Researchers transcribe the sound of key clicks into text with 96% accuracy
posted Sep 15th 2005 10:10AM
File this under "oh no!" if you're a card-carrying ACLU member or "oh goody!" if you find yourself in the cult of Mitnick. Researchers at UC Berkeley claim they can just listen to keyboard taps and piece together a 96% accurate reconstruction of English words typed — and 90% of all randomly generated five-character passwords within 20 tries. The techniques used are "relatively easy" using a $10 PC microphone, open source spelling and grammar correction tools, and some custom code written by the researchers which will almost certainly end up on a torrent soon. This all works 'cause like a congo drum, keys slapped at different points along the plate under the keyboard emit different tones. Apply a little statistical learning theory and voila, your dirty little secrets are revealed.
What if you go really fast? Or really slow?
Oh man, that's impressive. And here I just awarded the PSP Ceramic the Coolest Idea of the Week award, and now this? Looks like we have a new weiner (esp. since the new PSP is only the *colour* of ceramic (nevermind the fact that ceramic is actually an earth tone, you just forget that right now...)).
The fact that their technique appears to work, regardless of the keyboard being sniffed or the techique of the user, is what's truely remarkable here.
Clever... shouldn't the software be released as a part of the project? Isn't that part of academic process for peer review? Don't see why it'd have to be torrented... though I would support torrenting it as a distribution method to save the school some cash on their bandwidth bill.
I guess companies will have to start releasing extra quiet keyboards. But seriously, to my ear, on the powerbook notebook keypad, each key press sounds very much the same.
This is just a dumbed down version of what someone could do: listen in on the wavelength signals ANY device gives out anyhow.
This research is awesome.
(To spoof the transcription, can't someone just record ramdom keystrokes and play it back while typing normally at the same time.)
what if everything is done in one stroke? a touch of macro can easily prove this method insufficient.
The military has used techniques such as that and rf emission from crt's to detect keystrokes,text, etc. and such... how about lasers bounced off of windows to detect vibrations within the room, created by speech... it's all been around for years and more likely decades.
But do you need 100 hours on a supercomputer to process the recording?
You need 30 minutes on a P4 3GHz to process the ten minute recording before 'realtime' single keystroke grabbing can be activated. I wish the paper had gone into more detail about what exactly a Mel-Cepstrum coefficient is.
Y'all can build this at home using the paper as a guide, a copy of MARSYAS, an open-source audio processing toolkit that includes handy feature-extraction code, and a free Java machine learning toolkit like Weka.
jared, jared, jared... GOOGLE IS YOUR FRIEND!!! :P
http://www.npt.nuwc.navy.mil/Csf/htmldoc/latestbook/node52.html
Sure, a single-button macro would prove this technique ineffective... but your emails would be pretty boring and redundant. For that matter, it would make your passwords fairly insecure too *one button*
Man, too bad the researchers decided not to release the source code they used (not that it won't get leaked anyhow). But I was left a little confused about how they got the initial sound-to-key recording. Did they have to figure out which sounds corresponded to which keys or did the program do it all for them? Plus, not all keyboards sound the same in the same places, slightly damaged keyboards might sound differently, although if the code does everything it wouldn't make much difference.
When OLED Keyboards come out, it will be smart to make the letters appear in random places on the keyboard in order to enter a password...
Perhaps that would be a good function button on an OLED Keyboard.... "Scramble"
and some day they'll probably invent some fandangled technology that can see with 100% accuracy what you type either save it on your computer in a hidden spot or send it covertly to the person who put it there. now THAT would be amazing. they'll probably call it a keylogger or some such thing.
the cool thing about a "keylogger" will be that if you can get close enough to put a microphone under somebody's keyboard you might as well just plant the program inside their computer and improve your accuracy by 10%. wow!
NSA has had this capability for close to 15 years. :-)
I think the real processing power will have to be in the training phase of the algorithm. This technique really opens up the possibility of making a "virtual keyboard" on any surface, too. Have a small switch to "activate" the virtual keyboard on your coffee table, and then just type on the coffee table!
that’s why biometrics are becoming more and more necessary.
But then again, they could always plop out your eyes and chop off your fingers if they needed access to secure systems reeealy bad.
What about the possible use in powerless wireless keyboards?
If the technology could be improved enough, surely one could just have a keyboard consisting of nothing but the keys. Once the computer has "learnt" your keyboard it can tell what you're typing. Just think, truly wireless and no power needed!
"and some day they'll probably invent some fandangled technology that can see with 100% accuracy what you type either save it on your computer in a hidden spot or send it covertly to the person who put it there. now THAT would be amazing. they'll probably call it a keylogger or some such thing.
the cool thing about a "keylogger" will be that if you can get close enough to put a microphone under somebody's keyboard you might as well just plant the program inside their computer and improve your accuracy by 10%. wow!"
Wow! Own3d
I believe what you mean there is pwn3d, am I right?
Would an old clicky key keyboard be loud enough to blout out the detection, I wonder?
That would be some old tech goodness there.
@ No. 18 "Dan"
Say the person was using a laptop, i.e. would notice a keylogger attached. Sure, you could plant a tape recorder or whatever, though your point makes tons more sense if a desktop is involved.
This would also make it easier to record keystrokes from a distance. Say the target machine is physically inaccessable. You can use a laser mic to record the keystrokes, then decode them at your leisure.
Quite scary. Although, you would probably need access to the target keyboard so the software can "learn" the sounds.
Things will be much better once they install virtual keyboards into our heads so that we can think what we want to type and it then appears on screen.
This was advertised ages ago on BBC's SPOOKS series Two ages ago.
#14 - good idea
What about those of us who use the dvorak keyboard layout? Sorry UC Berkeley, but atleast it'll work for the 99.99% of those who use QWERTY. Maybe this will prompt more people to learn the more efficient keyboard layout (http://en.wikipedia.org/wiki/Dvorak_Simplified_Keyboard)
Who cares.....Keyboard manufacturers are only gonna be selling wireless in the future and anyone can just grab the frequency in proximity and know what your typing with 100 % accuracy
just get biometrics and you're ok
some laptops even have it built in now