Slashdot Mirror
The Security Risk of Keyboard Clicks
Gudlyf writes "First the blinking LED security issue, now this: listening to tell-tale keyboard clicks to decipher from afar what a person is typing. This isn't limited to just computer keyboards -- ATM's, telephone keypads, security doors, etc. Apparently with $200 worth of sound equipment and software, these keyboard clicks can be translated to within 80% accuracy. Of course, a whole lot of this is just theory."
Now when I log in to my account at work, instead of just needing password, secureid, smartcard, fingerscan, eyescan, and a note from my mother, I'll also need to use an on-screen touch-screen keyboard!
Of course, someone will probably now figure out that tapped glass reverberates at a different frequency...
Now we just need some covering noise while logging in. Time for a kernel patch?
You won't believe this, I know, but it's still a fact that I know a guy who - after couple of guesses - knows what you typed on your keyboard just by listening to your keyboard clicks.
It's pretty amazing when he demonstrates that.
Yeah, I put a surprise in there too
Sounds like bollocks to me. The amount of crumbs under my keys, I'd be mighty impressed if you got anything intelligble.
I could have sworn we already covered this topic on Slashdot... like a year ago? I cant find the article, am i the only one to remember this?
-Imidazole2
... but a firstpost on slashdot sounds differently.
There was a story a bit back (on Ars?) about how the government has been doing this since the 80's.
You know, I don't care.
Its not like I have the secrets to nuclear weapons research, nor do I have tomorrows stock market numbers. I and average Joe 24 Pack.
So you can listen to my keystrokes and decipher what I am typing. I'm sure that if you asked me, I'd tell you anyway. People are far greater a security risk than computers.
And well, if you have such sensative documents, Tempest your computer, unplug it from EVERY network and work.
I agree that these are good academic exercises to see how one person can spy on another, but does it matter to 99% of the world. NO. Anywho, my girlfriend just yelled at me so I needed to vent.
--sig fault--
The LED story only effects modems, and not even high speed equipment, besides which how many people are going to have the equipment to monitor somebodies modem for info? The keyboard clicking story seems dodgy too.
Get it together, slashdot! Talk about paranoia.
Pretty soon they will find a way to desipher hidded messeges from human and animal farts.
I'm still not going to give up my Model M.
Cthulhu Saves.
OTOH if all you want is a 6-character password, and it's typed a couple of times a day, then listening with 80% accuracy for a day may well be enough.
I can't even tell what freakin time it is on my LED clock from ThinkGeek, much less deciper keyboard clicks and modem blinks :-)
Al you have to do is install voice-recognition software, then train it to only understand you when you speak in a broad Glaswegian accent.
Thereby ensuring NOBODY's going to be able to decipher a word you're saying.
'Don't worry' said the trees when they saw the axe coming, 'The handle is one of us.'
The reality is if someone reallio TRUELIO WANTS!! to get into your account, they WILL succeed.
I think more effort should be put into hindering crackers eforts once they are inside the system rather than having a completly open system with never good enough security.
Safegaurds!
Maybe I am remembering wrong, but I think old ATMs used to have slightly different tones for the different buttons, which is dumb, but sounds like something some engineer would do without thinking.
This also got me thinking, I used to have an old MAC IIe, when you selected menu items (from that top mac tool bar) different pitches were emitted from the pc, they were quiet and possible actually created from the guns in the tube itself, but this type of thing could be used to figure out what ppl are doing... idontevenknow....
http://monkeyserver.com --- weeeeee
The guy is from IBM, so he must have been measuring those IBM keyboards that go
CLICK!
on the way down and another
CLACK!
on the way up - you can hear someone typing seven rooms away.
This seems like this could be a new method of supporting wireless keyboards. No battery required!
Place clever sig here
Crumbs? Since when does pubic hair look like crumbs? :)
Well, while hitting the keys harder or softer may make little difference (note that the frequency is captured), doing weird tricks like
US is now divided as the "Red" and "blue" states. Red States = communist countries. Coincidence? I think not
To pick up one of these babies... C'mon, it's like $400, I need to grab at any justification I can find!
-- The unsig...
