Slashdot Mirror

← Back to Stories (view on slashdot.org)

Traditional Keyboard Sounds Can be Decoded By Listening Over a VoIP Connection, Researchers Say (onthewire.io)

Posted by msmash on from the security-woes dept.

Reader Trailrunner7 writes: Researchers have known for a long time that acoustic signals from keyboards can be intercepted and used to spy on users, but those attacks rely on grabbing the electronic emanation from the keyboard. New research from the University of California Irvine shows that an attacker, who has not compromised a target's PC, can record the acoustic emanations of a victim's keystrokes and later reconstruct the text of what he typed, simply by listening over a VoIP connection.

The researchers found that when connected to a target user on a Skype call, they could record the audio of the user's keystrokes. With a small amount of knowledge about the victim's typing style and the keyboard he's using, the researchers could accurately get 91.7 percent of keystrokes. The attack does not require any malware on the victim's machine and simply takes advantage of the way that VoIP software acquires acoustic emanations from the machine it's on.

57 comments

  1. New research perhaps, but not new results by suso · · Score: 4, Informative

    While their specific research may be new, the results are hardly new. Its been nearly 11 years since more original research was released with similar results. Looks like this may be the first time Slashdot has reported this though.

    1. Re:New research perhaps, but not new results by bjdevil66 · · Score: 1

      A comparable story was posted to Slashdot a little over a decade ago (early to mid 2000s?), though the percentages were lower that 91%, IIRC (it might have been based on your Berkeley link). I recall wondering if cubes next to mine could be susceptible to such "hacking" (i.e. spying).

    2. Re:New research perhaps, but not new results by CaptainLard · · Score: 3, Insightful

      What is new however, is that 25% of my keyboard interactions now involve autocomplete popping up and me selecting something with a mouse. Better hurry up and exploit this while you can...

    3. Re:New research perhaps, but not new results by tlhIngan · · Score: 1

      I think the real difference is that the audio chain is no longer perfect - it's over VoIP and the audio has been compressed to favor voice over complete fidelity. So the audio of the typing would be distorted since it's not considered important audio. And even with this distortion is it possible to figure out which keys were pressed.

    4. Re:New research perhaps, but not new results by Anonymous Coward · · Score: 0

      While their specific research may be new, the results are hardly new. Its been nearly 11 years since more original research was released with similar results. Looks like this may be the first time Slashdot has reported this though.

      Something like this not posted to slashdot? Nevahhh!

      From Thursday May 13, 2004:

      The Security Risk of Keyboard Clicks

    5. Re:New research perhaps, but not new results by sleekware · · Score: 1

      That it was: The Security Risk of Keyboard Clicks (2004)

    6. Re: New research perhaps, but not new results by Anonymous Coward · · Score: 0

      Bah, Germany was doing this even earlier.

    7. Re:New research perhaps, but not new results by Anonymous Coward · · Score: 0

      But but but....on VOIP...

      Not exactly breaking new ground. What we found 10 years ago still applies and we can probably analyze it better now. How Earthshattering!

    8. Re:New research perhaps, but not new results by AHuxley · · Score: 1

      Emanations from a keyboard got picked up in the 1950's by the GCHQ under a operation called "Engulf".
      Acoustic cryptanalysis
      https://en.wikipedia.org/wiki/...

      --
      Domestic spying is now "Benign Information Gathering"
    9. Re:New research perhaps, but not new results by Anonymous Coward · · Score: 0

      What's *really* new is audio transcriptions that involve people saying the words out loud and having the letters appear on the screen. Good luck capturing THAT one with a microphone, researchers!

    10. Re:New research perhaps, but not new results by bjdevil66 · · Score: 1

      Thanks - that was the one. Alleged 80% accuracy.

    11. Re:New research perhaps, but not new results by michael_wojcik · · Score: 1

      In the real world, there's a difference between "eh, we can probably do X" and actually doing the research to show that we can do X. I know, that's a hard concept for J. Random Slashdot Idiot to comprehend.

  2. So can cell phones and phones over copper by Anonymous Coward · · Score: 0

    Duh

    1. Re:So can cell phones and phones over copper by Opportunist · · Score: 1

      But this is "on the internet", so it is new!

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. the big question is by Anonymous Coward · · Score: 1

    can they decode the sound of keystrokes on the crappy, staticy VOIP connection when "Bob" from "Microsoft" calls from Bangalore to tell me I owe money to the IRS.

    1. Re: the big question is by Anonymous Coward · · Score: 0

      No more melodically typing out my social security number to the tune of Old McDonald's Farm on my IBM clicky keyboard.

  4. Not on Apple's fancy new keyboards by presidenteloco · · Score: 1

    with close to zero key throw,

    I imagine they're whisper silent, almost as if they were just a piece of glass.

    Besides people will only be typing short security-unimportant tweets on the damn things anyway, since real long-form documents will be a pain to type.

    --

    Where are we going and why are we in a handbasket?
    1. Re:Not on Apple's fancy new keyboards by 4wdloop · · Score: 1

      Perhaps one can listen to finger joints clicking?

