Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Security Risk of Keyboard Clicks

Posted by simoniker on from the tap-tap-oops dept.

Gudlyf writes "First the blinking LED security issue, now this: listening to tell-tale keyboard clicks to decipher from afar what a person is typing. This isn't limited to just computer keyboards -- ATM's, telephone keypads, security doors, etc. Apparently with $200 worth of sound equipment and software, these keyboard clicks can be translated to within 80% accuracy. Of course, a whole lot of this is just theory."

10 of 361 comments (clear)

  1. low~ by Leffe · · Score: 5, Informative
    The site was really slow, so I copied the article:


    OAKLAND -- Listen to this: Eavesdroppers can decipher what is typed by simply listening to the sound of a keystroke, according to a scientist at this week's IEEE Symposium of Security and Privacy in Oakland, Calif.

    Each key on computer keyboards, telephones and even ATM machines makes a unique sound as each key is depressed and released, according to a paper entitled "Keyboard Acoustic Emanations" presented Monday by IBM research scientist Dmitri Asonov.

    All that is needed is about $200 worth of microphones and sound processing and PC neural networking software.

    Today's keyboard, telephone keypads, ATM machines and even door locks have a rubber membrane underneath the keys.

    "This membrane acts like a drum, and each key hits the drum in a different location and produces a unique frequency or sound that the neural networking software can decipher," said Asonov.

    Asonov found that by recording the same sound of a keystroke about 30 times and feeding it into a PC runninG standard neural netwOrking softwAre, he could decipher the keys with an 80% accuracy raTe. He was also able to train the SoftwarE on one keyboard to decipher the keystrokes on any other keyboard of the same make and model.

    Good sound quality is not required to recognize the acoustic signature or frequency of the key. In fact, Asonov was able to extract the audio captured by a cellular phone and still decipher the signal.

    "But don't panic," Asonov cautioned. "There are some easy ways to fix the problem." First, close the door in the room where you're working. Second, buy a rubber keyboard coffee guard that will dampen the sound enough to make eavesdropping difficult.

    However, Asonov said that he believed it was possible to use acoustical analysis algorithms to decipher key sounds based simply on gathering the data from just a couple of keys and extrapolating what other keys should sound like.

    Asonov warned that his work was almost entirely based on the evidence from his experiments and that he has little or no theoretical information to back up his theories. For example, he discovered that it was the membrane that was providing the unique signature simply by cutting a keyboard in two and finding that the neural networking software no longer worked.


    Yeah, I put a surprise in there too ;)
  2. More reason than ever... by Simon+Carr · · Score: 3, Informative

    To pick up one of these babies... C'mon, it's like $400, I need to grab at any justification I can find!

    --
    -- The unsig...
  3. Sneakers by ultrasonik · · Score: 3, Informative

    This is old news. Ever see the movie Sneakers from 1992?

  4. Re:80% accuracy can be useless... or not by ArsenneLupin · · Score: 3, Informative
    Even if the password is recorded once, this will reduce the keyspace by 80%.

    Actually, it will reduce the key space by much more than that. Assume a 10 char password, with each char picked among 96 (Ascii without ctrl chars).

    Without any help, you'd have 96**10 = 66483263599150104576 possibilities to try out.

    By having the output from the algorithm, and assuming only two of its guess are false, you'd only have to try 10*9/2*96*96 = 414720 combinations.

    Well, of course, you don't know that exactly two characters are wrong. So it may indeed be three, or it may be just one. But, by using a smart algorithm, you'd still have to try out only 414720 passwords on average (first try out exact match, then passwords with 1 wrong char, then with 2, then with 3, etc).

    So, it's a much bigger reduction of keyspace than 80%.

    Of course, if the program can give you "hints" about which exact character(s) it things might be wrong, the keyspace will be reduced even further.

  5. Re:Great... by jdreed1024 · · Score: 4, Informative
    Those already exist. They're called "scramble pads". We had one on the server room where I used to work. You press "start", and it displays the numbers in LEDs under the keys, and you enter the code. Every time you press start, the numbers are in a different position. And you can barely read them when staring right at the pad, let alone from the side.

    Of course, it took about 5 times longer to get in than with a key or swipe card (since the code was 8 numbers), but there's always a trade-off.

    here's a picutre of one.

    --
    There is no sig, there is only Zuul.
  6. Re:Yeah ... RIGHT by eelke_klein · · Score: 1, Informative

    Blinking lights on a modem can be decoded to yield the byte values sent and received? DUH ... also obvious ... that's why they are labelled "TD" and "RD"! Also easily defeated by simple piece of black tape.

    These LEDs are only supposed to signal the fact that a byte is received or send. They should not also give the bit patterns.

  7. Passwords, how cute by DrSkwid · · Score: 2, Informative


    I stopped typing passwords a long time ago, because I use Factotum

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  8. Re:Switch Lights by Glonoinha · · Score: 2, Informative

    Not really, and I will believe they can do it with modems at any speed faster than 2400 baud when I can see it. Something tells me that the rise/fall speed on LEDs isn't anywhere near 50KHz (50,000 up and down cycles per second, for the 56k connections they claim to do) and remember that modems use both amplitude modulation and frequency modulation in order to compress linear (binary) data into a three dimensional (amplitude, frequency, time) audio object on anything faster than v.22 (ie, v.22bis or faster - that's 2400 baud for you youngsters.) Trust me, I'm a toothpick counting, blackjack cheating, KMart underware wearing certified RainMan that spent hours in front of a 300 baud modem watching those lights and if it can be done, I would have done it. The lights indicate traffic, but they don't blink at the 'bit' level, esp at the speeds they are claiming.

    --
    Glonoinha the MebiByte Slayer
  9. Just Theory ... ? by Uosdwis · · Score: 2, Informative

    Here are a few people who can do it without fancy technology: 3 Blind Phreakers

    Just because you can't do something doesn't mean someone else can or can't

  10. Re:Great... by Detritus · · Score: 2, Informative

    Have you ever seen TEMPEST certified equipment? While the specifications are classified, a quick look at the hardware will tell you how serious they are about shielding everything that might be a source of radiation. That includes LCD displays, cables and anything that contains high-speed digital logic. See this page for some typical products.

    --
    Mea navis aericumbens anguillis abundat