Anyhow, the coordinator of the group would report the status of the group to the outside via computer. However there was only one computer and she typed on the keyboard by setting her hands under a shelf that masked the users typing. There was no screen. She simply made her notes, requests, etc by typing blindly on that keyboard.
At an old networking facility I worked at we had a similar system in place to enter the server room, there was a keypad set into the wall next to the door and in order to enter your code for entry you had to place your hand inside the little 4X4 box that masked/overlayed the keypad. Add in the background noise from the HVAC systems outside the room and we pretty much had/have a secured system.
Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep
Wait, there is a theory that with $200 of equipment, you can get 80% accuracy on this. Is there any reason why this is still just a theory? Can anyone scrap together the $200 to test this theory?
If only science weren't so expensive. Imagine how many other theories we could test if we could somehow get our hands on $500!
Finkployd
I don't type my passwords. I use voice recognition software and just say them. No clicks to overhear baby!!!
Doh
Can you say "tinfoil hat" ?
Cough loudly while typing softly.
So, each key on a membrane keyboard makes a unique sound? I HOPE they try to patent this technology ... that is just SO obvious ... but is it practical in application?
... background noise! Better be some damned high-value information you're after bucko!
... also obvious ... that's why they are labelled "TD" and "RD"! Also easily defeated by simple piece of black tape.
Eighty percent accuracy after "voiceprinting" each key thirty times and using neural nets to arrive at an abstract sound signature for each key? Of course, the simple expedient of changing keyboards will defeat that. Or by the other obvious antidote
Blinking lights on a modem can be decoded to yield the byte values sent and received? DUH
Sleep well tonight, your AFDB Brigade is on duty and alert!
utter rubbish
I had this teacher who also did some network consulting. He told us of a case where he knew somebody was logging on at a client's site using his password, but he couldn't figure out how his password was being hacked. He noticed that whenever he was logging in, a particular secretary used to hang around. He confronted her and she confessed to using his account. She was an experienced typist and claimed that she could figure out what he was typing by listening to the keystrokes a few times.
more about me
The fact remains with all these things that you have to make your security procautions good enough so that it is more effect get through them than it's worth to do it. For example say I had 20 in my back account, nobody would spend 100 in time or money to get to it. This keyboard tapping proof of concept will not cause everyone to stop using typed passwords. Much like that ability to factorise large primes hasn't stopped people using RSA.
----
As IT pros, this should have a significant impact on how you think about your IT security policies. Strong password policies are still important, but this further exaggerates the need for strong physical security for all your terminals and surrounding areas.
Good thing the whole future of "speech recognition" didn't pan out. Oh those silly Star Trek episodes, everyone can hear when Picard announces his secret password to everyone!
Like Teddy with an elephant gun.
For many years, navy submarines have been able to identify surface ships by the sounds of their props. Not just the type, but the exact ship. Why couldn't this be applied to keyboards, especially if you monitor the particular typist for a while?
Would the same modem blinking affect be observed on network switches or routers which have LED indicator lights?
In other news: hackers can connect to the internet by whistling into the phone.
SIG: TAKE OFF EVERY 'CAPTAIN'!!
This is old news. Ever see the movie Sneakers from 1992?
you know , after a few blasts of the bowl with the room thick with smoke someone has said "so dudes, i reckon that its possible to.... "
Of course, a whole lot of this is just theory.
A keyboard bug is not uncommon in the military. I didn't use one because it wasn't part of my job, but I did see one in use at communications/electronics school. It is more than 80% accurate. They also had one that listened to monitor frequencies to recreate what was on a monitor's screen. That was more flaky. The fuzziness was OK for trying to make out plain text, but when windows and such were involved it became an unreadable mess.
The previous comment is purposely vague and generalized, but all of the facts are completely true.
80% accuracy?
So is that like
Howdy sup m8
becoming
HAIL ALLAH! WE BLOW UP OURSELVS TOMORROW!
Whenever the FBI/CIA/the smurfs want some reason to put us in jail?
--- [Insert intresting Sig here]
My Model M doesn't have a rubber membrane so I'm not worried. Then again you don't need a microphone to hear me typing on it. My neighbours can hear me typing. If someone were to stick a microphone up to it I'd be interested to know how much of their hearing they'd retain.
