I read about this in the Silence on the Wire by Michal Zalewski. And you don't need a fullblown AI, a good statistical model is enough to make a guess on passwords, and if you have a bunch of probabilities to cut down your search space to a more probable set. And the book is from 2005, so I wouldn't say it is new. https://nostarch.com/silence.htm

I even remember reading about how Clifford Stoll recognized the different attackers by "typing rhythm" in Cuckoo's Egg.

This is why I use a separate keyboard to type in my password. If you don’t have a dedicated keyboard, then I suggest you have a loved one come over to enter your passwords for you. Sometimes I have my kid do it

No details about what specific study they are referring to. These attacks are possible for several years now.

2016 - "Don't Skype & Type! Acoustic Eavesdropping in Voice-Over-IP" - https://arxiv.org/abs/1609.09359

2020 - "Behavioral Acoustic Emanations: Attack and Verification of PIN Entry Using Keypress Sounds" - https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7309150/

Maybe they mean this one...

2023 - "A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards" - https://arxiv.org/abs/2308.01074

And just today there is a post about the Sneakers Movie Promotional Floppy!

Now, from memory I’m pretty sure there is a scene where the visually impaired / blind Hacker can work out the password by listening to the audio on the surveillance tape!

I’m probably mangling my memory of the scene, so please correct me! :-)

https://news.ycombinator.com/item?id=38585213

Wasn't it on-screen keyboards that were the mitigation against keyloggers way back in the day?

Does anyone know what the SotA foss local demo of something like this is? I'd really like to try and understand first hand what the limitations are.

This is why I don't type and dictate my passwords using voice. Never been broken into once!

Just use a passkey or U2F device. No password at all.

Job done.

Don’t type passwords. Use 2FA whenever possible