← Back to context

Comment by zhfliz

2 years ago

> Some online streamers have been hacked as of late using AI models trained to steal their passwords using the sounds of them typing on their keyboards

do you have any sources for that?

I've only seen this mentioned from research results recently but no real world exploitation reports.

https://www.bleepingcomputer.com/news/security/new-acoustic-...

2 comments

zhfliz

Reply
dmazzoni  2 years ago

Years ago when I saw a paper on that topic, I tried recording my own keyboard and trained a ML model to classify keystrokes. I used a SVM, to give you an idea of how long ago this was.

I got to 90% accuracy extremely quickly. The "guessed" keystrokes had errors but they were close enough to tell exactly what I was typing.

If I could do that as an amateur in a few hours of coding with no advanced signal processing and with the first SVM architecture I tried, it must be relatively easy to learn / classify.

  • remus  2 years ago

    Also, if the goal was to guess a password you wouldn't necessarily need it to be really accurate. Just narrowing the search space could get you close enough that a brute force attack could do the rest.