Researchers transcribe the sound of key clicks into text with 96% accuracy
File this under "oh no!" if you're a card-carrying ACLU member or "oh goody!" if you find yourself in the cult of Mitnick. Researchers at UC Berkeley claim they can just listen to keyboard taps and piece together a 96% accurate reconstruction of English words typed — and 90% of all randomly generated five-character passwords within 20 tries. The techniques used are "relatively easy" using a $10 PC microphone, open source spelling and grammar correction tools, and some custom code written by the researchers which will almost certainly end up on a torrent soon. This all works 'cause like a congo drum, keys slapped at different points along the plate under the keyboard emit different tones. Apply a little statistical learning theory and voila, your dirty little secrets are revealed.
Filed under: Misc. Gadgets, Peripherals
Reader Comments (Page 1 of 1)
Jun Kwang @ Dec 19th 2005 2:05AM
What if you go really fast? Or really slow?
xVariable @ Dec 19th 2005 2:05AM
Oh man, that's impressive. And here I just awarded the PSP Ceramic the Coolest Idea of the Week award, and now this? Looks like we have a new weiner (esp. since the new PSP is only the *colour* of ceramic (nevermind the fact that ceramic is actually an earth tone, you just forget that right now...)).
The fact that their technique appears to work, regardless of the keyboard being sniffed or the techique of the user, is what's truely remarkable here.
otakucode @ Dec 19th 2005 2:05AM
Clever... shouldn't the software be released as a part of the project? Isn't that part of academic process for peer review? Don't see why it'd have to be torrented... though I would support torrenting it as a distribution method to save the school some cash on their bandwidth bill.
fp @ Dec 19th 2005 2:05AM
I guess companies will have to start releasing extra quiet keyboards. But seriously, to my ear, on the powerbook notebook keypad, each key press sounds very much the same.
TreeNode @ Dec 19th 2005 2:05AM
This is just a dumbed down version of what someone could do: listen in on the wavelength signals ANY device gives out anyhow.
Patricia @ Dec 19th 2005 2:05AM
This research is awesome.
(To spoof the transcription, can't someone just record ramdom keystrokes and play it back while typing normally at the same time.)
hafa @ Dec 19th 2005 2:05AM
what if everything is done in one stroke? a touch of macro can easily prove this method insufficient.
dreampc @ Dec 19th 2005 2:05AM
The military has used techniques such as that and rf emission from crt's to detect keystrokes,text, etc. and such... how about lasers bounced off of windows to detect vibrations within the room, created by speech... it's all been around for years and more likely decades.
James @ Dec 19th 2005 2:05AM
But do you need 100 hours on a supercomputer to process the recording?
jared @ Dec 19th 2005 2:05AM
You need 30 minutes on a P4 3GHz to process the ten minute recording before 'realtime' single keystroke grabbing can be activated. I wish the paper had gone into more detail about what exactly a Mel-Cepstrum coefficient is.
Y'all can build this at home using the paper as a guide, a copy of MARSYAS, an open-source audio processing toolkit that includes handy feature-extraction code, and a free Java machine learning toolkit like Weka.
xVariable @ Dec 19th 2005 2:05AM
jared, jared, jared... GOOGLE IS YOUR FRIEND!!! :P
http://www.npt.nuwc.navy.mil/Csf/htmldoc/latestbook/node52.html
Rohan @ Dec 19th 2005 2:05AM
Sure, a single-button macro would prove this technique ineffective... but your emails would be pretty boring and redundant. For that matter, it would make your passwords fairly insecure too *one button*
Alex @ Dec 19th 2005 2:05AM
Man, too bad the researchers decided not to release the source code they used (not that it won't get leaked anyhow). But I was left a little confused about how they got the initial sound-to-key recording. Did they have to figure out which sounds corresponded to which keys or did the program do it all for them? Plus, not all keyboards sound the same in the same places, slightly damaged keyboards might sound differently, although if the code does everything it wouldn't make much difference.