Support the First Amendment. Read at -1
Despite the fact that these are theories and not proven whatsoever, isn't it a bit obvious if on a weekday morning you enter your office and find microphones pointed at your keyboard? Why not place camera's instead? Or how about a person looking over your shoulder?
Simple workaround for this 'security' issue: turn up the radio.
There has always been keylogger software which are easy to use and give the full text of whatever has been typed on the keyboard....and 1000's of them can be found allover the net!
The only thing may be that they cant be used in ATM's..............but anyway even with those electronic acoustic gadggets , how are they gonna impant it inside the ATM room?Sure some1's gonna find them and remove them.
The Idea isnt great really....Why does yahoo do this
An interesting way to play golf.
Usually you put one ball on top of the tee, rather than two balls next to the tee!
Type in a bunch of random letters, or even a fake password then hold the backspace key down. That will only make sound once and you can have multiple deletes confusing the listener.
Run a keyboard demon that "accompanies" your every click with randomly chosen acoustics.
Seeing bad movies only encourages them. Watch responsibly
I remember an article a while ago about determining what's displayed onscreen based on the electron guns in the monitor. My ViewSonic, which is relatively new, but on the cheap end, makes a barely audible high pitched whine that varies with the brightness and area of what's displayed. It's not nearly enough for a person to determine what's on the screen, but perhaps some tuned sensors could.
"No fair, you changed the outcome by measuring it!" - Professor Hubert J. Farnsworth
Nah, it's make it easier:
..." ... some time later...
Spook 1: "So, we have fragment of ready-salted crisp crunch followed by old muffin.."
Spook 2: "Nah, that was a piece of bagette"
Spook 1: "You think?"
Spook 2: "Yeah, must have been about 3 weeks old"
Spook 1: "eurh, okay, hairy old bagette and then
Spook 1: "...So from that, we can work out that his password is 'password'. Such is the power of sub-key decomposition auditory analysis gentlemen!"
A replacement for the expensive, complex, and unreliable bluetooth and infrared protocols used for wireless keyboards...
The AudioWiFi keyboard (or HiFi, maybe): no cables, no batteries, no line of sight. Just a microphone on the PC that listens to your keystrokes and learns what they mean.
With 80% accuracy it wudls br possublr ti typr entirr dicunents witg onlu a feq ertors.
And keep the music down!
Sig for sale or rent. One previous user. Inquire within.
Sometimes keyboard noise can be very expressive even without computer analysis. I've occasionally heard something like this from several cubes away:
Click-click (Beep!) Click-click (Beep!) (Long pause) (Mouse click, mouse click). Click-click (Beep!) Click-click (Beep!) (Pause) Click-click (Beep!)
Followed by a primal scream.
"How to Do Nothing," kids activities, back in print!
If someone cares enough and is smart enough to decipher what I'm typing by sound, they deserve to know. They would however, realize that it was a mistake due to how uninteresting any data they collect from me would be.
MAKE YOUR TIME
All I know is you don't need a bunch of expensive equipment to pick up sounds from my IBM Model M keyboard.
The ability to decipher what someone types based on the key clicks is quite interesting, but merely conceptual. Certainly, there are plenty of security holes in any technology. This implies that nothing is secure. However, you cannot sit awake at night worrying that someone wants to spy on your personal data. If you do, the you must have a mental condition. Just take a step back for a few minutes and look at the world around you. Think about your life and the things that have happened to you. Just from your own perspective, how many times have you been burgled? Car(s) stolen? Been questioned or interviewed by the authorities? Had important data intercepted and used against you (I'm not talking about homework assignments in grade school)? Actually had identity theft perpetrated against you regardless of using fairly normal measures against discovery? Actually had a system compromised? I think that most of us can attest to the fact that, in reality, this kind of thing happens less frequently than the fear mongers want you to believe. Of course, it does happen, and when it happens to you, it makes you feel like you're just one of many. But this is not the truth. The real truth is that you must use common sense regarding your personal data. Assuming that someone is standing behind you looking over your shoulder to snag your ATM PIN is a sickness. However, being cautious and trying to obscure your keystrokes is reasonable.
