Researchers in the UK claim to have translated the sound of laptop keystrokes into their corresponding letters with 95 percent accuracy in some cases.
That 95 percent figure was achieved with nothing but a nearby iPhone. Remote methods are just as dangerous: over Zoom, the accuracy of recorded keystrokes only dropped to 93 percent, while Skype calls were still 91.7 percent accurate.
In other words, this is a side channel attack with considerable accuracy, minimal technical requirements, and a ubiquitous data exfiltration point: Microphones, which are everywhere from our laptops, to our wrists, to the very rooms we work in.
Isn’t boffin a derogatory term like “nerd”?
What a dogshit headline.
It can be. Being a boffin, I’m not offended. Up to the individual if they choose to be offended.
Still shitty journalism to refer to researchers publishing their research in that way.
Meh, I wear such labels as badges of honor. I sacrificed a bit along the way to develop knowledge, skills, competence - I’ve earned it. Thanks for acknowledging it.
I also see such things in a humorous light. I mean us “boffins” can be such boffins at times. We can over-focus, get caught up on perfectionism, etc, etc. If’n ya can’t laugh at your own foibles, well, I don’t know what to say.
Maybe a US/UK divide? At least in the UK boffin is relatively inoffensive depending on how it’s used. Eg if I build a fusion reactor in my garden my neighbour might say “wow, look at what this boffin did!” and it would be a complement where boffin is a stand in for a word like genius, only with a tounge in cheek touch of jealousy.
Thinking about it I would say that ‘nerd’ is typically putting someone down for their intelligence or interests, whereas boffin is a light insult while identifying the ‘boffin’ as being smarter than yourself.
Can we normalise good but quiet keyboards. Like, I like the tactile feel of using a mechanical, but I hate the sound. Quieter mechanical keyboards aren’t a thing but they should be. Now as a security measure if nothing else.
Also Dvorak keyboards I guess
I went out of my way to find a keyboard with Cherry MX Clear switches. They’re basically a high-force tactile feel, but no clicky sound like MX Blue switches. I absolutely love them for typing, and I’ve been using them for years.
I’m not sure if there’s newer options now for silent switches? I know they had a couple models with extra internal damping.
I used boba u4 silents on my custom keyboard. Absolutely love them. Wish they made a consumer-grade keyboard with them (or maybe they already do?) But I’ve been working on a MacBook recently and tbh the keyboard there is pretty good now. So next step for me is to build a low profile keyboard
There are definitely quiet tactile switches. The reason why they can still make sound is because they’re bottoming out which you don’t have to do.
There are tons of quiet mechanical keyboards. I’m using a low profile optical switch that’s quieter than my mouse clicks
This is old news. This article was published on 7 Aug 2023.
This method is far older than that, and it keeps popping up every so often as a “new” attack. First time I read about this method was in the early 2000’s, and I’m pretty sure it been done before that as well.
Some laptops like the Framework laptop have fingerprint sensors
Physical Security keys like NitroKeys or YubiKeys are another option
You can use fingerprint or U2F to unlock your password manager and copy the password. That way you don’t have to type it in.
Another advantage to the split keyboard
This attack is useless in the real world.
That said, what gives you the idea a split keyboard (if they had a sample of you typing on it etc) would be any different than a normal one?
It is just another keyboard with a different sound profile.
You can remap and customise keys to be whatever you want. There’s even auto shift, so if I hold certain key just a bit longer than a regular tap, it will automatically capitalise or whatever the shift + key combo would result in. There are also multiple layers you can easily activate with a press of a button, so the layout is something totally different.
Example: https://configure.zsa.io/moonlander/layouts/default/latest/0/
