
reply
4 points

Password manager and the LOUDEST MECHANICAL KEYBOARD POSSIBLE you have NO idea what keys I’m pressing with my blues, bitches

permalink
report
parent
reply
6 points

That’s the whole point though. The louder your keypresses the better.

permalink
report
parent
reply
15 points
*

This has been a known attack vector for years, and I wonder how no livestreamer has been (publicly) attacked in this way.

I guess in large part this can be attributed to 2FA, passwords just aren’t worth much by themselves anymore (well I guess if someone is quick enough they can snipe the OTP as well, but streamers are rarely entering their 2FA while streaming since they’re on a trusted device).

In fact the biggest attack vector I’d worry about is the infamous SMS 2FA, which is actually 1FA for password resets, which is actually 0FA “yes dear phone operator I am indeed Mister Beast please move my phone number to this new SIM”.

permalink
report
parent
reply
91 points

Use a speech to text and they won’t be able to hear your keyboard strokes. I know, I’m a genius.

permalink
report
reply
27 points

Who are you, who are so wise in the ways of science?

permalink
report
parent
reply
16 points

A duck.

permalink
report
parent
reply
5 points

Got any grapes?

permalink
report
parent
reply
-28 points

But instead they would hear the speech and translate that to text. No need to thank me.

permalink
report
parent
reply
61 points

Neat, so when my friends are taking about satisfyingly clackety keyboards I can inform them it’s a security hazard.

permalink
report
reply
38 points

I’ll accept the risk. I need the clicky

permalink
report
parent
reply
12 points

Good luck, I have a non standard key layout

permalink
report
parent
reply
10 points

It’s still vulnerable to dictionary attacks

permalink
report
parent
reply
-4 points

Except it’s not

permalink
report
parent
reply
3 points

Dvorak?

permalink
report
parent
reply
4 points

Middle management will finally get rid of clacky keyboards with this weird trick

permalink
report
parent
reply
4 points

Good luck making an acoustic map of the tens thousands of possible case, switch and key cap combinations.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 18K

    Monthly active users

  • 12K

    Posts

  • 553K

    Comments