Keystrokes reveal passwords to researchers - East Valley Tribune: Business

Keystrokes reveal passwords to researchers

Print
Font Size:
Default font size
Larger font size

Posted: Tuesday, September 20, 2005 12:25 pm | Updated: 9:18 am, Fri Oct 7, 2011.

BERKELEY, Calif. - If spyware and key-logging software weren't a big enough threat to privacy, researchers have figured out a way to eavesdrop on your computer simply by listening to the clicks and clacks of the keyboard.

Those seemingly random noises, when processed by a computer, were translated with up to 96 percent accuracy, according to researchers at the University of California, Berkeley.

"It's a form of acoustical spying that should raise red flags among computer security and privacy experts," said Doug Tygar, a Berkeley computer science professor and the study's principal investigator.

Researchers used several 10-minute audio recordings of people typing away at their keyboards. They fed the recordings into a computer that used an algorithm to detect subtle differences in the sound as each letter is struck.

On the first run, the computer had an accuracy of about 60 percent for characters and 20 percent for words, said Li Zhuang, a Berkeley graduate student and lead author of the study. After spelling and grammar checks were deployed, the accuracy for individual letters jumped to 70 percent and words to 50 percent.

The software learned to improve as researchers repeatedly fed back the same recordings, using results of spelling and grammar checks as a gauge on correctness. In the end, it could accurately detect 96 percent of characters and 88 percent of words.

"If we were able to figure this out, it's likely that people with less honorable intentions can - and have - as well," Tygar said.

Researchers said there is some limitation to their technique. For one, their work did not take into account the use of a computer mouse or the "shift," "control," "backspace" or "caps lock" keys. They did, however, describe approaches for taking those into account.

The use of a computer mouse is another challenge, the researchers said.

The Berkeley research builds on the findings of an International Business Machines Corp. study in which 80 percent of text was recovered from the sound of keyboard clicks.

The IBM team, however, relied on controlled conditions such as using the same keyboard and training the software with known text and corresponding sound samples.

Bruce Schneier, chief technology officer of Counterpane Internet Security Inc., called the study "a great piece of research." He said audio eavesdropping is just one of many possible techniques to spy on PC users.

"If the bad guys can get access to your physical space, they can eavesdrop on your stuff," he said. "They can install a camera or a keyboard logger on the wire. They can install a microphone."

The Berkeley researchers built their system using off-the-shelf equipment.

"We didn't need high-quality audio to accomplish this," said Feng Zhou, another Berkley graduate student and study author. "We just used a $10 microphone that can be easily purchased in almost any computer supply store."

The Berkeley researchers, part of the Team for Research in Ubiquitous Secure Technology, will present their results Nov. 10 at a computer and communications security conference in Alexandria, Va.

  • Discuss

EVT Ice Bucket Challenge

The East Valley Tribune accepts the Ice Bucket Challenge.

'EV Women in Business'

A PDF of the Tribune special section, featuring a mix of sponsored content from our loyal advertisers and newsroom coverage of the East Valley business community.

Your Az Jobs