Biochemlab @ Dec 19th 2005 2:05AM
When OLED Keyboards come out, it will be smart to make the letters appear in random places on the keyboard in order to enter a password...
Perhaps that would be a good function button on an OLED Keyboard.... "Scramble"
matt @ Dec 19th 2005 2:05AM
and some day they'll probably invent some fandangled technology that can see with 100% accuracy what you type either save it on your computer in a hidden spot or send it covertly to the person who put it there. now THAT would be amazing. they'll probably call it a keylogger or some such thing.
the cool thing about a "keylogger" will be that if you can get close enough to put a microphone under somebody's keyboard you might as well just plant the program inside their computer and improve your accuracy by 10%. wow!
Dan Sherman @ Dec 19th 2005 2:05AM
NSA has had this capability for close to 15 years. :-)
Steve @ Dec 19th 2005 2:05AM
I think the real processing power will have to be in the training phase of the algorithm. This technique really opens up the possibility of making a "virtual keyboard" on any surface, too. Have a small switch to "activate" the virtual keyboard on your coffee table, and then just type on the coffee table!
slyecho @ Dec 19th 2005 2:05AM
that’s why biometrics are becoming more and more necessary.
But then again, they could always plop out your eyes and chop off your fingers if they needed access to secure systems reeealy bad.
Mike Abdullah @ Dec 19th 2005 2:05AM
What about the possible use in powerless wireless keyboards?
If the technology could be improved enough, surely one could just have a keyboard consisting of nothing but the keys. Once the computer has "learnt" your keyboard it can tell what you're typing. Just think, truly wireless and no power needed!
Dave @ Dec 19th 2005 2:05AM
"and some day they'll probably invent some fandangled technology that can see with 100% accuracy what you type either save it on your computer in a hidden spot or send it covertly to the person who put it there. now THAT would be amazing. they'll probably call it a keylogger or some such thing.
the cool thing about a "keylogger" will be that if you can get close enough to put a microphone under somebody's keyboard you might as well just plant the program inside their computer and improve your accuracy by 10%. wow!"
Wow! Own3d
xVariable @ Dec 19th 2005 2:05AM
I believe what you mean there is pwn3d, am I right?
Your Name here @ Dec 19th 2005 2:05AM
Would an old clicky key keyboard be loud enough to blout out the detection, I wonder?
That would be some old tech goodness there.
Sam Fisher @ Dec 19th 2005 2:05AM
@ No. 18 "Dan"
Say the person was using a laptop, i.e. would notice a keylogger attached. Sure, you could plant a tape recorder or whatever, though your point makes tons more sense if a desktop is involved.
This would also make it easier to record keystrokes from a distance. Say the target machine is physically inaccessable. You can use a laser mic to record the keystrokes, then decode them at your leisure.
Dave @ Dec 19th 2005 2:05AM
Quite scary. Although, you would probably need access to the target keyboard so the software can "learn" the sounds.
Finished.Law.School @ Dec 19th 2005 2:05AM
Things will be much better once they install virtual keyboards into our heads so that we can think what we want to type and it then appears on screen.
Samuel Lago @ Dec 19th 2005 2:05AM
This was advertised ages ago on BBC's SPOOKS series Two ages ago.
#14 - good idea
EricV @ Dec 19th 2005 2:05AM
What about those of us who use the dvorak keyboard layout? Sorry UC Berkeley, but atleast it'll work for the 99.99% of those who use QWERTY. Maybe this will prompt more people to learn the more efficient keyboard layout (http://en.wikipedia.org/wiki/Dvorak_Simplified_Keyboard)
Rob @ Dec 19th 2005 2:05AM
Who cares.....Keyboard manufacturers are only gonna be selling wireless in the future and anyone can just grab the frequency in proximity and know what your typing with 100 % accuracy
radman @ Dec 19th 2005 2:05AM
just get biometrics and you're ok
some laptops even have it built in now