If you need to dispose of something with a credit card or bank account number printed on it, you could reasonably buy a paper shredder. This s warranted. However, I prefer the much simpler "temporal/spatial displacement" approach. It's about the highest level of paranoia I, peronally, indulge in. You simply tear off about two thirds of the printed account number and throw away the original document. It only has a few digits of the account number. Likely, not enough to be of use to a dumpster diver. Then you take the two thirds of the number that you tore off of the original document and tear it in half. Take it to work, or to a store or some other location and only dispose of one half of that remaining two thirds. Finally, after a wait of as long a period of time as you wish, dispose of the last bit at another remote location. (A friend's house, your parent's place, a bar, etc...) Only the most meticulous of identity thieves will bother tracking your actions in that way. If you have that level of snoop on your tail, I think you've got bigger problems than simple identity theft. You're either delusional, or you have really upset someone VERY HIGH UP.
So people, put down the crack pipes and get to realizing that there are VERY few people who care about you or your data. Fight the fear. Pound paranoia into the ground. There is little to be afraid of.
Who is Twirlip of the Mists?
"Of course, a whole lot of this is just theory."
Isn't that the exact opposite of what the article says?
Asonov warned that his work was almost entirely based on the evidence from his experiments and that he has little or no theoretical information to back up his theories.
"I don't know that Atheists should be considered as citizens, nor should they be considered patriots." -George H.W. Bush
You probably mean the vulnerability in SSH, whereby it is possible to significantly reduce the ramdoness of the passphrase by examining the timing between the packets for each keystroke. That's why you should always use passphrase protected private keys.
That way they can't guess it online; they have to break into your computer and let your keyboard sing in order to get your data.
You know how long the password is,
I've been known to type in poems for RSA keys.
thank God the internet isn't a human right.
Now I know that I should have saved my Atari 400. With that flat quiet keyboard, no one would be able to snoop on my typing. Of course, I'd have carpal tunnel so bad I couldn't pick up a spoon...
-- Fugacity: Confusing chemists since 1908
If you are 'unimportant' they I would like to incourage you to sign everything X, and remove that nasty piece of identification that so many people take you to hold over, the signiture.
Your conciense in what you believe you have signed should be enough to ensure you will comply, and if you don't then the contract writers should review there contract.
thank God the internet isn't a human right.
Made me think about what would happen if some idiotic PHB's and marketers thought it would be a good idea to build ATM's with touch-tone - don't be so quick to say it wouldnt happen, and remember that Diebold makes ATM's ;)
This comment does not represent the views or opinions of the user.
In related news, the shares of the rubber keyboard coffee guard producing company, owned by one mister Asonov, have tripled in value today.
Learn about pinball machines on www.flippers.be
Already do something like this. Each time you access and it asks for you PIN, it does something like this:
Enter your PIN: [______]
[ 1 or 7 ] [ 3 or 9 ] [ 4 or 5 ] [ 6 or 8 ] [ 2 or 0 ]
and the numbers alternate positions randomly.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Your passwords and all your others secrets
will be assimilated via the waves emitted by
your brain...
[Calling for the obligatory reply: "I don't
have a brain, you insensitive clod!"]
That's why I have my machine auto-login my 32-character random generated password, thereby defeating keyloggers, over-the-shoulder eavesdropping, and even this new audio hack!
Security is so easy.
One capacitor on each LED will fix that!!
-- I am. Therefore, I think!
Ummm... so the "attacker" has to have access to your machine for a significant amount of time to train it on each key. I'm not too concerned. To have this kind of access they must also have uninterrupted physical access for a long enough to make a hidden software attack.
Everyone knows everyone else's password. We ALL use the same one - *********
Free Firefox news reader.
I was also wondering how easy it is to decipher wireless keyboard signals.
On a an episode of Due South, the mountie listened to someone type their password and was able to guess it just by the sound and rhythm of the keystrokes. Here I thoguht that was all bullsh*t....
Low tech thwarting of high tech snoopping.
remember the good old zx spectrum with its rubbergumm keyboard, silent and secure!!
"Apparently with $200 worth of sound equipment and software, these keyboard clicks can be translated to within 80% accuracy. Of course, a whole lot of this is just theory."
