If the attacker can run code on your device, a keylogger is a much simpler solution.
I think it is probably simpler to enable the microphone from a web or mobile application than to install a keylogger in the OS. But then if you consider acoustic keyloggers...
With an acoustic keylogger you could scoop the my KeePass password but the actual passwords that I use to log into websites.
Not if it’s sandboxed, but then timing and other side-channel attacks are still easier than using the mike.
If the attacker can run code on your device, a keylogger is a much simpler solution.
I think it is probably simpler to enable the microphone from a web or mobile application than to install a keylogger in the OS. But then if you consider acoustic keyloggers...
With an acoustic keylogger you could scoop the my KeePass password but the actual passwords that I use to log into websites.
Not if it’s sandboxed, but then timing and other side-channel attacks are still easier than using the mike.