The Security Risk of Keyboard Clicks

Gudlyf writes "First the blinking LED security issue, now this: listening to tell-tale keyboard clicks to decipher from afar what a person is typing. This isn't limited to just computer keyboards -- ATM's, telephone keypads, security doors, etc. Apparently with $200 worth of sound equipment and software, these keyboard clicks can be translated to within 80% accuracy. Of course, a whole lot of this is just theory."

Great...

[ebob9]

Now when I log in to my account at work, instead of just needing password, secureid, smartcard, fingerscan, eyescan, and a note from my mother, I'll also need to use an on-screen touch-screen keyboard!

Of course, someone will probably now figure out that tapped glass reverberates at a different frequency...

Re:Great...

[orangesquid]

Nah. Think about it: pressing different spots of your screen is like pressing down a guitar string at different points. You will cause the screen to resonate with a multitude of frequencies with distinct audio "fingerprints" for different points on the screen, which can also be picked up by very sensitive equipment.

Sorry.

Re:Great...

[kinema]

Of course you could just have the software randomize the location of the numbers each time.

Re:Great...

[orangesquid]

True. But you could also read the screen via Tempest-like technology!

It seems that no matter what you do, we'll be screwed anyway. We might as well go to a trust-based system. How about everybody just changes all their passwords to 'secret'?

Re:Great...

[Aglassis]

The problem can be solved easy enough with a numeric keypad. Place seven-segment displays under the keys that are randomly orientated, like
7 5 2
4 3 1
0 9 6
8
This solves the problem for ATMs. If you dim the LEDs and polarize the light, you would make it more difficult for a camera to find the password also. Obviously this only applies to a numeric keypad (for ATMs and the like) since it would be a pain in the ass to change the lettering dynamically on a keyboard (at least for the user). The solutions for those using keyboards could be as simple as using a smartcard with a PIN number (which you enter on the randomized 10 digit display). The sooner we get rid of the biggest security risk on computers IMHO (guessable passwords) the better.

Re:Great...

[MadBiologist]

Darn.... now I'm gonna have to change my password.

First somebody gives away the 12345, now secret.

Sheesh.. What's this world coming too?

-J-

Re:Great...

[evil-osm]

or you can just look for the smudge marks...

Re:Great...

[gUmbi]

Of course you could just have the software randomize the location of the numbers each time.

I came across this type of device when entering a bank building. You had to enter a 6-digit code into a keypad to unlock the door. Each key was a tiny LCD display and the location of each digit was randomized for each use.

Re:Great...

[jdreed1024]

Those already exist. They're called "scramble pads". We had one on the server room where I used to work. You press "start", and it displays the numbers in LEDs under the keys, and you enter the code. Every time you press start, the numbers are in a different position. And you can barely read them when staring right at the pad, let alone from the side.

Of course, it took about 5 times longer to get in than with a key or swipe card (since the code was 8 numbers), but there's always a trade-off.

here's a picutre of one.

low~

[Leffe]

The site was really slow, so I copied the article:

OAKLAND -- Listen to this: Eavesdroppers can decipher what is typed by simply listening to the sound of a keystroke, according to a scientist at this week's IEEE Symposium of Security and Privacy in Oakland, Calif.

Each key on computer keyboards, telephones and even ATM machines makes a unique sound as each key is depressed and released, according to a paper entitled "Keyboard Acoustic Emanations" presented Monday by IBM research scientist Dmitri Asonov.

All that is needed is about $200 worth of microphones and sound processing and PC neural networking software.

Today's keyboard, telephone keypads, ATM machines and even door locks have a rubber membrane underneath the keys.

"This membrane acts like a drum, and each key hits the drum in a different location and produces a unique frequency or sound that the neural networking software can decipher," said Asonov.

Asonov found that by recording the same sound of a keystroke about 30 times and feeding it into a PC runninG standard neural netwOrking softwAre, he could decipher the keys with an 80% accuracy raTe. He was also able to train the SoftwarE on one keyboard to decipher the keystrokes on any other keyboard of the same make and model.

Good sound quality is not required to recognize the acoustic signature or frequency of the key. In fact, Asonov was able to extract the audio captured by a cellular phone and still decipher the signal.

"But don't panic," Asonov cautioned. "There are some easy ways to fix the problem." First, close the door in the room where you're working. Second, buy a rubber keyboard coffee guard that will dampen the sound enough to make eavesdropping difficult.

However, Asonov said that he believed it was possible to use acoustical analysis algorithms to decipher key sounds based simply on gathering the data from just a couple of keys and extrapolating what other keys should sound like.

Asonov warned that his work was almost entirely based on the evidence from his experiments and that he has little or no theoretical information to back up his theories. For example, he discovered that it was the membrane that was providing the unique signature simply by cutting a keyboard in two and finding that the neural networking software no longer worked.

Yeah, I put a surprise in there too ;)

"Of course, a whole lot of this is just theory."

[REBloomfield]

Sounds like bollocks to me. The amount of crumbs under my keys, I'd be mighty impressed if you got anything intelligble.

