[kragen]

Like "you're probably not at a very realistic risk of having your phone wiretapped", this is overindexing on past experience—remember that until Room 641A commenced operations in 02003 (https://en.wikipedia.org/wiki/Room_641A), you weren't, and after it did, your phone was virtually guaranteed to be wiretapped. Similarly, you aren't at a very realistic risk of having your password hacked via audio, until someone is doing this to 80% of the people in the world. As far as we know, this hasn't happened yet, but it certainly will.

[antonvs]

But again, that’s the Mossad scenario - NSA in this case. You’re essentially reinforcing the OP point. There are three threat models given in Figure 1 of the OP doc, and what you’re saying really only applies to the third.

[kragen]

No, their Mossad threat model is that the Mossad wants to kill particular people, not steal the passwords of literally every single person on Earth.