Researchers in the UK claim to have translated the sound of laptop keystrokes into their corresponding letters with 95 percent accuracy in some cases.
That 95 percent figure was achieved with nothing but a nearby iPhone. Remote methods are just as dangerous: over Zoom, the accuracy of recorded keystrokes only dropped to 93 percent, while Skype calls were still 91.7 percent accurate.
In other words, this is a side channel attack with considerable accuracy, minimal technical requirements, and a ubiquitous data exfiltration point: Microphones, which are everywhere from our laptops, to our wrists, to the very rooms we work in.
Not to be a jerk, but is this actually new? I’ve heard of this being done at least ten years ago…
On another note, one way to beat this (to a degree) would be to use an alternate keyboard like Dvorak (though you could probably code it to be able to detect that based on what’s being typed)
Coding for alternate key mappings is almost as trivial as detecting other languages.
Yeah, that’s what I figured
It’s more trivial because it’s a 1:1 relationship. A is a, s is o, d is e, and so on. Detecting other languages is harder because there’s more of them and there isn’t a 1:1 conversation to English.
There has been previous work on this, yes. It required a dictionary of suggested words. That would make it useful for snooping most typing, but not for randomly generated passwords. This new technique doesn’t seem to have that limitation.
Okay, gotcha. I didn’t look that deeply into it previously so I never realized how limited that was
So about those people that run around saying passphrases are better… 😅