Security risks

[NETHED]

You know, I don't care.

Its not like I have the secrets to nuclear weapons research, nor do I have tomorrows stock market numbers. I and average Joe 24 Pack.

So you can listen to my keystrokes and decipher what I am typing. I'm sure that if you asked me, I'd tell you anyway. People are far greater a security risk than computers.

And well, if you have such sensative documents, Tempest your computer, unplug it from EVERY network and work.

I agree that these are good academic exercises to see how one person can spy on another, but does it matter to 99% of the world. NO. Anywho, my girlfriend just yelled at me so I needed to vent.

Re:Security risks

[the_mad_poster]

Anywho, my girlfriend just yelled at me so I needed to vent.

Huh? Quit making up words!

bah

[awing0]

I'm still not going to give up my Model M.

80% accuracy can be useless... or not

[shoppa]

80% accuracy is far from perfect. For instance, an OCR application that returned only 80% accuracy would probably be rejected by the vast majority of users, as this means hundreds of errors to be corrected per page.

OTOH if all you want is a 6-character password, and it's typed a couple of times a day, then listening with 80% accuracy for a day may well be enough.

Re:80% accuracy can be useless... or not

[ArsenneLupin]

Even if the password is recorded once, this will reduce the keyspace by 80%.

Actually, it will reduce the key space by much more than that. Assume a 10 char password, with each char picked among 96 (Ascii without ctrl chars).

Without any help, you'd have 96**10 = 66483263599150104576 possibilities to try out.

By having the output from the algorithm, and assuming only two of its guess are false, you'd only have to try 10*9/2*96*96 = 414720 combinations.

Well, of course, you don't know that exactly two characters are wrong. So it may indeed be three, or it may be just one. But, by using a smart algorithm, you'd still have to try out only 414720 passwords on average (first try out exact match, then passwords with 1 wrong char, then with 2, then with 3, etc).

So, it's a much bigger reduction of keyspace than 80%.

Of course, if the program can give you "hints" about which exact character(s) it things might be wrong, the keyspace will be reduced even further.

LED clock

[donnyspi]

I can't even tell what freakin time it is on my LED clock from ThinkGeek, much less deciper keyboard clicks and modem blinks :-)

This is easy to overcome

[JosKarith]

Al you have to do is install voice-recognition software, then train it to only understand you when you speak in a broad Glaswegian accent.
Thereby ensuring NOBODY's going to be able to decipher a word you're saying.

New Technique for Wireless Keyboard

[kelseyj]

This seems like this could be a new method of supporting wireless keyboards. No battery required!

Place clever sig here

More reason than ever...

[Simon+Carr]

To pick up one of these babies... C'mon, it's like $400, I need to grab at any justification I can find!

Huh

[finkployd]

Wait, there is a theory that with $200 of equipment, you can get 80% accuracy on this. Is there any reason why this is still just a theory? Can anyone scrap together the $200 to test this theory?

If only science weren't so expensive. Imagine how many other theories we could test if we could somehow get our hands on $500!

Finkployd

will never break my password

[GarbanzoBean]

I don't type my passwords. I use voice recognition software and just say them. No clicks to overhear baby!!!

Doh

Yeah ... RIGHT

[ninewands]

So, each key on a membrane keyboard makes a unique sound? I HOPE they try to patent this technology ... that is just SO obvious ... but is it practical in application?

Eighty percent accuracy after "voiceprinting" each key thirty times and using neural nets to arrive at an abstract sound signature for each key? Of course, the simple expedient of changing keyboards will defeat that. Or by the other obvious antidote ... background noise! Better be some damned high-value information you're after bucko!

Blinking lights on a modem can be decoded to yield the byte values sent and received? DUH ... also obvious ... that's why they are labelled "TD" and "RD"! Also easily defeated by simple piece of black tape.

Sleep well tonight, your AFDB Brigade is on duty and alert!

Can be done by ear as well

[shamir_k]

I had this teacher who also did some network consulting. He told us of a case where he knew somebody was logging on at a client's site using his password, but he couldn't figure out how his password was being hacked. He noticed that whenever he was logging in, a particular secretary used to hang around. He confronted her and she confessed to using his account. She was an experienced typist and claimed that she could figure out what he was typing by listening to the keystrokes a few times.

Re:Can be done by ear as well

[HD+Webdev]

He confronted her and she confessed to using his account. She was an experienced typist and claimed that she could figure out what he was typing by listening to the keystrokes a few times.

I had a friend in high school that claimed he could translate tty-38 typing even with the high background noise level those machines made in the computing rooms.

He demonstrated this by falsely calling in for support and writing down username/password combinations when the techs would show up and use their remote passwords. He'd then gain access to those accounts and snoop around for access to other accounts & systems. We watched him do it. Unless he was tricking us by using user/passwords he already knew, he really could hear it.

We thought he was really cool until he gained accessed to something he shouldn't and MIB came for him.

