[HN Gopher] Acoustic Keyboard Eavesdropping ___________________________________________________________________ Acoustic Keyboard Eavesdropping Author : taubek Score : 116 points Date : 2022-05-16 18:27 UTC (4 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | ashton314 wrote: | Solution: get a keyboard loud enough that you make whatever mic | is listening in clip because it's so loud. | | If you can't get key switches loud enough, I made a little Emacs | Lisp snippet that plays a tone on every keypress. Example is for | macOS, but adaptation to *nix should be trivial. | https://gist.github.com/ashton314/4ca20e6e040f07aef58a05f42d... | syntaxing wrote: | Didn't it read into it too much, but wouldn't it work way better | with some sort of timing attack post processing? | parentheses wrote: | Waiting for this to become the next TV trope. | alexose wrote: | I think audiences would reject it as seeming too improbable. | Even by modern TV show standards... | dylanz wrote: | It's somewhat similar to | https://en.wikipedia.org/wiki/Van_Eck_phreaking that's featured | in Cryptonomicon. | Findecanor wrote: | A week ago here on HN, someone posted that they had a program | that automatically muted the microphone on keyboard input. That | should be effective against this being used during | teleconferencing. | | (I'm sorry I couldn't find the post again) | Terry_Roll wrote: | There is are these from Jan 2021 which is a little bit more | than a week ago. | | https://news.ycombinator.com/item?id=25686201 | https://news.ycombinator.com/item?id=25644828 | TremendousJudge wrote: | has anybody tried this? Does this actually work? Does it depend | on what language is being typed? | adrianpike wrote: | Not this specific code, but I have done accoustic keyboard | analysis in the past with success. The thing I wasn't able to | get working was multiple keyboards in a single room - in theory | it should be doable, but the signal processing was (and still | is) far beyond my rudimentary skills. | alexose wrote: | It should be possible to isolate each separate keyboard with | a microphone array (but yes, signal processing...) | | Which makes me wonder: With a sensitive enough microphone | array, might it be possible to separate out the locations of | each individual key? At the very least, it seems like it | might be possible if it's coming from the right or the left | side of the keyboard. | adrianpike wrote: | Yeah, that was the rough plan, start with a pair of mics | and triangulate out - I was hoping to iterate all the way | up to a pair of laser microphones on different window | panes, and on paper I think it should be all doable. I'd | assume all of the organizations that have budgets for | things like this already have it, but it was a fun project | to hack on between gigs. | belkarx wrote: | I tried it on a laptop and separately on cherry mx reds with no | real success (but maybe I wasn't typing for long enough) | riskable wrote: | This should still work on quiet keyboards--it just requires a bit | more work in setting up a listening device. For example, you | could hide a microphone under the keyboard or attach it to the | table it's sitting on (and maybe adjust the model accordingly). | | I need to break out my relay board to see if the sound of the | relays clicking mitigates attacks like this: | https://youtu.be/6hMOGKTudcg (see it in all its clicky glory!) | | As long as the click of the relay happens fast enough--and I add | some sound dampening to the keyboard (which was the opposite of | what I did for that test video haha)--I bet it would render this | kind of attack useless. | foz wrote: | If you're going to go through the trouble of placing a | microphone under someone's table or keyboard, you mind as well | just install a keylogger. It would be much more likely to | succeed given the risk. | yowlingcat wrote: | I suppose it is time to add white noise generation to my | keyboard... | thfuran wrote: | White noise wouldn't be nearly as effective as cherry red | noise. | Findecanor wrote: | Perhaps the keyboard could have an internal speaker that | provides carefully crafted additional noise to make the keys | sound more uniform (like each-other), or to sound more random | (different each time). | | However, if the counter-noise would get triggered first by a | key press then it would not be able to mask the initial part of | the key noise when the finger strikes the key surface before | pressing it down. Detection using a microphone would have the | risk of false positives, so maybe a new key mechanism also | including capacitive touch/proximity sensors would be needed. | | And it would be ineffective against attacks that model key | stroke patterns temporally. | Rafuino wrote: | from the readme section: | | "This is what mechanical keyboard users deserve" -- super guy | | Ouch | tomlin wrote: | Some movie writer is bookmarking this for a future script. | nickt wrote: | Some startup is bookmarking this for a future Zoom/Teams plugin | for your boss to buy to ensure your attention at all times... | ahmed_ds wrote: | Fork it and change this to - | | > algorithm improvements and better n-gram statistics | | GPT-3 | | And you got a startup going. | nonrandomstring wrote: | I was CTO/head of R&D at a company where we were sensing where | someone touched an object based on sounds. I was able to semi- | accurately position a finger tap on a glass phone