Anybody who saw the episode of the CBS evening buddy-cop-drama "Due South: A Hawk and a Handsaw" knows that you don't need any special equipment. Just get a Canadian Mountie, have him listen to a nurse while she types in her password, and after several tries, the Mountie will be able to reproduce the password based solely on the sound of the clicks... Results are even better if the password is typed in to the tune of "I've been working on the railroad.".
I can't do without tactile feedback in my keyboard. Mushy keys simply will not do. If I can't hear what I'm typing, my brain tells me I'm not actually typing it. In fact, It's getting harder and harder to find a keyboard that sports a nice loud "click" on keypresses. The companies that make keyboards seem to be suffering from the misconception that I *WANT* quietter keys.
I use the Dvorak keyboard layout, so on top of all the audio processing they'd have to do, they'll have to contend with my uber-high-securiy substitution cipher. ;-)
I see issue as fabricated by someone trying to get a 10 minute moment in the spotlight and not a real issue at all.
Passwords are a poor security mechanism anyway. We really need to press the industry to move on in this field.
Of course, a whole lot of this is just theory.
Of course, in theory:
- the earth is spherical in shape
- the earth revolves around the sun
- we evolved from lower species
- energy equals mass times the speed of light squared
My car gets 40 rods to the hogshead, and that's the way I likes it!
If i prefix the subject of your post to your sig that would mean that you are a low~Leffe?
what, you guys don't use a binary keyboard? 99 less keys to break.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
i mean, if someone wants to spy on your keystrokes they could install one of those $20 keycatcher thingies, freeware keyboard capture software, network snifers, or just look over your shoulder.
what kind of idiot would use a mic, and have to use neural nets to analyze the recording?
i wonder how many hours that guy flushed doing this study.
it would have been arguably more useful if he could determine what someone ate the night before by the sound of the splash.
the ATM's typically found in grocery stores where you can here the damn modem...
I stopped typing passwords a long time ago, because I use Factotum
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
I found an even more interesting article that uses acoustics for cryptoanalysis./ ~tromer/acoustic/
http://www.wisdom.weizmann.ac.il
this is the most important sig ever! In your face 446154!
time to buy a touchstream keyboard.
Smokey the Bear says, "Strip mining prevents forest fires!"
Worried about people listening in in your typing?
Get a touchstream, zero force keyboard from Fingerworks.
http://www.fingerworks.com/
I have one and when I type it is earily quiet.
42 - So long and thanks for all the fish.
Don't tell the security officer's at the government agency I work for. Their solution will be to simply confiscate everyone's keyboard. Then we'll have to figure out how to type up all our documents without them.
It's good to use your head, but not as a battering ram.
I'm afraid you're incorrect to say playing background noise would help. General background noise - even completely randomised white noise - won't be a problem for an incredibly sensitive microphone. Decent (OK, incredibly expensive) rifle mics are exceedingly directional, eliminating any noise from the sides.
If you were to train a rifle mic direct at a keyboard from say, 20 metres away in a very busy work environment you could easily pick it up. You can also use a basic 32 band EQ to remove most noise outside of the keyboard clicking frequency.
Background noise isn't really a problem - it's truly amazing what you can do with the correct equipment. For example, the USSR bugged a US embassy by donating an wall mounted American seal. It was sweeped for bugs, and nothing found. This was because there wasn't actually a bug in there - just a simple thin wire, that would vibrate with speech. The USSR then used a highly directional microphone across the street trained at the seal. They were then able to take the vibrations of the wire, and enhance them into speech.
And that was around 20 years ago, long before the sound digital enhancement techniques of today.
So I'll sleep well, but in the knowledge that background noise ain't going to help me that much. To stop keyboard noises the noise would have to be so loud you probably wouldn't be able to work anyway.
They found a salesman or marketer that had to speak everything as they typed it. These are the same people that can't read without moving their lips. Next, they put a microphone near said person, and waited for them to whisper passwords, entire emails, and so forth. Then they talked to the guy and explained that they knew his password. Then they recited an email that he wrote. The salesman/marketer said "That's amazing! You should publish that!" And they did.
Ha.... Ha... oh wait, that wasn't funny.
About ten years ago, I worked at a defense contractor. We had a project to identify aircraft based on the microphone clicks from their transmissions. As it turns out, radios from the same make and model have unique RF ramp up and cut off patterns. This allows you to identify a particular transmitter based on its transients.
