Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Security Risk of Keyboard Clicks

Posted by simoniker on from the tap-tap-oops dept.

Gudlyf writes "First the blinking LED security issue, now this: listening to tell-tale keyboard clicks to decipher from afar what a person is typing. This isn't limited to just computer keyboards -- ATM's, telephone keypads, security doors, etc. Apparently with $200 worth of sound equipment and software, these keyboard clicks can be translated to within 80% accuracy. Of course, a whole lot of this is just theory."

30 of 361 comments (clear)

  1. Covering noise by tindur · · Score: 2, Interesting

    Now we just need some covering noise while logging in. Time for a kernel patch?

  2. Some people are more gifted than others by Anonymous Coward · · Score: 2, Interesting

    You won't believe this, I know, but it's still a fact that I know a guy who - after couple of guesses - knows what you typed on your keyboard just by listening to your keyboard clicks.

    It's pretty amazing when he demonstrates that.

  3. Re:Great... by orangesquid · · Score: 4, Interesting

    Nah. Think about it: pressing different spots of your screen is like pressing down a guitar string at different points. You will cause the screen to resonate with a multitude of frequencies with distinct audio "fingerprints" for different points on the screen, which can also be picked up by very sensitive equipment.

    Sorry.

    --
    --TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
  4. This isn't new. by andy666 · · Score: 2, Interesting

    There was a story a bit back (on Ars?) about how the government has been doing this since the 80's.

  5. 80% accuracy can be useless... or not by shoppa · · Score: 4, Interesting
    80% accuracy is far from perfect. For instance, an OCR application that returned only 80% accuracy would probably be rejected by the vast majority of users, as this means hundreds of errors to be corrected per page.

    OTOH if all you want is a 6-character password, and it's typed a couple of times a day, then listening with 80% accuracy for a day may well be enough.

    1. Re:80% accuracy can be useless... or not by javatips · · Score: 2, Interesting

      Even if the password is recorded once, this will reduce the keyspace by 80%. Which is not bad if you want to do a brute force attack.

      Also, if the software provide with the estimated value for the accuracy of each keystroke (and which other key stroke may be likely for the produced sound) then you can direct your keyspace search to the most likely key first.

      One of the problem I have with this technique is that the guy had to record the sound of each key 30 times before starting to try to recognize keystroke. This is time consuming and requires physical access to the keyboard.

      A camera or two well placed in the work environment will probably give you a better recognition rate and would take a lot less time to setup.

    2. Re:80% accuracy can be useless... or not by the_mad_poster · · Score: 2, Interesting

      Not to be a math nazi... but to just squeeze out the minimal qualification of "hundreds" of errors per page, assuming you're speaking at the granularity of single words (since that's the granularity spell checks work at), you'd have to have 1000 words per page. I doubt most professional documents would have that many words per page (and you'd have to do it at an 8 point font to make it happen anyway), so it may be of some use after all, especially where accuracy is less important, or the documents are small. If it had other benefits, they may well override the low accuracy rate.

      --
      Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
  6. ATM sounds by monkeyserver.com · · Score: 2, Interesting

    Maybe I am remembering wrong, but I think old ATMs used to have slightly different tones for the different buttons, which is dumb, but sounds like something some engineer would do without thinking.

    This also got me thinking, I used to have an old MAC IIe, when you selected menu items (from that top mac tool bar) different pitches were emitted from the pc, they were quiet and possible actually created from the guns in the tube itself, but this type of thing could be used to figure out what ppl are doing... idontevenknow....

    --
    http://monkeyserver.com --- weeeeee
  7. New Technique for Wireless Keyboard by kelseyj · · Score: 3, Interesting

    This seems like this could be a new method of supporting wireless keyboards. No battery required!

    Place clever sig here

    1. Re:New Technique for Wireless Keyboard by Chatterton · · Score: 2, Interesting

      The only trouble with this is holding down keys (shift, backspace, WASD for gaming etc.)

      Hum, 2 vibration of the membrane ? One at the keypress and the second wave at the release...

  8. Sounds fishy (no pun intended) by hashinclude · · Score: 2, Interesting
    "This membrane acts like a drum, and each key hits the drum in a different location and produces a unique frequency or sound that the neural networking software can decipher," said Asonov.



    Well, while hitting the keys harder or softer may make little difference (note that the frequency is captured), doing weird tricks like

    • typing at 5 wpm rather than 50
    • mistyping a few keys, and going back and forth to correct the errors
    • using backspace every once in a while
    • ...


    --
    US is now divided as the "Red" and "blue" states. Red States = communist countries. Coincidence? I think not
    1. Re:Sounds fishy (no pun intended) by Enry · · Score: 2, Interesting

      How about hopping between windows a lot while entering passwords? The mics will only pick up what you're typing, but moving the mouse then becomes a lot harder to trace which window you're typing into. Enter the first few characters of one password in one window, move to another, start there, move back, etc.

