13 May 2022

Your mechanical keyboard isn't just annoying, it's also a security risk

This website is all ears


If noisy mechanical keyboards are the bane of your life at home or in the office then you may have just found the perfect excuse to stop your colleagues or loved one from smashing those keys so loudly - it turns out that hackers can tell almost exactly what you're writing just by listening to you type.

Keytap3 is a software developed by Georgi Gerganov that can detect what keys are being pressed simply by listening at a close range with a half-decent microphone, with Gerganov demonstrating this using a mobile phone's built-in microphone in an 'acoustic eavesdropping' test on their YouTube channel.


This isn't the first version that Gerganov has developed though this is by far the most intuitive, having previously dabbled in projects that required the user to type a series of predetermined words and phrases to 'train' Gerganov’s software into deciphering what keys are being selected. 

Previous versions also required that the position of the microphone used to record the typing remain unchanged between the test and actually running the software, though these restrictions don't exist with Keytap3, which as the name implies, is the third version of the project.

Gerganov explains that it "works by clustering the detected keystrokes based on their sound similarity and then using statistical information about the frequency of the letter n-grams in the supposed language of the text (for example, English)."

We gave it a try using the Razer Huntsman v2 Analog which uses Razer's own Analog key switches, which gave some pretty mixed results so it's fair to say that this isn't 100% accurate just yet. Still, most of what Keytap3 detected from our typing was in fact, what we were writing which means it could detect important data such as passwords and sensitive information in private emails. Scary stuff.

You can give this a try for yourself over on the Keytap3 website by following the instructions below that Gerganov provided to better optimize the experience.

  • Be in a quiet room
  • Open this page on your phone and place it next to the keyboard of interest
  • Alternatively, open the page on your PC and put the mic next to the keyboard
  • Note that the keyboard does not even have to be plugged in during this test
  • Press the Init button below and allow microphone access to the web page
  • Type some English text on the keyboard using only lowercase letters and space
  • Try not to type faster than 250 CPM

Thankfully this only works with mechanical keyboards, and noisy ones at that as the audio needs to be loud enough for a microphone to pick it up. If you're particularly concerned then you could switch out your current key switches to something a little quieter like Cherry MX Silent switches. Even if the risk of hackers listening into your conversations is low, said colleagues may be grateful to you for giving their ears a rest.

Analysis: This isn't a real concern...yet

If this has set you on edge then I have both good and bad news for you. The good news is that while this is fairly creepy, it's unlikely that hackers will be able to break into your private space and place a microphone in close enough proximity to your keyboard without you noticing.

The bad news is that there are plenty of other ways that your keyboard could be giving away your private information. Keystroke capturing dongles exist that can be plugged into a keyboard’s USB cable, and wireless keyboards can be exploited using hardware such as KeySweeper, a device that can record keyboards using the 2.4GHz frequency when placed in the same room.

There are even complex systems that use lasers to detect vibrations or fluctuations in powerlines to record what's being written on a nearby keyboard.

Still, if you're a fan of mechanical keyboards then don't let any of this deter you, especially if you use one at home rather than in a public office environment. It's highly unlikely that you need to take extreme measures in your own home and just about everything comes with a security risk these days. Sometimes it's just better to enjoy the obnoxious tapping than keep yourself up at night worrying about hackers listening into your Facebook messages to your mom.

Source:techradar.com

12 May 2022

Google's Wallet app with digital IDs - The next phase in slavery



In order to accelerate the slavery agenda, Google is now integrating digital identifications in their new Wallet app.

Google now also owns Fitbit, meaning all your bio-metric data will now be 'owned' by Google, where you will have zero control of the data, irrespective of that Google may tell you.

We do not recommend the use or purchase of any Google products.

In fact if you are truly serious about your privacy, we recommend you to 'de-Google' your life and devices, for a start; using hardware which can run AOSP, non spy-ware version of Android.

For example, to purchase a smart watch which does not require the companion app to login to a external server, where some of those watches can use a generic opensource companion app called Gadgetbridge.

See article from gsmarena.com of the headline:

Google announces new Wallet app with support for digital IDs

If there's one thing Google likes to do almost as much as constantly launching new messaging apps, it's killing an app or service and then after a while launching another thing with the same name. So, with that in mind, say hello to the new Google Wallet. This will be available for Android and Wear OS devices in the coming weeks in "over 40 countries".

