September 14, 2005 1:46 PM PDT
Keyboard clicks can lead to security hacks
- Related Stories
Companies urged to move beyond passwordsSeptember 14, 2005
New-age keyboard: Trace, don't writeJuly 11, 2005
Behold the customizable keyboardJune 24, 2005
Microsoft security guru: Jot down your passwordsMay 23, 2005
Finding a replacement for passwordsFebruary 23, 2005
Privacy's random answerNovember 24, 2004
Gates: Passwords passeNovember 16, 2004
PalmOne taps out keyboard for rival devicesSeptember 20, 2004
Old-school theory is a new forceFebruary 18, 2003
An audio recording of an individual's typing can be transposed into a transcript of what was typed, according to researchers with the University of California, Berkeley. The technique works because each key makes a distinct sound when hit, and users, who typically type about 300 characters a minute, leave enough time between keystrokes for a computer to isolate the individual sounds.
The researchers were able to take several 10-minute sound recordings of users typing at a keyboard, feed the audio into a computer, and use an algorithm to recover up to 96 percent of the characters entered.
While any sort of typed documents could be pilfered through this technique, the study underscores the vulnerability of passwords, said Doug Tygar, a UC Berkeley professor of computer science and information management, and a principal investigator of the study.
"Passwords are a mechanism for authentication that really need to be rethought," he said. "This is not an esoteric attack. It requires some knowledge of computer science, but it can be done using many components that are freely available...We used $10 microphones."
The work builds on research conducted by IBM's Dmitri Asonov and Rakesh Agrawal that showed how 80 percent of text typed could be recovered from keyboard recordings. Those experiments, however, were tightly controlled.
The results of their findings will be presented Nov. 10 at the Association for Computing Machinery Conference in Alexandria, Va.
The UC Berkeley technique relies on probabilistic computing techniques that underlie search engines. The computer categorizes the sound of each key and takes an educated guess about the character or word that was written. The computer uses both the sound of the keystroke and linguistic conventions to interpret a keystroke as an E after TH rather than a Q when the sound is similar--to come to a conclusion.
The first pass is right about 60 percent of the time for characters and 20 percent of the time for entire words. The transcript is then run through spelling and grammar checks, which increased character accuracy to 70 percent and the word accuracy to 50 percent.
The results are then fed back through the computer to refine future results. After three feedback cycles, the accuracy rate rose to 88 percent for words and 96 percent for characters.
Further experiments will take place. The researchers didn't examine what happens when the Shift, Control, Delete or Caps Lock keys are hit. Mouse actions also raise a major problem.
4 commentsJoin the conversation! Add your comment