      Then there's always the copy-and-paste method - copy characters off the screen and paste into the password window.

      'scuse me, I'm low on aluminum foil.

  9. Obligatory Heinlien Reference.... by Clinoti · · Score: 2, Interesting
    Sadly I can't quote the exact book nor passage from it, but the story is set with a group of people in a cave at a time of war/experiment.

    Anyhow, the coordinator of the group would report the status of the group to the outside via computer. However there was only one computer and she typed on the keyboard by setting her hands under a shelf that masked the users typing. There was no screen. She simply made her notes, requests, etc by typing blindly on that keyboard.

    At an old networking facility I worked at we had a similar system in place to enter the server room, there was a keypad set into the wall next to the door and in order to enter your code for entry you had to place your hand inside the little 4X4 box that masked/overlayed the keypad. Add in the background noise from the HVAC systems outside the room and we pretty much had/have a secured system.

    --

    Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep

  10. Re:Great... by Aglassis · · Score: 4, Interesting

    The problem can be solved easy enough with a numeric keypad. Place seven-segment displays under the keys that are randomly orientated, like
    7 5 2
    4 3 1
    0 9 6
    8
    This solves the problem for ATMs. If you dim the LEDs and polarize the light, you would make it more difficult for a camera to find the password also. Obviously this only applies to a numeric keypad (for ATMs and the like) since it would be a pain in the ass to change the lettering dynamically on a keyboard (at least for the user). The solutions for those using keyboards could be as simple as using a smartcard with a PIN number (which you enter on the randomized 10 digit display). The sooner we get rid of the biggest security risk on computers IMHO (guessable passwords) the better.

    --
    Suddenly, the hairy finger of a familiar monkey tapped me on the shoulder. It was time.--G. T.
  11. Hmmm by SILIZIUMM · · Score: 2, Interesting

    Can you say "tinfoil hat" ?

  12. Can be done by ear as well by shamir_k · · Score: 4, Interesting

    I had this teacher who also did some network consulting. He told us of a case where he knew somebody was logging on at a client's site using his password, but he couldn't figure out how his password was being hacked. He noticed that whenever he was logging in, a particular secretary used to hang around. He confronted her and she confessed to using his account. She was an experienced typist and claimed that she could figure out what he was typing by listening to the keystrokes a few times.

    --
    more about me
    1. Re:Can be done by ear as well by Tired_Blood · · Score: 2, Interesting

      You can weaken the strength of a passphrase without the need to train instruments (including your ear) to a specific keyboard.

      Portions of passphrases can be easily caught using just the rhythm of key presses.

      Try typing "power".
      Now type "alsowhen".

      For an experienced typist (or even someone who uses a specific phrase regularly), when the characters are close together they normally roll their fingers. However, when the characters are on opposite ends of the keyboard, then timing becomes an issue since there's a greater possibility of commiting a typo.

      The use of shifted characters can also be distinguished if you can hear a key being depressed without it's immediate release.

      Lastly, the space key is generally a dead giveaway due to it's relative size.

      This does not work well when the typist is using hunt-and-peck typing, since all the characters would be relatively evenly spaced in time.

      If you can narrow down the possible set for just one specific character, you get considerably closer to discovering the entire passphrase. Simply knowing the length of the passphrase reduces the difficulty of the problem.

      --
      This is not my sig.
    2. Re:Can be done by ear as well by HD+Webdev · · Score: 3, Interesting

      He confronted her and she confessed to using his account. She was an experienced typist and claimed that she could figure out what he was typing by listening to the keystrokes a few times.

      I had a friend in high school that claimed he could translate tty-38 typing even with the high background noise level those machines made in the computing rooms.

      He demonstrated this by falsely calling in for support and writing down username/password combinations when the techs would show up and use their remote passwords. He'd then gain access to those accounts and snoop around for access to other accounts & systems. We watched him do it. Unless he was tricking us by using user/passwords he already knew, he really could hear it.

      We thought he was really cool until he gained accessed to something he shouldn't and MIB came for him.

      --
      This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
  13. IT professionals: don't ignore this by jrm228 · · Score: 5, Interesting
    It's easy to dismiss this right out, but for people who follow the intelligence industry this isn't new. Spooks can already listen to conversations through windows with lasers that measure vibration, and use filter technology to eliminate relatively constant background noise (e.g. a shower running). Combine that with some keyboard listening technology that's been in development for a long time: (see BBC 2001 reference) and suddenly IT security becomes a lot more interesting.

    As IT pros, this should have a significant impact on how you think about your IT security policies. Strong password policies are still important, but this further exaggerates the need for strong physical security for all your terminals and surrounding areas.

    1. Re:IT professionals: don't ignore this by ragnar · · Score: 2, Interesting

      Although I'm a fan of making things secure, the first rule of security is that it should be commensurate with what is being secured. In other words, don't build high walls for small issues. Not everyone needs to take counter measures for eavesdropping, but if someone is in fact involved in sensitive communication this makes sense.