The details of the project were classified, but I will say that, even ten years ago, the results were impressive.
Ha, ha! Nobody ever says Italy.
Time to finally start using that Dvorak keyboard layout!
Many years ago (>20), there was a big uproar about the Soviets sending radio waves through the US Embassy in Moscow. At the time, the news reported it as a "health risk". What it actually was was an attempt to know what was being typed.
And yes, I'm former MI
The Tao that can be spoken is not the one eternal Tao
The difference between theory and practice is, in theory, there is no difference between theory and practice, but in practice, there is.
Anonymous Kev
Proudly posting as AC since 1997
(Finally got a dang account in 2004)
One minor problem with this scheme is that most of "today's" computer keyboards don't use rubber membranes. They use two sheets of plastic with conductive tracing printed on them, separated by a third sheet of plastic with holes. The keypress pushes the contact on the top sheet through the hole to touch the contact on the bottom sheet. Hardly any keyboards use the collapsing rubber domes because they're much more expensive that a few sheets of plastic.
So what's next? A scheme to read telegraph signals off Western Union's lines? A device that can tell what I'm watching on a zoetrope by reading analyzing flickering light?
If a job's not worth doing, it's not worth doing right.
You'd have to calibrate the deciphering tool to whatever device you actually want to listen to. I can't imagine that any two ATM keypads or any two computer keyboards would generate the EXACT same sounds.
So, you have to risk blowing your covering while calibrating your tool.
Of course, a whole lot of this is just theory.
If it is proven to be so, it is a theory. If it is a guess or working model on which data needs to be gathered to see if it is true, it is a hypothesis.
Why is this so hard?
If Slashdot were chemistry it would look like this:Cadaverine
Here's my problem:
Statement 1: "Apparently with $200 worth of sound equipment and software, these keyboard clicks can be translated to within 80% accuracy."
Statement 2: "Of course, a whole lot of this is just theory."
My Statement: No, only one of those statements can be true
Just about everything is sensitive to attacks like this. Someone on your telephone pole can listen to your phone conversations. Someone with a bug can listen to conversations in a room. Someone monitoring internet traffic can monitor your website usage. A monitor in your car can track your movements. There are a lot bigger problems than someone listening to keyboard clicks, IMO. Make it illegal and be done with it. -Sean
Laboratree - Scientific collaboration based on OpenSocial.
Different pairs of keys have different timings, so just looking at the timing difference gives you quite a bit of information. There's even a paper about this phenomenon which gives some numbers. It focuses on sniffing the network traffic, but the results should also apply for data that is gather accoustically.
Going back as far as last week
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
You can't be totally secure. Get over it.
A determined attacker can take you down no matter how paranoid you are.
The secret is to be a litte more paranoid then they are determined...
That differs a lot for a mob boss and a student such as myself. Honestly, I have very little to hide, but I'm still a bit careful to avoid identity theft and people wanting to take over my computer to be used in a DOS attack, etc.
No one wants to go after me specifically, but if I make myself an easy target, I stand out and will get taken advantage of somehow.
Now, if I was a mob boss, there's tons of people who want to do me in/get access to my data, and there's really no way I can stop them. I can make it hard for 99.999% of the people out there, but I can still be taken down. That's life.
All this to say, "Attention slashdot readers! You ain't secure! You can't be secure. Get over it!"
Blessed are the pessimists, for they have made backups.
I may be being incredibly obtuse, and I'm certain someone will point it out, but... isn't the problem solvable by just building background noise (similar to that found by the sound of a keyboard) into devices with keyboards? If you imitated the sounds well enough, a listener couldn't tell the difference.
I have discovered a truly marvelous
...vastly increase the chances that the person will silently inform about it, and when you do try to use it, they'll catch you... probably not the firing squad waiting for you, but a complete "coincidence" of course. Just happened to spot you, just happened to be a police unit nearby etc.
The best kind of intel is the one the person never even realizes he gave away, preferably neither before nor after the incident.
Kjella
Live today, because you never know what tomorrow brings
I doubt this will be a problem with my Fingerworks TouchStream LP! It has no keys!
Sorry to plug, but I really love this keyboard, and, no, I do not work for FingerWorks.