      --
      4wdloop
    2. Re:Not on Apple's fancy new keyboards by Anonymous Coward · · Score: 0

      The MacBook Wheel does not make any sound at all.

    3. Re:Not on Apple's fancy new keyboards by macs4all · · Score: 1

      with close to zero key throw,

      I imagine they're whisper silent, almost as if they were just a piece of glass.

      Besides people will only be typing short security-unimportant tweets on the damn things anyway, since real long-form documents will be a pain to type.

      Oh, so you've seen the new keyboards that AREN'T OUT YET???

    4. Re:Not on Apple's fancy new keyboards by Anonymous Coward · · Score: 0

      I'd guess (s)he is referring to the design of the MacBook keyboards (which I think it also on the new wireless keyboard) that have been out for quite some time.

    5. Re: Not on Apple's fancy new keyboards by Anonymous Coward · · Score: 0

      No. just heard about it over VOIP. :-)

    6. Re:Not on Apple's fancy new keyboards by macs4all · · Score: 1

      I'd guess (s)he is referring to the design of the MacBook keyboards (which I think it also on the new wireless keyboard) that have been out for quite some time.

      Ok, well, they are far from silent, nor "like typing on a piece of glass". The keys are short-throw, to be sure; but hardly ZERO throw.

      But I guess to some people, if its not a Model "M", then its not really a keyboard (rolls eyes)...

  5. 1 million monkeys by RPGonAS400 · · Score: 1
    I was just listening to a VOIP connection to 1 million monkeys typing. Here is their message:

    "Four score and seven years ago our fathers brought forth on this continent..."

    1. Re:1 million monkeys by Anonymous Coward · · Score: 1

      The last time I saw the results of 1 million monkeys typing, it was mostly things like "Obama is a secret muslim communist working with Crooked Hillary to destroy America and take our guns!"

    2. Re:1 million monkeys by Anonymous Coward · · Score: 0

      I don't know why anyone would think crooked Hillary would want to take their guns. I mean, it's not like her own daughter admitted it or anything.

    3. Re:1 million monkeys by Anonymous Coward · · Score: 0

      yes, that's obviously true

    4. Re:1 million monkeys by Anonymous Coward · · Score: 0

      I got "It was the best of times, it was the blurst of times"

  6. Of course you can by 110010001000 · · Score: 1

    This isn't shocking. If you can match an acoustic signature you can figure it out. There have been tons of these "research" projects coming out of Universities lately. I guess this is what passes for research nowadays. I can write a program that can identify any car that drives by with good accuracy just by recording the sound the engine makes and matching it against known engine sounds. Ridiculous.

    1. Re:Of course you can by Anonymous Coward · · Score: 0

      I can write a program that can identify any car that drives by with good accuracy just by recording the sound the engine makes and matching it against known engine sounds.

      Bull shit you can. Classifying audio isn't some trivial if-then-else exercise.

    2. Re:Of course you can by 110010001000 · · Score: 0

      Yes. Yes it really is. There are already audio fingerprinting software out there performs fuzzy matches on audio. Ridiculous.
      if (sound_match(ford_150_car_engine_sound, engine_sound_clip))
      printf("ITS A FORD F150!");

    3. Re: Of course you can by retchdog · · Score: 1

      with an fft and engine sound database, you could get a not-too-terrible result in an hour or two just using nearest-neighbor methods. it's not totally trivial, but it's something i would expect an undergraduate to be able to do as homework.

      try reading the paper about shazam's core method. it's amazingly simple (which isn't to say they haven't done a lot of work tweaking it of course).

      --
      "They were pure niggers." – Noam Chomsky
    4. Re: Of course you can by Anonymous Coward · · Score: 0

      > something i would expect an undergraduate to be able to do as homework.

      Is this the new version of "all problems are either unsolved or trivial"?

    5. Re: Of course you can by retchdog · · Score: 1

      it's not that new.

      --
      "They were pure niggers." – Noam Chomsky
  7. Interesting by Anonymous Coward · · Score: 0

    Interesting, but the whole "espionage" angle seems exaggerated. This is kinda worthless for espionage.

    You need to know the model of the keyboard, know a bit about the typing style of your victim and you need to somehow either sneak a microphone into close proximity of your victim, or hack their computer so that it is always recording and transmitting audio to you. Oh, and you need it to be relatively quiet, so spying on a crowded place is out of the question.

    If you have this kind of access to your target, there are much less convoluted ways to spy on them. A simple malware package delivered via ad network (or even email -- people aren't very smart) would give you full keyboard logging capabilities plus whatever else you managed to pack in there, which would open even more avenues of exploitation.

    1. Re:Interesting by Anonymous Coward · · Score: 0

      I am quite safe: As soon as you do anything involving graphics, my PC emits so much noise you can hardly talk over it, and it emits so much RFI that it stops my phone from working. You can't beat crappy tech for security!

  8. Double Jeopardy by Anonymous Coward · · Score: 0

    Can I set it up so that the Mic on my own laptop can record this so I can transmit my own rants to the people I'm ranting about?

