Tuesday, September 20, 2005

Click click click!

Wow. I reprint the article entirely without permission, which is a copyright violation.

I've wondered about this since the 1990s, but assumed that electronic signals from the keyboard would be the key.

But listen to your own typing and you'll realize that the time interval between keystrokes, as well as the loudness and duration of the stroke, strongly indicate what keys were pressed.

Lay the observed sounds over a statistical template of known patterns, and the typed text emerges neatly.

It's the beauty of mathematics, statistics, and computers joined with a little snooping to create an elegant solution.

SAN FRANCISCO (Reuters) - Forget about watching, Big Brother may be listening.

Sounds from typing on computer keyboards are distinctive enough to be decoded, allowing security breaches caused by "acoustic snooping," University of California, Berkeley researchers said on Wednesday.

The researchers said they were able to feed sound recordings of typing on keyboards into a computer and use an algorithm to recover up to 96 percent of the keyboard characters entered by typists.

"It's a form of acoustical spying that should raise red flags among computer security and privacy experts," said Doug Tygar, a Berkeley professor of computer science and information management.

"If we were able to figure this out, it's likely that people with less honorable intentions can -- or have -- as well," Tygar said.

The research builds on earlier work by International Business Machines Corp. researchers who were able to recover 80 percent of text from keyboard recordings.

That research relied on the same typist using the same keyboard and an algorithm trained with known text and corresponding sound samples.

By contrast, the algorithm in the Berkeley study adapts to typing patterns of multiple typists and overcomes background noise such as music or ringing cellphones. Also, no special recording equipment was required; keystroke noise could be recorded using off-the-shelf gear.

"The message from this study is that there is no easy escape from this acoustic snooping," Tygar said.

But computer security expert Peter Tippett said that while such research is interesting, the prospect of such spying should not concern individuals worried that employers would use it to monitor them or businesses fretting over possible snooping by rivals.

"It's like worrying about anvils dropping on automobiles," said Tippett, founder of Cybertrust Inc., a Herndon, Virginia-based information security services company. "There are all kinds of attacks like these but they are only relevant to top secret organizations."
Weblog Commenting and Trackback by HaloScan.com