Type half your password. Then type some random garbage. Use the mouse to select the random garbage and then type over it with the second half of your password.
This would also work for evading a keylogger. You can make it as simple or as complex as you want.
Thoughts?
Im dreaming ofa big bndwdth, That can resist the
Here are a few people who can do it without fancy technology: 3 Blind Phreakers
Just because you can't do something doesn't mean someone else can or can't
Okay, so you need a sensitive microphone to pickup the keystrokes...
"Sensitive" mics are usually a tad larger than the average little electret mic, and in any case, I am pretty sure I would notice if someone had placed a microphone near my work area (even amongst all the other gadgets and half-(full|empty) coffee cups sitting around).
This article is sort of like saying with enough time and a sturdy shovel you can dig to China. In theory, yes, in practice, no...
-This sig intentionally left blank
did Asonov do the typing himself on the other keyboard of the same model when testing the NN's accuracy rate ? The prediction of the key being pressed is a function of the actual key being pressed, the keyboard model AND the user doing the typing I should think. Or stated more directly, my letter A will resonate differently than your letter A, even on the same keyboard. The NN will learn how I type the letter A on the keyboard -- not necessarily how you type it.
"Asonov found that by recording the same sound of a keystroke about 30 times and feeding it into a PC runninG standard neural netwOrking softwAre, he could decipher the keys with an 80% accuracy raTe. He was also able to train the SoftwarE on one keyboard to decipher the keystrokes on any other keyboard of the same make and model."
My first TEMPEST briefing ('73!) discussed monitoring keypresses and the amount of electric current (amps) used by electric typewriters. Each key caused a specific amount of current to be used and a message could be worked out from each current reading.
The only thing new in this world is the history that you don't know.[Harry Truman]
I you smell my farts can you tell
what I had for dinner?
Although I usually leave my tinfoil hat at home when shopping with the family, I loathe the new touch-screen (via pen) card readers used in more and more checkout lanes.
The older style units with actual punch keys allowed me to "ghost-type" whenever I had to enter a PIN. I use 4 fingers in a flurry of key punches to interfere with anyone who might be shoulder surfing or videoing from afar. As I move my fingers, it appears I'm pressing 4 keys for each keystroke. In fact, only 1 of the 4 fingers is actually pressing a key all the way down. I use different fingers for each digit of the PIN. Although only 4 sets of "landings" actually presses a key, I throw in a few extra non-landings where none of the 4 fingers punch any key all the way down.
Does this *really* increase the security of my PIN? I'd say a little bit. But now, I'm faced with the dreaded pen-touch-screen conviently located at near chest level so the entire store can watch my actions!
And instead of using handwriting recognition for the PIN digits, there's a GIANT on-screen keypad. So now I have to use a damn 8" pen to jab at an on screen display (designed for near-blind blue-hairs) easily viewable by anyone in the store!
This one gang kept wanting me to join cause I'm pretty good with a bo staff.
Even without microphones and acoustical equipment it is easy to recognize when the space bar is used. I should know - my roommate complains when I type at night because he can tell when every single word I type ends because of the sound of the space bar.
I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)
The Carved Wooden seal given to the American embassy contained a microphone and a passive transciever. It operated by a principle similar to modern passive RFID tags. The Soviets would transmit high frequency radio waves at the antenna, which whould be modulated by the audio vibrations in the room, and then received by an antenna on the soviet end.
Link for the skeptics
It was a very nice bit of spycraft, quite advanced for it's day, but involved no highly directional audio microphones, sorry.
Comments should be like skirts. Short enough to keep your attention, but long enough to cover the subject
smartcard with a PIN number
somewhere a kitten just died.
Also, note that while this was not a demonstration of directional mics, it was a good demonstration of similar technology in RF (directional radio).
Yes, I know there's a technical/industry term for it, I just took finals and my brain is fried. Beamforming? No. Arrrghhh...
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
"Due South" was a sort of Sit-com Cop show with a Mounty (RCMP) in Chicago, I believe. (Yes, a Canadian cop in the US: go figure.)
In this episode: http://www.realduesouth.com/Transcripts/112HAAH.ht m
Frasier breaks into the computer by typing a password that he HEARD, but not saw. Based largely on the rhythm of the typing.
