this post was submitted on 06 Aug 2023
483 points (94.1% liked)

Technology

59099 readers
5111 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s
[email protected]
[email protected]
L4s
enu
483
New acoustic attack steals data from keystrokes with 95% accuracy (www.bleepingcomputer.com)
submitted 1 year ago by L4s to c/technology
72 comments fedilink hide all child comments
 

New acoustic attack steals data from keystrokes with 95% accuracy::A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

A very widespread implication of this is if you are on a call with a bad actor and are on speaker phone, and you enter your password while talking to them, they could potentially get that password or other sensitive information that you typed.

Assuming it really is that accurate, a real-world attack could go something like this. Call someone and social engineer them in a way that causes them to type their login credentials, payment information, whatever, into the proper place for them. They will likely to this without a second thought because "well, I'm signing into the actual place that uses those credentials and not a link someone sent me so it's all good! I even typed in the address myself so I'm sure there's no URL trickery!" And then attempt to extract what they typed. Lots of people, especially when taking calls or voice conference meetings or whatever from their desk, prefer to not hold their phone to their ear of use a headset mic and instead just use their normal laptop mic or an desktop external one. And, most people stop talking when they're focused on typing which makes it even easier. Hell if you manage to reach, say, the IT server department of a major company and play your cards right, you might even be able to catch them entering a root password for a system that's remotely accessible.

[โ€“] egeres 3 points 1 year ago

Is very convoluted, but yeah, could work