[HN Gopher] Acoustic Keyboard Eavesdropping
___________________________________________________________________
Acoustic Keyboard Eavesdropping
Author : taubek
Score : 116 points
Date : 2022-05-16 18:27 UTC (4 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| ashton314 wrote:
| Solution: get a keyboard loud enough that you make whatever mic
| is listening in clip because it's so loud.
|
| If you can't get key switches loud enough, I made a little Emacs
| Lisp snippet that plays a tone on every keypress. Example is for
| macOS, but adaptation to *nix should be trivial.
| https://gist.github.com/ashton314/4ca20e6e040f07aef58a05f42d...
| syntaxing wrote:
| Didn't it read into it too much, but wouldn't it work way better
| with some sort of timing attack post processing?
| parentheses wrote:
| Waiting for this to become the next TV trope.
| alexose wrote:
| I think audiences would reject it as seeming too improbable.
| Even by modern TV show standards...
| dylanz wrote:
| It's somewhat similar to
| https://en.wikipedia.org/wiki/Van_Eck_phreaking that's featured
| in Cryptonomicon.
| Findecanor wrote:
| A week ago here on HN, someone posted that they had a program
| that automatically muted the microphone on keyboard input. That
| should be effective against this being used during
| teleconferencing.
|
| (I'm sorry I couldn't find the post again)
| Terry_Roll wrote:
| There is are these from Jan 2021 which is a little bit more
| than a week ago.
|
| https://news.ycombinator.com/item?id=25686201
| https://news.ycombinator.com/item?id=25644828
| TremendousJudge wrote:
| has anybody tried this? Does this actually work? Does it depend
| on what language is being typed?
| adrianpike wrote:
| Not this specific code, but I have done accoustic keyboard
| analysis in the past with success. The thing I wasn't able to
| get working was multiple keyboards in a single room - in theory
| it should be doable, but the signal processing was (and still
| is) far beyond my rudimentary skills.
| alexose wrote:
| It should be possible to isolate each separate keyboard with
| a microphone array (but yes, signal processing...)
|
| Which makes me wonder: With a sensitive enough microphone
| array, might it be possible to separate out the locations of
| each individual key? At the very least, it seems like it
| might be possible if it's coming from the right or the left
| side of the keyboard.
| adrianpike wrote:
| Yeah, that was the rough plan, start with a pair of mics
| and triangulate out - I was hoping to iterate all the way
| up to a pair of laser microphones on different window
| panes, and on paper I think it should be all doable. I'd
| assume all of the organizations that have budgets for
| things like this already have it, but it was a fun project
| to hack on between gigs.
| belkarx wrote:
| I tried it on a laptop and separately on cherry mx reds with no
| real success (but maybe I wasn't typing for long enough)
| riskable wrote:
| This should still work on quiet keyboards--it just requires a bit
| more work in setting up a listening device. For example, you
| could hide a microphone under the keyboard or attach it to the
| table it's sitting on (and maybe adjust the model accordingly).
|
| I need to break out my relay board to see if the sound of the
| relays clicking mitigates attacks like this:
| https://youtu.be/6hMOGKTudcg (see it in all its clicky glory!)
|
| As long as the click of the relay happens fast enough--and I add
| some sound dampening to the keyboard (which was the opposite of
| what I did for that test video haha)--I bet it would render this
| kind of attack useless.
| foz wrote:
| If you're going to go through the trouble of placing a
| microphone under someone's table or keyboard, you mind as well
| just install a keylogger. It would be much more likely to
| succeed given the risk.
| yowlingcat wrote:
| I suppose it is time to add white noise generation to my
| keyboard...
| thfuran wrote:
| White noise wouldn't be nearly as effective as cherry red
| noise.
| Findecanor wrote:
| Perhaps the keyboard could have an internal speaker that
| provides carefully crafted additional noise to make the keys
| sound more uniform (like each-other), or to sound more random
| (different each time).
|
| However, if the counter-noise would get triggered first by a
| key press then it would not be able to mask the initial part of
| the key noise when the finger strikes the key surface before
| pressing it down. Detection using a microphone would have the
| risk of false positives, so maybe a new key mechanism also
| including capacitive touch/proximity sensors would be needed.
|
| And it would be ineffective against attacks that model key
| stroke patterns temporally.
| Rafuino wrote:
| from the readme section:
|
| "This is what mechanical keyboard users deserve" -- super guy
|
| Ouch
| tomlin wrote:
| Some movie writer is bookmarking this for a future script.
| nickt wrote:
| Some startup is bookmarking this for a future Zoom/Teams plugin
| for your boss to buy to ensure your attention at all times...
| ahmed_ds wrote:
| Fork it and change this to -
|
| > algorithm improvements and better n-gram statistics
|
| GPT-3
|
| And you got a startup going.
| nonrandomstring wrote:
| I was CTO/head of R&D at a company where we were sensing where
| someone touched an object based on sounds. I was able to semi-
| accurately position a finger tap on a glass phone surface. That
| was in 2016.
