Slashdot Mirror

← Back to Stories (view on slashdot.org)

Keyboard Sound Aids Password Cracking

Posted by CmdrTaco on from the but-i-love-clicky-keyboards dept.

stinerman writes "Three students at UC-Berkley used a 10 minute recording of a keyboard to recover 96% of the characters typed during the session. The article details that their methods did not require a 'training text' in order to calibrate the conversion algorithm as has been used previously. The research paper [PDF] notes that '90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.'"

10 of 389 comments (clear)

  1. Redbox for keyboards now? by otomoton · · Score: 5, Interesting

    Does this mean that instead of keystroke loggers, spyware is now going to monitor our microphone input? This almost sounds like something out of a bad 80's movie.

    1. Re:Redbox for keyboards now? by Enigma_Man · · Score: 4, Interesting

      That's exactly what this article is about though... They can get your keystrokes with 96% accuracy just by listening to them over a period of time.

      So, theoretically, yes; malware could listen to microphone input of you typing and work it backwards into key logging. If spyware's already on your system though, it'd be easier just to log the keys in the system. But you could figure out what someone else is typing just by recording it.

      -Jesse

      --
      Nothing says "unprofessional job" like wrinkles in your duct tape.
    2. Re:Redbox for keyboards now? by cei · · Score: 5, Interesting

      Well, I've heard about a guy who was pretty severely colorblind who could color-correct photos in Photoshop by the numbers and come up with better results than those who didn't share his impairment. It's interesting to me when meta content becomes content in its own right... if the lights of the EQ become just as valid a form of expression as the sounds driving them.

      --
      This sig intentionally left justified.
    3. Re:Redbox for keyboards now? by gi-tux · · Score: 3, Interesting

      When I first saw the headline, I thought that maybe they were doing time analysis on the keystrokes to guess the fingers used and which row on the keyboard. If that were the case, I would just type my password using a couple of fingers and do some very accurate timing (given I used to be a drummer, I can get pretty accurate) an that would throw them off.

      However, this is a little harder, I have to hit each and every key so that it makes exactly the same sound. This is extremely difficult because even if I use exactly the same pressure and exactly the same stroke on every key, then the spring might be different, or the switch might be slightly different on a few keys and still give hints.

      I think that the best defense is to learn to type at about 1200 words per minutes (100 characters per second) so that the sound is just one constant stream and they would be incapable of breaking it down. Like the German "zip gun" from WWII, the MG-42 which fired around 1200-1300 rounds per minute and sounded like a zipper to the Allied soldiers. The constant short zip sounds also made it difficult to locate the gun when in cover.

      --
      I have no sig, does anyone have one to spare?
  2. Use ASCII numerics, or pound the keyboard at login by ScentCone · · Score: 4, Interesting

    Honestly, I've always wondered about this. But then it occurs to be that you could type the ALT+Numeric equivalent of your password characters, just to throw off the bad guys. You know, ALT+100 = "d", etc. Or, just bang the drum slowly when entering the password - loud, thumpy keystrokes. Or put the keyboard in your lap momentarily to alter the acoustic signature.

    Or, don't worry. I mean, realistically, what are the odds of this crack actually happening in the non-ultra-spooky world? And once you're in that playground, it's biometrics, smartcards, etc., anyway, right?

    --
    Don't disappoint your bird dog. Go to the range.
  3. Been there, done that by coyote-san · · Score: 4, Interesting

    25 years ago (gah!) I really freaked out my boss because I made a big production of turning my back to him as he typed the root password. I turned back and told him what he just typed.

    It wasn't anything fancy, just familiarity with the sound that keyboard made and the usual pauses as fingers move to various keys.

    I also used to be able to tell you what number was dialed from the touchtones.

    P.S. a college friend said that he would occasionally talk to others in morse code after a long duty shift when he was in the military. Forget the nonsense in the introductory material - anyone who really knows morse code and knows it fast hears it as words. It's not hard to take the final step and speak it like you hear it.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
  4. I think so by the_mighty_$ · · Score: 5, Interesting

    This technique must be usable on most keyboards, because judging from this the FBI sometimes uses (or has used in the past) this technique. From the page:

    Audio surveillance. This method is a variation of Attack #4. FBI technicians install an audio bug near your computer. The sounds generated by the keyboard can be analyzed. By comparing these sounds with the noises made during generation of a known piece of text, the FBI can often deduce your passphrase - or come so close that only a few characters need to be guessed.

    Oh and by the way, that page was written in 1998, so these UC-Berkley students (and the /. editors) are about 7 years slow.

    --
    VI VI VI - the editor of the beast!
  5. Windows On Screen Keyboard by Hoi+Polloi · · Score: 4, Interesting

    If you use Windows you can also use osk.exe (On Screen Keyboard) to enter your password, this will allow you to bypass the keyboard completely. This also assumes that you have taken precautions against TEMPEST and CRT diffuse visible light monitoring.

    --
    It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
  6. Don't panic by ezweave · · Score: 5, Interesting

    While it is an interesting topic, controlled conditions are required for this to work correctly.

    They use a deterministic method to find the next probable character for a given sequence. Deterministic in that if I type 't' and then type 'h' and there are only so many combinations available after that (this is the Markov chain part). Er basically a sort of decision coverage. That is used with the spell check dictionaries they mention for English text recognition. It is interesting too that they are using a neural network (though appropriate) to recognize the patterns. But because they did not make their own, the details are a bit brief.

    The problem I see is that the password detection is not flushed out enough and based upon what they state, it is not as powerful as it sounds. The deterministic method won't work for all passwords (as they typically are not English). Their "analysis" is basically a speed up on a dictionary hack (it helps to know the size of the password from the keystrokes), eliminating possibilities by way of possible patterns. But what about special characters, does a shift+key sound that different? Mixed cases, etc? And the deterministic approach does not work if the password is random AND the network has to be trained for THAT persons typing style and keyboard. Is that likely?

    I would be more worried about Van Eck Phreaking.

  7. Re:75 attempts? by papasui · · Score: 4, Interesting

    This is exactly how I exploited a Novell network while in high school.. I wrote a keystroke logger and then intentionally entered my own password wrong serveral times until I was locked out. I called the Sysadmin over and he logged in on the computer and reset my password. I then pulled his password from the logger and made my own sysadmin account 'jdoe'.