As you might expect, you can use it to store bank cards for tap to pay, but also any other sort of card you might have, including loyalty ones. But not just that - vaccine certificates? Check! And at some later point, Wallet will even support digital IDs, where you can identify yourself without even giving anyone your phone, through the magic of NFC. This obviously depends on state support, so the rollout might take some time, even in the US, where it's starting.



Digital office and hotel keys will also be supported, and developers can make almost any item into a digital pass. Google has created some templates that are the easiest to use - for boarding passes and event tickets and the likes, but there's also a generic template for more unique things.

To add a boarding pass or Covid vaccine card, you can simply take a screenshot of it and then you'll see an option to add it directly to your Google Wallet. Once it's added, you'll get notifications of delays and gate changes. The same goes for concert tickets - you'll receive a notification reminding you of the gig.

And if you look up directions in Maps to go see a friend, your transit card balance (provided it's added to Wallet) will be shown alongside the route. If you're low on credit/fare, you can tap and add more.

Since Google loves to be confusing with its apps and services sometimes, Google Pay will still be around in the US, India, and Singapore, focusing on sending and receiving payments from friends, but you'll pay for stuff with Google Wallet. See? We told you it was confusing.

10 May 2022

EU could start enforcing Digital Markets Act rules on Apple, Google, Meta in Spring 2023


You may have heard so far that the European Union has been preparing to have a say in how big tech companies like Apple, Google, and Meta operate. We are talking about a legislation dubbed the DMA (Digital Markets Act) which the European Commission has been rigorously preparing for a while. Now, The Verge reports that changes might come as soon as Spring 2023.


Spring 2023 might be the time when we see EU vs Big Tech


The European Commission's executive vice president Margrethe Vestager has set her eyes on controlling (or at least, fining if uncontrollable) tech giants such as Apple, Google, Amazon, Meta, and others with the DMA. Previously, she expected the battle to begin in October, but it seems we are more likely to see some action in the Spring of next year.

The waiting game depends on when the DMA will get implemented. The legislation is currently waiting for approval from the Council and Parliament.

The EU is, however, gearing up for enforcement of the new laws. The legislation focuses on the so-called gatekeeper companies, that, if you've been attentive so far in this article, you might presume refers to those big tech companies we mentioned earlier.

And you would be correct. If you're curious, here's the definition of what companies are considered gatekeepers: the company needs to have a market capitalization (a fancy way of saying the total of its stocks value) of over €75 billion ($82 billion) and own a social platform or app with at least 45 million monthly users.

These companies could face fines of up to 10 percent of their total worldwide turnover (for the preceding year) if they fail to comply with the legislation. For the repeated offenders, the fine can grow to 20 percent, which could help the EU drive its point home.

So, big tech companies will have three months to declare their status to the Commission, and then they'll have to wait for up to two months to receive confirmation from the EU. Indeed, it seems like it could take quite a while for the giant mechanism to start working (you can't expect tech giants and government commissions to fight a fierce Marvel-like battle that's so quick it's hard to see).

And as you might imagine, the EU has a lot more work it needs to do beforehand. Hiring heroes (we mean, staff), preparing the hundreds of monitors and computers to analyze data (and possibly, the 007 coffee for the employees that are working there)... joking aside, it will indeed take some tremendous work to prepare such legislation to be executed. Vestager also mentions that they will need to prepare legal text on various procedures. 

However, when the DMA passes, it will possibly mark an end of an era. In case you haven't heard of it yet, this is the legislation that could force Apple to allow users to download apps from outside the App Store (a possibility that freaks Tim Cook out and has him worried about the iPhone security), as well as require WhatsApp and iMessage to become interoperable with smaller chat apps.

Sideloading (the process of downloading apps on iPhone from outside the App Store) is arguably the biggest change the DMA will force for Apple. Previously, Apple has raised concerns that this will weaken the iPhone's security. By the way, Android users have been able to sideload apps for quite a while now.

On the other hand, an even bigger cause of headache for Apple is that the DMA would make Cupertino allow App Store customers to make in-app payments through alternative payment platforms (you may have heard about the infamous Apple Tax, 30% cut, which Apple takes from developers when payments are made via the App Store).

With all this being said, it will be quite interesting to see the DMA in action and what changes will big tech giants have to implement (and whether they will comply).