zlacker

Finally, a real security weakness to cite when making fun of people for their mechanical keyboard. Time to start recording the audio of Zoom calls with some particularly loud typers...

>>TechBr+(OP)
Not according to the article.. Microphones are sensitive enough to mount the attack on quieter keyboards.

>>fatfin+K
What we clearly need are louder keyboards - which overload the mic so as to render keystrokes indistinguishable.

>>therei+n1
I've wanted to integrate a cap gun into a keyboard, basically a an old fashioned roll of paper caps and solenoid to whack 'em, triggered by exclamation points.

>>therei+n1
Adding a gain knob to my keyboard, be right back.

>>TheCle+s6
When conducting coding interviews remotely I often switch from my mechanical keyboard to my laptop keyboard (for taking notes) because I know how annoying/distracting that sound can be on calls. Suffice it to say, having a gain knob on my mechanical keyboard would be wonderful.

>>therei+n1
Or auto-mute upon key press.

>>busyan+Me
Alternatively, constant random key press sounds playing in the background.

>>therei+n1
Some old IBM keyboards (beamsprings, the predecessor to the Model F, which preceded the Model M) had solenoids inside to make them louder and sound more like typewriters. I wonder if such a setup would defeat this attack, or if it would still be possible to discern the actual keypress alongside the solenoid.

>>TheCle+s6
My mechanical keyboard already has a knob that I've configured to control the system audio volume, all that's left is configuring Linux to play an audio recording of a keypress every time I press a key...

>>busyan+Me
Or just use a password manager.

>>fatfin+K
Microphones are surprisingly sensitive. I can listen to music in my closed-back headset at a regular volume. My desk mic can pick this up. Without boosting the audio it's barely audible that there's music, but after adding some gain you get almost the full song profile (and background noise).

I can even pick out some of my breathing from the recording.

If I turn on noise suppression and noise gate it's fine.

>>tiltow+xl
I'm guessing it would be easier (assuming you trained it on that keyboard), because each solenoid would be fairly unique due to manufacturing tolerances. Just my gut feeling, I have no data to back it up.

>>TechBr+(OP)
Mechanical keyboard user here. Most of us use mechanical keyboards because they're a lot more fun to type on. That's it. Because if you're not having fun, what's the point?

>>TechBr+(OP)
I used to work in an office space with an independent contractor whose schtick was that he was a genius. The affectations around his genius-ness included casually bringing up Mensa meetings, dropping magazines like Foreign Affairs and academic journals around the office, and his fucking keyboard.

The keyboard had custom switches that were very loud. And he typed fast - it was like living on a gun range. Everyone in the office probably would have chipped in for a hitman, but alas, the CTO, whose office had a solid door, was “inspired” that the mechanical feedback helped fuel inspiration in boy wonder.

Had we thought of the security risks of the keyboard, I would have brought good scotch to the infosec dude while expressing my concerns.

>>Aerroo+Pr
I was two rooms away from someone playing music on a smart Google device. I could very barely hear that music was playing at all and only just barely made out it was a song I had been interested in but kept missing. I pulled out my S22+ and used Shazam. somehow it was able to pick it up easily.

>>tiltow+xl
Not just limited to old IBM keyboards! The new reproduction Model F keyboards also have a solenoid option! It's fantastically loud with it banging on the solid metal case along with the buckling springs. Great keyboards in general.

>>TechBr+(OP)
I'll just have to add significantly more background clickity clacks as obfuscation.

>>somepl+xm
> all that's left is configuring Linux to play an audio recording of a keypress every time I press a key

I unironically think I've seen that config recently - someone had an actually quiet keyboard but wanted the full Mechanical Keyboard Effect™ so they just... have it play the sound per keypress. (It was not 100% clear to me whether it was an elaborate joke or a real aesthetic choice)

>>TechBr+(OP)
Good luck with my mech steno keyboard.

>>tharne+Mx
I don't know, typing?

Else, something like Mai Tais on the beach sounds more fun, maybe it's just me...

>>yjftsj+qG
The Kinesis Advantage2 and the Moonlander have a piezo speaker to give keystroke sounds. However, they are not for, as you might expect to give the full Mechanical Keyboard Effect™.

