Acoustical keystoke sniffing
Berkeley Researchers Sniff Out Passwords From Keyboard Clicks - from TBO.com
: "If spyware and key-logging software weren't a big enough threat to privacy, researchers have figured out a way to eavesdrop on your computer simply by listening to the clicks and clacks of the keyboard.
Those seemingly random noises, when processed by a computer, were translated with up to 96 percent accuracy, according to researchers at the University of California, Berkeley.
'It's a form of acoustical spying that should raise red flags among computer security and privacy experts,' said Doug Tygar, a Berkeley computer science professor and the study's principal investigator.
Researchers used several 10-minute audio recordings of people typing away at their keyboards. They fed the recordings into a computer that used an algorithm to detect subtle differences in the sound as each letter is struck.
On the first run, the computer had an accuracy of about 60 percent for characters and 20 percent for words, said Li Zhuang, a Berkeley graduate student and lead author of the study. After spelling and grammar checks were deployed, the accuracy for individual letters jumped to 70 percent and words to 50 percent.
The software learned to improve as researchers repeatedly fed back the same recordings, using results of spelling and grammar checks as a gauge on correctness. In the end, it could accurately detect 96 percent of characters and 88 percent of words.
'If we were able to figure this out, it's likely that people with less honorable intentions can - and have - as well,' Tygar said.
Researchers said there is some limitation to their technique. For one, their work did not take into account the use of a computer mouse or the 'shift,' 'control,' 'backspace' or 'caps lock' keys. They did, however, describe approaches for taking those into account."