  9. spoiler by Anonymous Coward · · Score: 0

    guys the text that appears in your chat window while having a skype voice connnection is not decrypted from the voice channel :-) nice try

  10. Fearful of this? Create random noise... by Anonymous Coward · · Score: 0

    When I use to DM I'd throw a couple dice every once in a while to keep my party thinking there was something going on that really wasn't. This could be entertaining if you knew you were being monitored.

    1. Re: Fearful of this? Create random noise... by Anonymous Coward · · Score: 0

      "Alright, I need everyone to roll perception checks..."

    2. Re: Fearful of this? Create random noise... by Opportunist · · Score: 1

      Usually followed by one of my long time players muttering "Only thing that's sure when he makes us roll for perception is that there's nothing to be found..."

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  11. sooo...eh...new type of wireless keyboard? by 4wdloop · · Score: 1

    Use naturally occurring acoustic waves instead of EM waves?
    Is it patented?

    --
    4wdloop
    1. Re:sooo...eh...new type of wireless keyboard? by KozmoStevnNaut · · Score: 1

      TV remote controls used to be ultrasonic, and worked by striking small aluminum rods of slightly different length, to produce different (inaudible) tones.

      While those remote controls only had a few basic functions, I see no reason why this couldn't be replicated for a 104/105-key keyboard.

      --
      Eat the rich.
  12. Reconstructing text - Already been done by Torgo's+Pizza · · Score: 1

    I used a technique back in the early 1990s where anyone using internet relay chat would have their keystrokes appear on my end. It was also 100% accurate, no microphone needed, and able to capture hundreds -- no, thousands of users at a time. I could capture dozens of conversations lasting hours sorted into "channels". It was fun for a while, I really should get back into it.

    </sarcasm>

    1. Re:Reconstructing text - Already been done by Kaptain+Kruton · · Score: 1

      I started to feel old when I realized that no one under the age of thirty will have any clue what you are talking about.

    2. Re:Reconstructing text - Already been done by 110010001000 · · Score: 0

      I think it is some sort of AI big data social networking thing. Can I invest?

  13. call a spade a spade by Ionized · · Score: 1

    so what you really mean is 'someone else already wrote a program to identify any car that drives by with good accuracy just by matching it against known engine sounds, and i can write a several-line script to call that program'

    which is way less impressive than your original, misleading claim.

     

    1. Re:call a spade a spade by 110010001000 · · Score: 0

      No, I mean that "someone else already wrote a library that does fuzzy audio matching and I am using that". You don't think these "researchers" wrote their own audio matching library do you?

    2. Re:call a spade a spade by Anonymous Coward · · Score: 0

      ...yes? But I don't think you are capable of making a post that isn't stupefyingly idiotic, so why would I bother giving you a coherent answer beyond "Um, yes. Idiot."

  14. Hello 90s by Mondor · · Score: 1

    Sorry, but I think this news is from 90s or early 00s. I still clearly remember the effort to decode the sound of the keyboard, but then it was working with a particular keyboard and it was told that application has to be trained to decode clicks of another keyboard.

    1. Re:Hello 90s by zlives · · Score: 1

      i remember the same, about the ibm clickety click (official name i think) keyboard

  15. here's a workaround then by KiloByte · · Score: 2

    apt-get install bucklespring (there's a Mac build, dunno how do you install there -- or if you even still can install anything not from the App Store)

    The author of this program has sampled the sound of every key on a real Model M, so you can install this and pretend you have a keyboard for grown-ups. On the downside, everyone in your building can learn what you type without requiring a VoIP link.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    1. Re:here's a workaround then by Anonymous Coward · · Score: 0

      Haha thanks for this. Already annoying the shit out of my wife. "What's that sound?" she keeps asking. There are instructions on the page for OSX, I just tested on El Capitan and they work just fine.

  16. This will make a great addition to by presidenteloco · · Score: 1

    the housefly cam that's recording video of your keyboard from the ceiling,
    and the laser pointed at your office window that is recording the window vibrations as you proofread by mumbling to yourself as you write.

    --

    Where are we going and why are we in a handbasket?
  17. Acoustic/Electronic? by wonkey_monkey · · Score: 1

    Researchers have known for a long time that acoustic signals from keyboards can be intercepted and used to spy on users, but those attacks rely on grabbing the electronic emanation from the keyboard.

    I don't get it. What are these electronic emanations which can be acoustically picked up?

    --
    systemd is Roko's Basilisk.
  18. Oh please, if this were true by WillAffleckUW · · Score: 1

    Seriously, if it was possible to effectively translate the sounds made by a keyboard, then the computers used to record Confidential, Secret, and Top Secret data would all have to be located in windowless rooms where you could not capture said sounds.

    That's funny.

    As if some of us on here worked in such windowless rooms back in the 70s and 80s ....

    (grin)

    --
    -- Tigger warning: This post may contain tiggers! --
  19. So you have compromised the PC by Anonymous Coward · · Score: 0

    So you have compromised the PC and rather installing a key logger, you turn on the mic to listen to the key board.