surface. That | was in 2016. | | Caveats: | | We used contact microphones. Taking the data out of the air from | an acoustic signal would be _much_ harder, but not impossible in | a quiet room with some fancy DSP. | | There is a symmetry such that tapping the same distance from | corner A is indistinguishable from tapping the equivalent | position in corner B. Still, for a 4 x 4 PIN entry that's useful | extra info. | | It depends on the physiology, finger length and nails of the | operator, and how they hold the phone. The fact that this may | also be a unique identifier of the operator should not be a | surprise. | ciwolsey wrote: | Doesn't work on either of the cherry mx keyboards I have and I | haven't heard of anyone else having success with this. | thekiptxt wrote: | I'm guessing it doesn't need to be all that accurate for | certain use cases. | | Even just knowing the length of the password, estimating which | keys in the sequence are capitalized (if Shift behavior is | fairly easy to pin down) and being able to pin each key down to | 5 possibilities would make a 20 character password trivial to | crack. Right? | marshallward wrote: | Same for me, it was laughably bad. | biot wrote: | Prior research in 2004: | https://www.semanticscholar.org/paper/Keyboard-acoustic-eman... | | _" We show that PC keyboards, notebook keyboards, telephone and | ATM pads are vulnerable to attacks based on differentiating the | sound emanated by different keys. Our attack employs a neural | network to recognize the key being pressed. We also investigate | why different keys produce different sounds and provide hints for | the design of homophonic keyboards that would be resistant to | this type of attack."_ | undershirt wrote: | From: https://www.newyorker.com/magazine/2015/11/23/doomsday- | inven... | | > "I think political systems will use it to terrorize people," | Hinton said. Already, he believed, agencies like the N.S.A. were | attempting to abuse similar technology. | | > "Then why are you doing the research?" Bostrom asked. | | > "I could give you the usual arguments," Hinton said. "But the | truth is that the prospect of discovery is too sweet." He smiled | awkwardly, the word hanging in the air--an echo of Oppenheimer, | who famously said of the bomb, "When you see something that is | technically sweet, you go ahead and do it, and you argue about | what to do about it only after you have had your technical | success." | [deleted] | [deleted] | dmcginty wrote: | Does this assume that the keyboard is qwerty, or is it able to | identify typing patterns regardless of the keyboard layout? I use | Dvorak and I couldn't get any of the demos to work for me, but | that may just be my fault. | sleepybrett wrote: | Based on the readme it seems to need training data, so assuming | you train it with the same layout you want to use later to | capture from. i don't see why it wouldn't work. | theophrastus wrote: | from the web-page: It does not require | training data - instead it uses statistical information about | the frequencies of the letters and n-grams in the English | language. | | and from this it should also be noted that it won't | apparently be able to extract passwords, as least those which | aren't "n-grams in the English language". | asimpletune wrote: | This would be a good argument against the xkcd philosophy | towards passwords. | normie3000 wrote: | Unless when typing your password you deliberately use | different fingers than you would when typing normally | pc86 wrote: | I skimmed the readme but a chunk of it is admittedly over my | head, however I would expect something based on letter | frequency and n-grams to work regardless of layout, while | something that relies on the acoustics of the individual keys | to be layout-dependent. | inetknght wrote: | Okay, now imagine that you're remotely pair-programming with | someone (over Zoom or Skype or Teams or whatever). You get to see | and hear a lot of the keystrokes and the characters they emit. | | Then, at some point, you or your peer are prompted to enter a | password. The password field shows up as all bullets. But... can | you still identify the password based on the audio feed? | adrianpike wrote: | Yes - but you don't even need their output. I did this a dozen | or so years ago at a coworking space, where I trained it on my | officemate's keyboard assuming they were typing Ruby code, and | then was able to guess their passphrase pretty quickly using | the trained model. | | I manually fudged spacebars and enters because they're | accoustically obvious, and played around with punctuation keys. | Generally the timing for fingers to move from one key to the | other was where I was finding the strongest signal. | inetknght wrote: | > _I did this a dozen or so years ago at a coworking space, | where I trained it on my officemate 's keyboard_ | | That must be a fun way to type in someone's password to their | computer when they lock it and walk away to get some | coffee... | sprash wrote: | Does this mean we can now make passive "wireless" keyboards | without batteries by simply using a microphone connected to the | computer? | ahmed_ds wrote: | Yes. This reminds me how you can turn a macbook/laptop into a | touchscreen [0]. | | [0] https://www.anishathalye.com/2018/04/03/macbook- | touchscreen/ ___________________________________________________________________ (page generated 2022-05-16 23:00 UTC)