A Clickety-Clack Hack? (Acoustic Snooping)

The very sound of your typing may be enough to reveal the content of what you have typed.

From Slashdot:
“Three students at UC-Berkley used a 10 minute
recording of a keyboard to recover 96% of the characters typed during
the session. The article details that their methods did not require a
‘training text’ in order to calibrate the conversion algorithm as has
been used previously. The research paper [PDF] notes that ‘90% of
5-character random passwords using only letters can be generated in fewer
than 20 attempts by an adversary; 80% of 10-character passwords can be
generated in fewer than 75 attempts.'”

From Freedom-to-Tinker:

“The idea is that different keys tend to make slightly different sounds, and although you don’t know in advance which keys make which sounds, you can use machine learning to figure that out, assuming that the person is mostly typing English text. (Presumably it would work for other languages too.)

Asonov and Agrawal had a similar result previously, but they had to assume (unrealistically) that you started out with a recording of the person typing a known training text on the target keyboard. The new method eliminates that requirement…”

One response to “A Clickety-Clack Hack? (Acoustic Snooping)”

  1. phizone says:

    That’s awesome… Another way to look at it is simply as character frequency analysis as people did in old school cryptography. Only your cyphertext is audio… The most common repeated sounds will probably be your vowels… I’m sure if they haven’t already, they’ll be incorporating the pause lengths between characters and words into the analysis also… So if you have a long pause after 3 or 5 characters were typed, you could guess that you probably have a 3 or 5 character word, etc…

    Bu7, | b37 |7 d035n’7 w0rk w|7h 1337 5pe4k… 😉

Leave a Reply