IT professionals: don't ignore this

[jrm228]

It's easy to dismiss this right out, but for people who follow the intelligence industry this isn't new. Spooks can already listen to conversations through windows with lasers that measure vibration, and use filter technology to eliminate relatively constant background noise (e.g. a shower running). Combine that with some keyboard listening technology that's been in development for a long time: (see BBC 2001 reference) and suddenly IT security becomes a lot more interesting.

As IT pros, this should have a significant impact on how you think about your IT security policies. Strong password policies are still important, but this further exaggerates the need for strong physical security for all your terminals and surrounding areas.

Future - Speech Recognition

[jabex]

Good thing the whole future of "speech recognition" didn't pan out. Oh those silly Star Trek episodes, everyone can hear when Picard announces his secret password to everyone!

This technology was bound to emerge

[Handover+Slashdot]

For many years, navy submarines have been able to identify surface ships by the sounds of their props. Not just the type, but the exact ship. Why couldn't this be applied to keyboards, especially if you monitor the particular typist for a while?

In other news:

[Big+Nothing]

In other news: hackers can connect to the internet by whistling into the phone.

Sneakers

[ultrasonik]

This is old news. Ever see the movie Sneakers from 1992?

Fear and Paranoia Abound

[List+of+FAILURES]

The ability to decipher what someone types based on the key clicks is quite interesting, but merely conceptual. Certainly, there are plenty of security holes in any technology. This implies that nothing is secure. However, you cannot sit awake at night worrying that someone wants to spy on your personal data. If you do, the you must have a mental condition. Just take a step back for a few minutes and look at the world around you. Think about your life and the things that have happened to you. Just from your own perspective, how many times have you been burgled? Car(s) stolen? Been questioned or interviewed by the authorities? Had important data intercepted and used against you (I'm not talking about homework assignments in grade school)? Actually had identity theft perpetrated against you regardless of using fairly normal measures against discovery? Actually had a system compromised? I think that most of us can attest to the fact that, in reality, this kind of thing happens less frequently than the fear mongers want you to believe. Of course, it does happen, and when it happens to you, it makes you feel like you're just one of many. But this is not the truth. The real truth is that you must use common sense regarding your personal data. Assuming that someone is standing behind you looking over your shoulder to snag your ATM PIN is a sickness. However, being cautious and trying to obscure your keystrokes is reasonable.

If you need to dispose of something with a credit card or bank account number printed on it, you could reasonably buy a paper shredder. This s warranted. However, I prefer the much simpler "temporal/spatial displacement" approach. It's about the highest level of paranoia I, peronally, indulge in. You simply tear off about two thirds of the printed account number and throw away the original document. It only has a few digits of the account number. Likely, not enough to be of use to a dumpster diver. Then you take the two thirds of the number that you tore off of the original document and tear it in half. Take it to work, or to a store or some other location and only dispose of one half of that remaining two thirds. Finally, after a wait of as long a period of time as you wish, dispose of the last bit at another remote location. (A friend's house, your parent's place, a bar, etc...) Only the most meticulous of identity thieves will bother tracking your actions in that way. If you have that level of snoop on your tail, I think you've got bigger problems than simple identity theft. You're either delusional, or you have really upset someone VERY HIGH UP.

So people, put down the crack pipes and get to realizing that there are VERY few people who care about you or your data. Fight the fear. Pound paranoia into the ground. There is little to be afraid of.

Re:Hmmm

[alib001]

It's only a matter of time before they interpret the crinkling noises made by our protective hats and are able to read our very thoughts!

easy fix.

[dj245]

what, you guys don't use a binary keyboard? 99 less keys to break.

Background noise would not help

[lxt]

I'm afraid you're incorrect to say playing background noise would help. General background noise - even completely randomised white noise - won't be a problem for an incredibly sensitive microphone. Decent (OK, incredibly expensive) rifle mics are exceedingly directional, eliminating any noise from the sides.

If you were to train a rifle mic direct at a keyboard from say, 20 metres away in a very busy work environment you could easily pick it up. You can also use a basic 32 band EQ to remove most noise outside of the keyboard clicking frequency.

Background noise isn't really a problem - it's truly amazing what you can do with the correct equipment. For example, the USSR bugged a US embassy by donating an wall mounted American seal. It was sweeped for bugs, and nothing found. This was because there wasn't actually a bug in there - just a simple thin wire, that would vibrate with speech. The USSR then used a highly directional microphone across the street trained at the seal. They were then able to take the vibrations of the wire, and enhance them into speech.

And that was around 20 years ago, long before the sound digital enhancement techniques of today.

So I'll sleep well, but in the knowledge that background noise ain't going to help me that much. To stop keyboard noises the noise would have to be so loud you probably wouldn't be able to work anyway.

Re:"Of course, a whole lot of this is just theory.

[Discoflamingo13]

Here's my problem:

Statement 1: "Apparently with $200 worth of sound equipment and software, these keyboard clicks can be translated to within 80% accuracy."

Statement 2: "Of course, a whole lot of this is just theory."

My Statement: No, only one of those statements can be true