Comment on Boffins convert typing sounds into text with 95% accuracy
agent_flounder@lemmy.world 11 months agoThe article says
The researchers note that skilled users able to rely on touch typing are harder to detect accurately, with single-key recognition dropping from 64 to 40 percent at the higher speeds enabled by the technique.
Hm. Sounds like “some cases” are hunt and peck typists or very slow touch typists.
I don’t know if training for each victim’s typing is really needed. I get the impression they were identifying unique sounds and converting that to the correct letters. I only skimmed and I didn’t quite understand the description of the mechanisms. Something about deep learning and convolution or…? I think they also said they didn’t use a language model so I could be wrong.
I imagine it probably also uses an algorithm to attempt to “guess” the next letter (or the full word itself, like your phone keyboard does) based on existing words. Then maybe an LLM can determine which of the potential words are the most likely being typed based on the context.
I dunno if that makes any sense, but that’s how I pictured it working in my brain movies.
Pons_Aelius@kbin.social 11 months ago
The problems is that even with up to 95% accuracy that still means the with a password length of 10 there is a 50/50 chance that one character is wrong.
A password with one character wrong is just as useless as randomly typing.
This is an interesting academic exercise but there are much better and easier ways to gain access to passwords and systems.
The world is not a bond movie.
Deploying social engineering is much easier than this sort of attack.
warrenson@lemmy.nz 11 months ago
“Hearing” the same password twice drastically increases the accuracy, however, social engineering is indeed the most effective and efficient attack method.
0xD@infosec.pub 11 months ago
If the password is not random, as they seldomly are, you can just guess the last, or even the last few characters of they are not correct.
prole@sh.itjust.works 11 months ago
Have you never seen a Bond movie? Yeah they always have a gadget or two, but the rest is basically him social engineering his way through the film.
agent_flounder@lemmy.world 11 months ago
I was thinking of this attack in terms of grabbing emails, documents, stuff like that. Or snippets thereof.