Get Visual Studio 2010 Beta 2

Keyboard Clicks Now Security Threat

Keyboard Clicks Now Security Threat

Techtree News Staff, Sep 15, 2005 1641 hrs IST

Computer scientists at the University of California (UC) have discovered a new security threat concerning keyboard clicks.

E-Mail Print

Computer scientists at the University of California (UC), Berkeley, have discovered a new security threat concerning keyboard clicks, wherein a simple audio recording of these clicks can betray the text that has been just entered, be it a password or a love note!

In an experiment, the researchers took 10-minute sound recordings of users typing at a keyboard, fed the audio into a computer and using an algorithm recovered upto 96 percent of the characters entered. Reportedly prior work has been done in this direction by IBM researchers Rakesh Agrawal and Dmitri Asonov, who managed to retrieve 80 percent of text from keyboard recordings.

According to Doug Tygar, professor of computer science and information management and principal investigator of this study, UC Berkeley, "It's a form of acoustical spying that should raise red flags among computer security and privacy experts. If we were able to figure this out, it's likely that people with less honorable intentions can - or have - as well."

The technique used by the researchers becomes feasible, due to the fact that each keystroke makes a relatively distinct sound, however subtle, when hit. Also, typical users can type about 300 characters per minute, which leaves enough time for a computer to isolate the sounds of individual keystrokes.

Li Zhuang, Ph.D. student in computer science and lead author of the study, UC Berkeley, said, "Using statistical learning theory, the computer can categorize the sounds of each key as it's struck and develop a good first guess with an accuracy of 60 percent for characters, and 20 percent for words."

"We then use spelling and grammar checks to refine the results, which increased the character accuracy to 70 percent and the word accuracy to 50 percent. The text is somewhat readable at this point", said Zhuang.

The process does not end there; the audio recording is played back repeatedly to "train" the computer to increase its accuracy. Once the PC is trained, recovering the text becomes simpler.

However, the researchers have admitted that they did not use the Control, Backspace, Shift or Caps Lock keys for their experiment, which means that the technique does have its own limitations.

Nevertheless the findings highlight a security hole that can be exploited, irrespective of the user's typing proficiency, type of keyboard used or background noise.

Commenting on the problem, Tygar said, "There are different forms of authentication that could be used, including smart cards, one-time password tokens or biometrics. That helps with passwords, but it doesn't help protect text documents we would want to keep classified. I'm not sure what the solution is, but it's important that we're aware of this vulnerability."

(All fields are mandatory.)

Text Limit = 255 Characters

Type the characters you see in the picture below.

#

Characters are not case sensitive.



USER COMMENTS

Bah. With no baseline on a particular keyboard this technique would not work. They don't give specifics on how the test was conducted. I'd also like to know which individuals average 300 characters PER MINUTE. (And I thought I typed fast!) The algorithm must rely on pauses between keystrokes (I.E. the spacebar hit between words) to determine word length, then, by process of elimination, logical sentences are constructed. Depending on how hard a key was depressed the sounds would vary widely, even for the same keystroke. It's a ploy by Microsoft and Logitec to sell new, silent keyboards!

by Yogi Anamalomon, Victoria, on Sep 22, 2005 01:55 PM, Report abuse   Reply

Haa . . Why there is so much hacking and looting around the globe? Why cant u make our world virus free and hacking free. There are many restrictions towards technology which could be overcome only if there is no virus or hacking in this world.

by JamesBond, 007, on Sep 20, 2005 10:37 PM, Report abuse   Reply

So what! This is a very old technique used by spy agencies for evesdropping. The MI6 eve dropped and broke into Egyptian embassy in Londonin the sixties by recording the taps of their typewriter as they teyped away, by fixing a hidden microphone, feeding it into a computer which came up with the text. The technique is basically the same, only the typewriter is replaced by the computer keyboard!

by Najmi Salim, Allahabad, on Sep 16, 2005 02:12 PM, Report abuse   Reply

Show it practically first & prove !!

by C.B. Inamdar, Pune, on Sep 16, 2005 09:52 AM, Report abuse   Reply

Sow it practically first & prove !!

by C.B. Inamdar, Pune, on Sep 16, 2005 09:48 AM, Report abuse   Reply

we need to start using telepathic communication, that way everyone will hail me

by Anonymous, Mumbai, on Sep 16, 2005 06:22 AM, Report abuse   Reply

Yup, that would be ideal. Till then, use non mechanical keyboards that are touch sensitive :)

by Rex, New Delhi, on Sep 16, 2005 08:56 AM, Report abuse

Sound like CIA and KGB may have used such methods long long time ago and its just starting to surface now. Though its interesting how they may be able to decode it, when almost all the keys should be making idencticle sounds as they are of the same shape and size, however the acoustic that comes due to the hollow space in the keyboard maybe the culprit. A touchpad may resolve this issue for some time, but not forever. Something like a virtual keyboard would be way better at handling such things, and I know from what ive seen till date that developments on virtual keyboards is already going on.

by MaxAxe, Noida, on Sep 15, 2005 11:49 PM, Report abuse   Reply

Design a silent keyboard. Probably something like the a touch pad keyboard good enough to handle rough keystokes.

by Subramanyam Val, CA, on Sep 15, 2005 10:13 PM, Report abuse   Reply

I think we need a lot of new laws to deal with this threat to national security!

by a liberal, Los Angelos, on Sep 15, 2005 07:37 PM, Report abuse   Reply

Yet another solution to a problem that doesn't exit.

by J J Ronald, Boston, on Sep 15, 2005 07:34 PM, Report abuse   Reply

Use silent keyboard. To hell with tactile effect!

by Anonymous, AA, on Sep 15, 2005 07:26 PM, Report abuse   Reply

Acoustical spying is a far cry. In Asia pasific rim atleast. Lay back & relax. Leave it for the yankees.

by Yogesh Bagga, New Delhi, on Sep 15, 2005 05:24 PM, Report abuse   Reply

HOT STUFF

visual_studio
Try Visual Studio 2010 Beta 2 Now

Sauerbraten
Top 5 cameras under Rs. 10,000

Sauerbraten
Build a High-end Gaming PC

Sauerbraten
Entry-level PC for about 20K

Sauerbraten
Mid-range Gaming PC for about 35K

Sauerbraten
Mobile Phone Buyers' Guide