Yes they are.
I think its within 55 key presses you can guess the pass.
and then from there keylog.
The Remote Exploit guys have released a video of them carrying out a POC.
Nothing is public yet except a very helpful PDF document which explains the concepts.