TELECOM Digest OnLine - Sorted: Keystrokes Reveal Passwords to Researchers

Keystrokes Reveal Passwords to Researchers

Associated Press News Wire (ap@telecom-digest.org)
Tue, 20 Sep 2005 17:42:27 -0500

If spyware and key-logging software weren't a big enough threat to
privacy, researchers have figured out a way to eavesdrop on your
computer simply by listening to the clicks and clacks of the keyboard.

Those seemingly random noises, when processed by a computer, were
translated with up to 96 percent accuracy, according to researchers at
the University of California, Berkeley.

"It's a form of acoustical spying that should raise red flags among
computer security and privacy experts," said Doug Tygar, a Berkeley
computer science professor and the study's principal investigator.

Researchers used several 10-minute audio recordings of people typing
away at their keyboards. They fed the recordings into a computer that
used an algorithm to detect subtle differences in the sound as each
letter is struck.

On the first run, the computer had an accuracy of about 60 percent for
characters and 20 percent for words, said Li Zhuang, a Berkeley
graduate student and lead author of the study. After spelling and
grammar checks were deployed, the accuracy for individual letters
jumped to 70 percent and words to 50 percent.

The software learned to improve as researchers repeatedly fed back the
same recordings, using results of spelling and grammar checks as a
gauge on correctness. In the end, it could accurately detect 96
percent of characters and 88 percent of words.

"If we were able to figure this out, it's likely that people with less
honorable intentions can -- and have -- as well," Tygar said.

Researchers said there is some limitation to their technique. For one,
their work did not take into account the use of a computer mouse or
the "shift," "control," "backspace" or "caps lock" keys. They did,
however, describe approaches for taking those into account.

The use of a computer mouse is another challenge, the researchers
said.

The Berkeley research builds on the findings of an International
Business Machines Corp. study in which 80 percent of text was
recovered from the sound of keyboard clicks.

The IBM team, however, relied on controlled conditions such as using
the same keyboard and training the software with known text and
corresponding sound samples.

Bruce Schneier, chief technology officer of Counterpane Internet
Security Inc., called the study "a great piece of research." He said
audio eavesdropping is just one of many possible techniques to spy on
PC users.

"If the bad guys can get access to your physical space, they can
eavesdrop on your stuff," he said. "They can install a camera or a
keyboard logger on the wire. They can install a microphone."

The Berkeley researchers built their system using off-the-shelf
equipment.

"We didn't need high-quality audio to accomplish this," said Feng
Zhou, another Berkley graduate student and study author. "We just used
a $10 microphone that can be easily purchased in almost any computer
supply store."

The Berkeley researchers, part of the Team for Research in Ubiquitous
Secure Technology, will present their results Nov. 10 at a computer
and communications security conference in Alexandria, Va.

Copyright 2005 The Associated Press.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.

To listen to AP News Radio and/or read Associated Press stories, go to
http://telecom-digest.org/td-extra/AP.html

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Adam Pasick: "Google Begins Limited Test of Wi-Fi Service"
Go to Previous message: Reuters News Wire: "AOL, Microsoft Plan Web Phone Services"
TELECOM Digest: Home Page