Hacking an Instagram Account by keyboard Sound

[BloodyWave]

Hello, I have recently just hacked my best friend by using his keyboard sounds. Let me explain, I was on a call with my best friend on discord and I was recording the call. As he was typing his Instagram password and I could hear the keyboard noises, each key had a different & loud noise. So I had this crazy idea of trying to hack him just by using the recording of him typing the password (keep in mind that I couldn't see the keyboard as it was a audio-only call). So I pulled up the recording and each time he was pressing a key, I would in a way 'brute-force' my way to find a similar key sound as to what it sounded like. Soon enough (an hour later) I had 5 different combinations that sounded exactly similar, so I tried all the 5 combinations and to my surprise combination 5 was the password and I got access to his account. So I was wondering if this was already a hacking method and if so, what is it called? because it really got me intrigued.

 

[h0oligan]

I have no idea how you managed to replicate this, since even if you have the same keyboard, what matters is how hard you hit a key; hand positioning and finger placement, etc.

So I doubt sound is that useful.

However, there is a quite interesting method of picking up a wireless keyboard's keystrokes:

Using a strong antenna, sitting in a van outside your home, the FBI could be picking up on your keystrokes on a wired keyboard. In fact many people speculate that the new smart meters installed in many homes already have this technology to determine everything you are doing in your home electronically. Wired and wireless keyboards emit electromagnetic waves, because they contain electronic components. This electromagnetic radiation could reveal sensitive information such as keystrokes as shown in the video. Every electrmagnetic wave is unique to the device using it, which gives a person spying on you the ability to tell the difference between you using your computer versus the dishwasher.

According to the people who did this experiment, they were able to extend the range up to 20 meters using relatively cheap technology. This was for wired keyboards by the way, and they go on to explain that wireless keyboards and mouses are even easier. Which brings us to another area of interest, wireless transmissions. Things like wireless keyboards and wireless mice (or mouses?) are vulnerable to eavesdropping as well. If they are not using a strong enough encryption to send data to the receiver, anyone can be listening in on your keystrokes and mouse activity. Probably something most people never thought about either, this is on top of the electromagnetic waves that can also be picked up.



Microsoft has upgraded the weak encryption found on today’s massmarket wireless keyboards with a new design that uses 128bit AES to secure communication to and from the PC.


Hitherto, keyboard encryption has been weak, with keys chosen from a small palette of possibilities, with one hacking group claiming in 2009 that it had developed a tool specifically to sniff keystrokes from Microsoft keyboards at a range up to a 10 metres.


hxxp://news[dot]techworld[dot]com/security/3284218/newmicrosoftwirelesskeyboardgets128bit encryption/

Are you using wireless technology? How old is it? Might be time to upgrade your equipment. 10 meters is about 33 feet, but remember the technology available to the government could potentially reach beyond that. Then there are other things people forget such as wireless monitors which broadcast your screen to a receiver that can be picked up. Just think about the old antennas people used to have on top of their homes, and how far away those could pick up signals from TV stations, if you had one of those pointed at you in a van across the street, there is no doubt they could be eavesdropping on your activities inside.


One researcher was able to use a wireless signal sent by a smart meter from up to 300 meters away (900 feet) to find out which house it was coming from and what the current power consumption was in plain text. She was then able to use this information to determine when people were and were not home based on average spikes in consumption since the meters pulse every 30 seconds.

Quote

The data sent was in plain text and carried the identification number of the meter and its reading. The name of the home owner or the address aren't included, but anyone motivated enough could quickly figure out the source.

"The meter ID was printed on the front of the meter we looked at, so theoretically you could read the ID [off a target meter] and try to sniff packets," Xu said.

In her tests, Xu found she was able to pull packets out of the air from target meters between once every 2 to 10 minutes. That's fast enough to be able to work out the average power consumption of a house and notice start to deduce when someone is at home.

 

[alligatorman17]

I have no idea how you managed to replicate this, since even if you have the same keyboard, what matters is how hard you hit a key; hand positioning and finger placement, etc.

So I doubt sound is that useful.

However, there is a quite interesting method of picking up a wireless keyboard's keystrokes:

Using a strong antenna, sitting in a van outside your home, the FBI could be picking up on your keystrokes on a wired keyboard. In fact many people speculate that the new smart meters installed in many homes already have this technology to determine everything you are doing in your home electronically. Wired and wireless keyboards emit electromagnetic waves, because they contain electronic components. This electromagnetic radiation could reveal sensitive information such as keystrokes as shown in the video. Every electrmagnetic wave is unique to the device using it, which gives a person spying on you the ability to tell the difference between you using your computer versus the dishwasher.

According to the people who did this experiment, they were able to extend the range up to 20 meters using relatively cheap technology. This was for wired keyboards by the way, and they go on to explain that wireless keyboards and mouses are even easier. Which brings us to another area of interest, wireless transmissions. Things like wireless keyboards and wireless mice (or mouses?) are vulnerable to eavesdropping as well. If they are not using a strong enough encryption to send data to the receiver, anyone can be listening in on your keystrokes and mouse activity. Probably something most people never thought about either, this is on top of the electromagnetic waves that can also be picked up.



Microsoft has upgraded the weak encryption found on today’s massmarket wireless keyboards with a new design that uses 128bit AES to secure communication to and from the PC.


Hitherto, keyboard encryption has been weak, with keys chosen from a small palette of possibilities, with one hacking group claiming in 2009 that it had developed a tool specifically to sniff keystrokes from Microsoft keyboards at a range up to a 10 metres.


hxxp://news[dot]techworld[dot]com/security/3284218/newmicrosoftwirelesskeyboardgets128bit encryption/

Are you using wireless technology? How old is it? Might be time to upgrade your equipment. 10 meters is about 33 feet, but remember the technology available to the government could potentially reach beyond that. Then there are other things people forget such as wireless monitors which broadcast your screen to a receiver that can be picked up. Just think about the old antennas people used to have on top of their homes, and how far away those could pick up signals from TV stations, if you had one of those pointed at you in a van across the street, there is no doubt they could be eavesdropping on your activities inside.


One researcher was able to use a wireless signal sent by a smart meter from up to 300 meters away (900 feet) to find out which house it was coming from and what the current power consumption was in plain text. She was then able to use this information to determine when people were and were not home based on average spikes in consumption since the meters pulse every 30 seconds.

Quote

The data sent was in plain text and carried the identification number of the meter and its reading. The name of the home owner or the address aren't included, but anyone motivated enough could quickly figure out the source.

"The meter ID was printed on the front of the meter we looked at, so theoretically you could read the ID [off a target meter] and try to sniff packets," Xu said.

In her tests, Xu found she was able to pull packets out of the air from target meters between once every 2 to 10 minutes. That's fast enough to be able to work out the average power consumption of a house and notice start to deduce when someone is at home.

Oh wow, how the world is evolving, in no time at all we wont get any privacy if this was a common public discussion! And as you said you could make this with relevantly cheap technology, what could be used? The link doesn't work by the way

 

[BREADGANG]

This could fall in many categories ranging from statistical to behavioral analysis. Huge majority of peoples account credentials are trvial to brute force using targeted rainbow bruteforcing. Once enough data is collected such as name, age, dob, lifestyle, etc then the set of possible credentials become plauseable. Prettty much less than 2% of society use password managers that do not hae collidable and targeted dictionary hackable info.

 

[BarclaysBoys13]

take a look: https://github.com/ggerganov/kbd-audio