If you have mechanical switches, you want to learn to type just past the actuation point and not until the switch bottoms out. This is relatively easy with tactile switches (the have a bump and the actuation point is immediately after the bump). However in linear switches, you don't feel when you have hit the actuation point. So the piezo speaker can be used during the first weeks to train your muscle memory of where the actuation point is, so that you can type lightly.

I had this on my Kinesis Advantage with Cherry Reds, and it was really nice during the initial days/weeks, after which I turned it off.

>>Spooky+cC
Not inspired enough to hire him properly apparently...

>>Spooky+cC
Somewhat tangential: clicky switches, like Cherry Blues, tend to click twice for each stroke. I think this leads to people assuming there are twice as many strokes going on. Tactile switches tend to only click once (when they bottom out). So, fancy keyboards can make people sound faster than they are.

>>doix+cv
I know nothing about this keyboard, but I'd assume it just has one solenoid because the expense and space of 100+ solenoids is impractical if all you're using them for is simulating the vibration/sound of a typewriter.

>>Spooky+cC
> it was like living on a gun range

Thanks for this metaphor. I know off at least one guy, to which this metaphor could be applied as well.

>>somepl+xm
You want https://github.com/zevv/bucklespring then.

Lagniappe: “To temporarily silence bucklespring, for example to enter secrets, press ScrollLock twice”

>>coldte+LJ
but mai tais on beach don't get you money, and if you are going to type on something, its better to make sure its comfortable for you.

>>harles+XL
Add a guy that bottoms out the keys and you will have an additional "click".

>>TechBr+(OP)
It’s so fascinating to watch this play out live. Once again, an ambitious kid can implement software hacks that are very funny when used for a joke, but also have massive real-world implications.

>>whatis+ZN
But inconfortable for others. Surely you all know it bothers a good amount at least some of your colleagues, right?

>>coldte+LJ
Mai tais on the beach don't let you signal what a cool hacker you are. When the point of a thing is signaling, normal arguments don't apply.

>>whatis+ZN
But isn't one of the reasons for using mechanical switches to be able to not bottom out, hence avoiding the repetitive shocks on the fingers? This is what I do with my tactile keyboards, and I'm actually quieter when I type quickly than my colleagues who bottom out on their cheap hollow HP keyboards like no tomorrow.

>>sgu999+AW
Well, not everybody works in an open plan, a shared office, or in an office building.

>>harles+XL
I don't think that's quite right. Many switches including tactiles will make a sound when the switch tops out, from the stem hitting the housing.

As far as I know, Cherry blues only click once and the second sound you hear on a keypress is just the topping out sound.

https://cdn-blog.adafruit.com/uploads/2016/09/Blue.gif

>>jayd16+kG
My thought was to run psyops all the time.

"Just need to type in my password." He says a little too loudly to nobody. Then just type in the honeypot password and login with the real one that you entered with a virtual keyboard a few minutes ago.

Meanwhile you've got a prerecorded keyboard going concurrently that decodes to "I know what you're trying to do. Clever but not clever enough."

And I guess you might as well have a special keyboard that you only use for typing in passwords while you're at it.

>>coldte+B31
Obviously the comment discusses a shared space. If you have your own room you can let your fart rips and sniff them for fun, pull out your dick and piss in a bottle for fun, clank on your loud toys for fun, all the things you should never do with other people around that you might find fun for whatever reason. No one cares. But don't do these things to other people around you, it's anti-social.

>>Gh0stR+wM
I wish I could delete my comment to hide my stupidity. For some reason I was thinking about springs despite reading and typing solenoid. You are of course 100% correct and unfortunately it's too late for me to hide my shame.

>>assbut+5f1
And they make little o rings to dampen that if you're hardcore.

>>TechBr+(OP)
I fear that "in the name of security" is going to ruin everything.

>>vladva+IY
Is it? I've had a few mechanical keyboards, and follow some of those webpages devoted to different switches etc (not obsessively though, once in a blue moon), and I don't recall seeing "bottoming out" and "shocks" as any major benefit mentioned.

I also remember typewriters and old IBM style mechanical keyboards beeing quite heavy to activate, subjectively needing more pressure than some chiclet style "shock" (which I can barely feel).

>>sgu999+AW
> Surely you all know it bothers a good amount at least some of your colleagues

Quiet switches for the office, clicky switches for home. Not exactly a hard problem to solve :)