I felt a great disturbance in the Force, as if millions of mechanical keyboards suddenly cried out in terror and were suddenly silenced. I fear something terrible has happened.
How does that even work? Like, all the keys are generally manufactured to the same standards such that any physical difference in keys causing different sounds is a combination of user damage and random factory errors, no?
Probably, but it’s definitely there. I managed to tell that one of my friend’s pin had the same key twice in it because i heard the same kind of sound twice.
Were you previously able to identify what someone typed with 96% precision based entirely on the sound of their keyboard? Because I would wager most people cannot
This isnt a new attack. Its been around for years. The newest scary development of this was that a website with a decent frontend was made for it but that was months ago. Use a password manager.
What if the keyboard is not made of homogenous switches? Some reds, silvers, blues and browns thrown randomly around the keyboard ought to defeat the model, right?
As long as they can’t train the model on your specific keyboard yeah. If they can it would probably be even easier for it since the keys would be more distinct.
Time to make a keyboard that self switches between qwerty, colemak, etc and has some sort of indicator of it’s layout, and spits out random recordings of its own key presses, and you just have to be insane to type on it correctly.
Remember, the attack model proved highly effective even against a very silent keyboard, so adding sound dampeners on mechanical keyboards or switching to membrane-based keyboards is unlikely to help.
Not as much as you might think. A lot of audio communication softwares these days have some sort of background noise filter, not saying thay are perfect but they have been increasingly in effectiveness and adoption. My graphics card (nvidia) even supports it and works well. That plus my quiet switches, I’m not too worried about myself, or tech savvy streamers.
The biggest target is probably the elderly and less tech savvy, who are also more likely to fall for scams, and probably have less password entropy (which would make this software more accurate).
Add comment