What is the difference between a small revolutionary change and a large evolutionary change?
You could easily get past this scheme by adding some random background noise. A recording of Stomp performing John Cage's Etude for 37 Keyboards would probably be the most useful.
Or you could just set up your computer to play random recorded snippets of your typing sounds.
What? That makes no sense. The first statement explains the consequences of the theory.
if they cant see, god wanted it that way. let em suffer!
This kind of thing is not new and is common practice for spies from the US and elsewhere. Not only can the "key-clicks" be heard but there is a practice of listening to the spaces between key-clicks of practiced typists to determine which keys they are typing (for example, most people type the word "the" quite quickly with spaces on each side - simple to pick out).
I've heard that some agencies actually recruit non-touch-typists to type up their reports to foil this kind of eavesdropping.
if someone can manage to hear the frequencies my keyboard emits over my blaring mp3s, they deserve my password.
i guess this is just ANOTHER good example of why blaring techno music is good in the workplace. screw my boss!
01100111 01100101 01110100 00100000 01101111 01110101 01110100 00100000 01101101 01101111 01110010 01100101 00101110
Actually the article says that there's almost no theory behind it. It's all empirical.
You can remotely spy on someone's CRT dispay or LED display... not by means of trojans, but by some clever signal processing on either stray light from the display or radio emissions.
If you're going to get paranoid about such things, you should be getting paranoid about the fact that someone could be watching your computer from several rooms away :-)
This google search lead to this good page on the topic (skip down to 'how it works').
And yet, for being supposedly empirical it neglects a lot of silly one-offs that could throw out the whole concept.
Was it Asonov doing the recording and the typing? Simple things like hand placement could completely change the acoustics if you're resting a finger on a key and dampening the sound. What effect does this have on real, used keyboards that have varying amounts of wear and/or dirt in them?
Extreme paranoia aside, I LOATHE rubber quietkey trash anyway. I want to know when I fat-finger something and I want to know whether I made a successful keystroke or not. Not sure how much this affects acoustics, but it certainly doesn't work for the drum effect.
That's really easy to counter: Buy a headphone and listening to some music. I did that and I don't hear the click-click of my keyboard any more ; so it's safe now !!
It's either theory, or practice - there is little middle ground. Practice can "descend" (concretely) from theory, and theory from established practice, but I think this statement sums it up most cohesively.
You can buy a keystroke capture unit that plugs in between the ps2 jack and the keyboard for 50 bucks anyway. A psuedo janitor can plug it in and take it away at will. Physical security is a key component that's a joke to bypass. Why bother with these higher tech schemes?
Its just as well I use my mouse to click on porn.....
My hyperlinks aren't worth the paper they're printed on.
Type so quickly the key-releases interfere with the key-presses.
Dunno if that'll work -- but typing quickly also helps against shoulder-surfing, particularly with longer passwords.
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
... rattle back telephone numbers by listening to the tones...
Yep. That's my Stupid Human Trick(tm)
"I'm not ashamed I can't function in society like I'm supposed to." - Paul Westerberg
This is nothing new. The exploitation of electronic keyboard noise has been a tool for at least 30 years. Why do you think Tempest secure keyboards exist? BTW, the experts are geting way better then 80% accuracy.
Will this work on my buckling spring keyboard?
If you don't want someone to copy something, don't give it to anyone.
All you need to combat this problem is an army of monkeys typing away behind you on similar keyboards. Of course you are probably going to need some pretty serious headphones and the volume turned up to 11 so you can think with all that key tapping going on behind you.
dvorak anyone? They'll mistake "aoeu" for "asdf"!
...who read that blurb and considered shouting at the top of his lungs the now when going to an ATM? Let's see you sniff my keypress noises now!
Health is simply dying at the slowest rate possible.
I have a 20-year-old UNIX book that instructs people to not use certain keys because they are more easily interpreted by listening ears and microphones.
Not old enough for you? A keylogger (quite possibly, the first one ever made) was found in a typewriter (not an IBM Selectric, but a completely power-free typewriter, with radio sensors to detect each key hit) in the 1960's. It was manufactured by the CIA and used on former-CIA-agent-turned-author Philip Agee.
The earth is ellipsoidal, not spherical.