Shh, Type Quiet Or I'll Hear Your Password

If spyware and key-logging software weren't a big enough threat to privacy, researchers have figured out a way to eavesdrop on your computer simply by listening to the clicks and clacks of the keyboard. Those seemingly random noises when processed by a computer were translated with up to 96% accuracy according to researchers at the University of California, Berkeley. It's a form of acoustical spying that should raise red flags among computer security and privacy experts. Researchers used several 10-minute audio recordings of people typing away at their keyboards. They then fed the recordings into a computer that used an algorithm to detect subtle differences in the sound as each letter is struck.

On the first run, the computer had an accuracy of about 60% for characters and 20% for words. After spelling and grammar checks were deployed, the accuracy for individual letters jumped to 70% and words to 50%. The software learned to improve as researchers repeatedly fed back the same recordings, using results of spelling and grammar checks as a gauge on correctness. In the end, it could accurately detect 96% of characters and 88% of words. Researchers said there is some limitation to their technique. For one, their work did not take into account the use of a computer mouse or the "shift", "control", "backspace" or "caps lock" keys. Although they did describe approaches for taking those into account. The use of a computer mouse is another challenge. In another similar related study conducted by IBM, 80% of text was recovered from the sound of keyboard clicks. However, the IBM team relied on controlled conditions such as using the same keyboard and training the software with known text and corresponding sound samples.

So really how significant is this study? Well if a group of researchers made up of college professors and computer experts were able to figure this out, it's likely that people with less honorable intentions (like hackers) can - and have - as well. So forget your "quiet click" keyboards, even those aren't quiet enough to bypass this new method of password stealing. In short, the study is a great piece of research. Audio eavesdropping is just one of many possible techniques to spy on PC users. If the bad guys can get access to your physical space, they can eavesdrop on your stuff. They can install a camera or a keyboard logger on the wire. They can install a microphone on virtually any computer system using off-the-shelf equipment. You don't need high-quality audio to accomplish this. A $10 microphone that can be easily purchased in almost any computer supply store will work just fine. The Berkeley researchers will present their results on November 10th at a computer and communications security conference in Alexandria, Va.

Feeling paranoid yet? No? Ok, then bang away at that keyboard because I'm just dying to read your e-mail today! ;)