Someone overheard me! Why it's important to think about all attack vectors, even if they seem unlikely to happen?
0xB25C
July 25th, 2022

It is no secret that hackers can find out which keys you press. To do this, a hacker needs to install a key-logger (See 1 & 2) on the victim's computer. However, it is already possible to simply find out what a person is typing just by the sound from the microphone or, let's say, an IoT device speakers.

But how does it work exactly? Let's get to the bottom of it!

Each key on the keyboard has a unique sound. The distance between the keys, the microphone, and the rate at which they are pressed are different for each symbol. In short, a spectrogram analysis is able to distinguish the keys from each other and determine which buttons corresponds to a particular sound.

The algorithm would analyze the parameters of each sound if a hacker gained access to a microphone or speakers. To protect against audio key-loggers, try using Unclack on MacOS and Hushboard for Linux. They will mute the microphone when you are typing.

Test on your own:

❕ Described attack can be used in a combination with the IoT hack in which hacker may use speakers, and therefore a microphone, in order to recognize your seed phrase and steal your crypto assets. This is not a joke!

Carefully go through:

Banks have long been concerned about creating a system of acoustic protection not only in meeting rooms and the office management, but also in the security departments. Banks can use deep underground laboratories and huge Faraday cages for this purpose.

In essence, cold wallet is just a pseudo-AirGap system (100% AirGap is impossible to achieve on Earth by definition, that's why CubeSat topic is so interesting) and it can be cracked.

…in space no-one can hear you scream

…and therefore no one can overhear you! 🙂

I am not asking you to comply with all of this, but you must remember the main rule in this particular case:

If we finally want to give people the opportunity to be their own bank, we must realize that in this case people must be able to replace all those services and actions for which traditional banks get money.


Follow the 25 rules in this set, the first 10 rules relate to personal security, and the rest to corporate security, also keep an eye on the latest trends in crypto OpSec, that always makes sense. Don’t be afraid of links, you don’t need all of them but you should be able to pick up which will interest you the most for your own Pathway.

Use extensive measures when working with files and always keep an eye on the latest security trends even if your area is far from it. Take this subreddit and this awesome old & trusted resource as the first step. In our dangerous world anyone can become a target, especially in crypto.

Read my articles:

That said, it doesn’t really matter what industry you’re in. If you have any sensitive, proprietary information at all, then you could very well be a target. This is a good thing to always keep in mind.

Learn the latest attack techniqueswhite-hat cheatsheets and defense methods, join hacker communities - because only with knowledge can we defeat the knowledge of hackers. In this intellectual battle the most prepared will win and I believe that it will be you, Anon. It sounds scary but it is possible, the main thing is to always think ahead.

Forewarned is forearmed! Stay safe!


Support is very important to me, with it I can spend less time at work and do what I love — educating DeFi & Crypto users! ❤️

If you want to support my work, you can send me a donation to the address:

Subscribe to CIA Officer's Blog
Receive new entries directly to your inbox.
Collectors
View
#1
#2
#3
View collectors
This entry has been permanently stored on-chain and signed by its creator.