|
| Caveats:
|
| We used contact microphones. Taking the data out of the air from
| an acoustic signal would be _much_ harder, but not impossible in
| a quiet room with some fancy DSP.
|
| There is a symmetry such that tapping the same distance from
| corner A is indistinguishable from tapping the equivalent
| position in corner B. Still, for a 4 x 4 PIN entry that's useful
| extra info.
|
| It depends on the physiology, finger length and nails of the
| operator, and how they hold the phone. The fact that this may
| also be a unique identifier of the operator should not be a
| surprise.
| ciwolsey wrote:
| Doesn't work on either of the cherry mx keyboards I have and I
| haven't heard of anyone else having success with this.
| thekiptxt wrote:
| I'm guessing it doesn't need to be all that accurate for
| certain use cases.
|
| Even just knowing the length of the password, estimating which
| keys in the sequence are capitalized (if Shift behavior is
| fairly easy to pin down) and being able to pin each key down to
| 5 possibilities would make a 20 character password trivial to
| crack. Right?
| marshallward wrote:
| Same for me, it was laughably bad.
| biot wrote:
| Prior research in 2004:
| https://www.semanticscholar.org/paper/Keyboard-acoustic-eman...
|
| _" We show that PC keyboards, notebook keyboards, telephone and
| ATM pads are vulnerable to attacks based on differentiating the
| sound emanated by different keys. Our attack employs a neural
| network to recognize the key being pressed. We also investigate
| why different keys produce different sounds and provide hints for
| the design of homophonic keyboards that would be resistant to
| this type of attack."_
| undershirt wrote:
| From: https://www.newyorker.com/magazine/2015/11/23/doomsday-
| inven...
|
| > "I think political systems will use it to terrorize people,"
| Hinton said. Already, he believed, agencies like the N.S.A. were
| attempting to abuse similar technology.
|
| > "Then why are you doing the research?" Bostrom asked.
|
| > "I could give you the usual arguments," Hinton said. "But the
| truth is that the prospect of discovery is too sweet." He smiled
| awkwardly, the word hanging in the air--an echo of Oppenheimer,
| who famously said of the bomb, "When you see something that is
| technically sweet, you go ahead and do it, and you argue about
| what to do about it only after you have had your technical
| success."
| [deleted]
| [deleted]
| dmcginty wrote:
| Does this assume that the keyboard is qwerty, or is it able to
| identify typing patterns regardless of the keyboard layout? I use
| Dvorak and I couldn't get any of the demos to work for me, but
| that may just be my fault.
| sleepybrett wrote:
| Based on the readme it seems to need training data, so assuming
| you train it with the same layout you want to use later to
| capture from. i don't see why it wouldn't work.
| theophrastus wrote:
| from the web-page: It does not require
| training data - instead it uses statistical information about
| the frequencies of the letters and n-grams in the English
| language.
|
| and from this it should also be noted that it won't
| apparently be able to extract passwords, as least those which
| aren't "n-grams in the English language".
| asimpletune wrote:
| This would be a good argument against the xkcd philosophy
| towards passwords.
| normie3000 wrote:
| Unless when typing your password you deliberately use
| different fingers than you would when typing normally
| pc86 wrote:
| I skimmed the readme but a chunk of it is admittedly over my
| head, however I would expect something based on letter
| frequency and n-grams to work regardless of layout, while
| something that relies on the acoustics of the individual keys
| to be layout-dependent.
| inetknght wrote:
| Okay, now imagine that you're remotely pair-programming with
| someone (over Zoom or Skype or Teams or whatever). You get to see
| and hear a lot of the keystrokes and the characters they emit.
|
| Then, at some point, you or your peer are prompted to enter a
| password. The password field shows up as all bullets. But... can
| you still identify the password based on the audio feed?
| adrianpike wrote:
| Yes - but you don't even need their output. I did this a dozen
| or so years ago at a coworking space, where I trained it on my
| officemate's keyboard assuming they were typing Ruby code, and
| then was able to guess their passphrase pretty quickly using
| the trained model.
|
| I manually fudged spacebars and enters because they're
| accoustically obvious, and played around with punctuation keys.
| Generally the timing for fingers to move from one key to the
| other was where I was finding the strongest signal.
| inetknght wrote:
| > _I did this a dozen or so years ago at a coworking space,
| where I trained it on my officemate 's keyboard_
|
| That must be a fun way to type in someone's password to their
| computer when they lock it and walk away to get some
| coffee...
| sprash wrote:
| Does this mean we can now make passive "wireless" keyboards
| without batteries by simply using a microphone connected to the
| computer?
| ahmed_ds wrote:
| Yes. This reminds me how you can turn a macbook/laptop into a
| touchscreen [0].
|
| [0] https://www.anishathalye.com/2018/04/03/macbook-
| touchscreen/
___________________________________________________________________
(page generated 2022-05-16 23:00 UTC)