Hacker creates tool that can ‘eavesdrop’ text from keyboard sounds
A real tweaker naturally wants a mechanical keyboard with blue switches if possible, but what if that noise poses a danger? A hacker has built a tool to retrieve texts based on the sound of keystrokes. Fortunately that is not very practical.
The tool is called Keytap2 and it was created by the Bulgarian hacker Georgi Gerganov. He put the tool on GitHub. Keytap2 is a tool that makes it possible to retrieve a text based on the sound of keystrokes. Gerganov shows in a video how he can find out a piece of English text by playing an audio file in which someone types that text. He has also created a proof-of-concept website, which only works in browsers that support WebAssembly.
Gerganov’s tool is not completely new. The ‘2’ in the name already reveals that it is an improved version of the tool that he released in 2018. Keytap1 could also listen to a mechanical keyboard if there was a microphone nearby. But that tool had a major disadvantage, Gerganov explains: it is then necessary to first collect a lot of training data to create an algorithm. That is no longer necessary, or at least to a lesser extent.
The tool still works largely based on the original Keytap tool. In addition, a recording is made of the sound of keystrokes. Based on that waveform, the tool filters the first 75 milliseconds of a keystroke, which, according to Gerganov, are unique and can therefore be mapped. Then those unique results must be translated into the correct characters on the keyboard. This is done on the basis of an algorithm that Gerganov wrote himself.
In its original Keytap tool, it was necessary to collect a lot of training data first, by first taking a recording and comparing it with the output text. Moreover, it had to be from the specific keyboard that someone is using. That made the tool not very practical to use.
The new version of the tool does not need to have specific training data from a ‘victim’. Instead, Keytap2 looks at n-grams, a linguistic method that indicates the probability of letter combinations. Keytap2 therefore only needs to be trained on a general corpus text. The attacker must then know in which language is being typed. The proof-of-concept only works with English input.
According to Gerganov, the tool is still not completely reliable after that. “The outcome is nowhere near perfection. There are several factors behind this, such as background noise and the different ways a key is struck,” he writes. Therefore, keystrokes must be divided into groups, which then run a new algorithm to calculate how likely a keystroke is to be translated correctly.
Gerganov acknowledges that the results of the tool are nevertheless still fragile. For example, it is not yet possible to automate the attack, so the PoC has an option to manually adjust the outcomes. It is also necessary to use a mechanical keyboard and the tool is still quite heavy to use. So for now you can still keep tapping without fear.