      Personally, I would love to see a do it yourself kit to test this out.

      --
      -- Solaris Central - http://w
  14. This technology was bound to emerge by Handover+Slashdot · · Score: 5, Interesting

    For many years, navy submarines have been able to identify surface ships by the sounds of their props. Not just the type, but the exact ship. Why couldn't this be applied to keyboards, especially if you monitor the particular typist for a while?

  15. Re:Great... by gUmbi · · Score: 4, Interesting

    Of course you could just have the software randomize the location of the numbers each time.

    I came across this type of device when entering a bank building. You had to enter a 6-digit code into a keypad to unlock the door. Each key was a tiny LCD display and the location of each digit was randomized for each use.

  16. Re:Great... by lfourrier · · Score: 2, Interesting

    why not ?, whether the signal is analogic or digital, there is a signal going through a wire that, no matter the quality of shielding, is an antenna.

  17. Re:Great... by plumby · · Score: 2, Interesting
    Did you bother to RTFA?

    Today's keyboard, telephone keypads, ATM machines and even door locks have a rubber membrane underneath the keys.

    "This membrane acts like a drum, and each key hits the drum in a different location and produces a unique frequency or sound that the neural networking software can decipher," said Asonov

    All you have to do is stand by the ATM and press each key a few times to find out which one is making which noise.

  18. Re:Great... by dsci · · Score: 2, Interesting

    I don't think that's true. With a guitar string, you are changing the 'boundary condition' (ie, the length of the string); with touch screen, all you are changing is the point of initial exitation. This will change the relative amplitudes of certain harmonics, but not the fundamental frequency.

    --
    Computational Chemistry products and services.
  19. Background noise would not help by lxt · · Score: 3, Interesting

    I'm afraid you're incorrect to say playing background noise would help. General background noise - even completely randomised white noise - won't be a problem for an incredibly sensitive microphone. Decent (OK, incredibly expensive) rifle mics are exceedingly directional, eliminating any noise from the sides.

    If you were to train a rifle mic direct at a keyboard from say, 20 metres away in a very busy work environment you could easily pick it up. You can also use a basic 32 band EQ to remove most noise outside of the keyboard clicking frequency.

    Background noise isn't really a problem - it's truly amazing what you can do with the correct equipment. For example, the USSR bugged a US embassy by donating an wall mounted American seal. It was sweeped for bugs, and nothing found. This was because there wasn't actually a bug in there - just a simple thin wire, that would vibrate with speech. The USSR then used a highly directional microphone across the street trained at the seal. They were then able to take the vibrations of the wire, and enhance them into speech.

    And that was around 20 years ago, long before the sound digital enhancement techniques of today.

    So I'll sleep well, but in the knowledge that background noise ain't going to help me that much. To stop keyboard noises the noise would have to be so loud you probably wouldn't be able to work anyway.

  20. Similar Technology Used in Aircraft Identification by iammrjvo · · Score: 2, Interesting


    About ten years ago, I worked at a defense contractor. We had a project to identify aircraft based on the microphone clicks from their transmissions. As it turns out, radios from the same make and model have unique RF ramp up and cut off patterns. This allows you to identify a particular transmitter based on its transients.

    The details of the project were classified, but I will say that, even ten years ago, the results were impressive.

    --
    Ha, ha! Nobody ever says Italy.
  21. Re:Yes but. . . by evilviper · · Score: 2, Interesting
    In fact, It's getting harder and harder to find a keyboard that sports a nice loud "click" on keypresses. The companies that make keyboards seem to be suffering from the misconception that I *WANT* quietter keys.

    This directly brings up a question I've been pondering for a while now...

    Why in the hell is it that people are willing to pay hundreds of dollars extra to quiet the noise of the fans in their computers, yet many still want noisy keyboards?

    It's as if a construction worker, who is jack-hammering outside your house, comes over and asks you to turn down your stereo... It really just makes no sense to me...

    Personally, I've spent time, effort, and a moderate ammount of money to quiet the noise of the fans in my computers, but I've also spent money on getting much smaller, softer, faster and quieter keyboards. The noise of a keyboard doesn't appeal to me, any more than the noise of a loud fan does.
    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  22. Re:Great... by mwood · · Score: 2, Interesting

    Nah, let's keep the clicky-clicky mechanical keyboard but add a gadget which emits random clicks not connected with any keypresses. Don't hide the data; poison them to death.

  23. Delay variation is often sufficient by Florian+Weimer · · Score: 2, Interesting

    Different pairs of keys have different timings, so just looking at the timing difference gives you quite a bit of information. There's even a paper about this phenomenon which gives some numbers. It focuses on sniffing the network traffic, but the results should also apply for data that is gather accoustically.