zlacker

[return to "New acoustic attack steals data from keystrokes with 95% accuracy"]
1. lispis+Pq[view] [source] 2023-08-05 19:14:25
>>mikece+(OP)
So they generated training data from one laptop and microphone then generated test data with the exact same laptop and microphone in the same setup, possibly one person pressing the keys too. For the Zoom model they trained a new model with data gathered from Zoom. They call it a practical side channel attack but they didnt do anything to see if this approach could generalize at all
◧◩
2. OtherS+zA[view] [source] 2023-08-05 20:24:31
>>lispis+Pq
I believe that is the generalisable version of the attack. You're not looking to learn the sound of arbitrary keyboards with this attack, rather you're looking to learn the sound of specific targets.

For example, a Twitch streamer enters responses into their stream-chat with a live mic. Later, the streamer enters their Twitch password. Someone employing this technique could reasonably be able to learn the audio from the first scenario, and apply the findings in the second scenario.

◧◩◪
3. yowzad+FB[view] [source] 2023-08-05 20:32:53
>>OtherS+zA
I guess more reason to just use a password manager to autofill your password?
◧◩◪◨
4. jgtros+jK[view] [source] 2023-08-05 21:45:06
>>yowzad+FB
Only if it doesn't only rely on a master password
◧◩◪◨⬒
5. apendl+HM[view] [source] 2023-08-05 22:06:32
>>jgtros+jK
A nice thing about master passwords though is that since you don't have to type them in as often, they can be very long. 95% accuracy probably isn't good enough to reliably reproduce a sentence-length master password, at least if it's only captured once.
◧◩◪◨⬒⬓
6. belval+jR[view] [source] 2023-08-05 22:50:29
>>apendl+HM
95% means that on average only 1 in 20 keystroke will be wrong. Even if your password is very long (40-60) that means only 2-3 errors. Since more people are not machines their long password will be a combination of words like the famous "horsestaplebatterycorrect" example from xkcd.

Even if you flip a few letters from something like the above a human attacker will easily be able to fix it manually.

"horswstaplevatterucorrect" for example is still intelligible.

◧◩◪◨⬒⬓⬔
7. TheCle+mS[view] [source] 2023-08-05 23:01:57
>>belval+jR
On average 2-3 errors. However the real thing we want to look at is what is my chance of guessing right across ALL characters. For 1 it's 95%, for 2 it's 90.2%, and it gets worse from there. The formula for accuracy would be .95^c where c is the number of characters in the password. So the chance of getting EVERY key correct in a 40 character password is < 13% and < 5% for 60 characters.
◧◩◪◨⬒⬓⬔⧯
8. llbean+fY[view] [source] 2023-08-05 23:52:46
>>TheCle+mS
Right. The comment above is saying even if you are incorrect in 2-5 keystrokes it’s not hard to guess the correct keystrokes if you’re using a sentence style password.

You don’t need to guess every character.

[go to top]