Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

The Security Risk of Keyboard Clicks

Posted by simoniker on Thu May 13, 2004 07:38 AM
from the tap-tap-oops dept.
Security Hardware
Gudlyf writes "First the blinking LED security issue, now this: listening to tell-tale keyboard clicks to decipher from afar what a person is typing. This isn't limited to just computer keyboards -- ATM's, telephone keypads, security doors, etc. Apparently with $200 worth of sound equipment and software, these keyboard clicks can be translated to within 80% accuracy. Of course, a whole lot of this is just theory."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

The Security Risk of Keyboard Clicks 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Great... (Score:5, Funny)

    by ebob9 (726509) * on Thursday May 13 2004, @07:40AM (#9138006)
    Now when I log in to my account at work, instead of just needing password, secureid, smartcard, fingerscan, eyescan, and a note from my mother, I'll also need to use an on-screen touch-screen keyboard!

    Of course, someone will probably now figure out that tapped glass reverberates at a different frequency...

    • Re:Great... (Score:5, Interesting)

      by orangesquid (79734) <orangesquid&yahoo,com> on Thursday May 13 2004, @07:42AM (#9138034) Homepage Journal
      Nah. Think about it: pressing different spots of your screen is like pressing down a guitar string at different points. You will cause the screen to resonate with a multitude of frequencies with distinct audio "fingerprints" for different points on the screen, which can also be picked up by very sensitive equipment.

      Sorry.

    • Re:Great... (Score:4, Interesting)

      by Aglassis (10161) on Thursday May 13 2004, @07:52AM (#9138122)
      The problem can be solved easy enough with a numeric keypad. Place seven-segment displays under the keys that are randomly orientated, like
      7 5 2
      4 3 1
      0 9 6
      8
      This solves the problem for ATMs. If you dim the LEDs and polarize the light, you would make it more difficult for a camera to find the password also. Obviously this only applies to a numeric keypad (for ATMs and the like) since it would be a pain in the ass to change the lettering dynamically on a keyboard (at least for the user). The solutions for those using keyboards could be as simple as using a smartcard with a PIN number (which you enter on the randomized 10 digit display). The sooner we get rid of the biggest security risk on computers IMHO (guessable passwords) the better.
      • And the blind users tell what the randomized order is... how?

      • Re:Great... (Score:5, Informative)

        by jdreed1024 (443938) on Thursday May 13 2004, @08:46AM (#9138695)
        Those already exist. They're called "scramble pads". We had one on the server room where I used to work. You press "start", and it displays the numbers in LEDs under the keys, and you enter the code. Every time you press start, the numbers are in a different position. And you can barely read them when staring right at the pad, let alone from the side.

        Of course, it took about 5 times longer to get in than with a key or swipe card (since the code was 8 numbers), but there's always a trade-off.

        here's a picutre [semcorp.com] of one.

  • low~ (Score:5, Informative)

    by Leffe (686621) on Thursday May 13 2004, @07:41AM (#9138020)
    The site was really slow, so I copied the article:


    OAKLAND -- Listen to this: Eavesdroppers can decipher what is typed by simply listening to the sound of a keystroke, according to a scientist at this week's IEEE Symposium of Security and Privacy in Oakland, Calif.

    Each key on computer keyboards, telephones and even ATM machines makes a unique sound as each key is depressed and released, according to a paper entitled "Keyboard Acoustic Emanations" presented Monday by IBM research scientist Dmitri Asonov.

    All that is needed is about $200 worth of microphones and sound processing and PC neural networking software.

    Today's keyboard, telephone keypads, ATM machines and even door locks have a rubber membrane underneath the keys.

    "This membrane acts like a drum, and each key hits the drum in a different location and produces a unique frequency or sound that the neural networking software can decipher," said Asonov.

    Asonov found that by recording the same sound of a keystroke about 30 times and feeding it into a PC runninG standard neural netwOrking softwAre, he could decipher the keys with an 80% accuracy raTe. He was also able to train the SoftwarE on one keyboard to decipher the keystrokes on any other keyboard of the same make and model.

    Good sound quality is not required to recognize the acoustic signature or frequency of the key. In fact, Asonov was able to extract the audio captured by a cellular phone and still decipher the signal.

    "But don't panic," Asonov cautioned. "There are some easy ways to fix the problem." First, close the door in the room where you're working. Second, buy a rubber keyboard coffee guard that will dampen the sound enough to make eavesdropping difficult.

    However, Asonov said that he believed it was possible to use acoustical analysis algorithms to decipher key sounds based simply on gathering the data from just a couple of keys and extrapolating what other keys should sound like.

    Asonov warned that his work was almost entirely based on the evidence from his experiments and that he has little or no theoretical information to back up his theories. For example, he discovered that it was the membrane that was providing the unique signature simply by cutting a keyboard in two and finding that the neural networking software no longer worked.


    Yeah, I put a surprise in there too ;)
    • "This membrane acts like a drum, and each key hits the drum in a different location and produces a unique frequency or sound that the neural networking software can decipher," said Asonov.

      Well, while hitting the keys harder or softer may make little difference (note that the frequency is captured), doing weird tricks like

      • typing at 5 wpm rather than 50
      • mistyping a few keys, and going back and forth to correct the errors
      • using backspace every once in a while
      • ...
      • If each keystroke makes a distinctive sound, then I'd think that backspace and the cursor keys etc. would have too, wouldn't you? So if you were to type in "fe[backspace]oo" for example, it could still be interpreted as plain old "foo" once the data is analysed.

        It seems to me that the only way to defeat this is to modify or otherwise conceal the noise of te keyboard. But what would be the point of doing that? If someone has been able to plant a microphone sensitive enough to detect subtle differences i

      • How about hopping between windows a lot while entering passwords? The mics will only pick up what you're typing, but moving the mouse then becomes a lot harder to trace which window you're typing into. Enter the first few characters of one password in one window, move to another, start there, move back, etc.

        Then there's always the copy-and-paste method - copy characters off the screen and paste into the password window.

        'scuse me, I'm low on aluminum foil.
  • Sounds like bollocks to me. The amount of crumbs under my keys, I'd be mighty impressed if you got anything intelligble.

  • Security risks (Score:5, Insightful)

    by NETHED (258016) on Thursday May 13 2004, @07:44AM (#9138049) Homepage
    You know, I don't care.

    Its not like I have the secrets to nuclear weapons research, nor do I have tomorrows stock market numbers. I and average Joe 24 Pack.

    So you can listen to my keystrokes and decipher what I am typing. I'm sure that if you asked me, I'd tell you anyway. People are far greater a security risk than computers.

    And well, if you have such sensative documents, Tempest your computer, unplug it from EVERY network and work.

    I agree that these are good academic exercises to see how one person can spy on another, but does it matter to 99% of the world. NO. Anywho, my girlfriend just yelled at me so I needed to vent.

  • bah (Score:4, Insightful)

    by awing0 (545366) <adam.badtech@org> on Thursday May 13 2004, @07:45AM (#9138059) Homepage Journal
    I'm still not going to give up my Model M.

  • 80% accuracy can be useless... or not (Score:5, Interesting)

    by shoppa (464619) on Thursday May 13 2004, @07:45AM (#9138061)
    80% accuracy is far from perfect. For instance, an OCR application that returned only 80% accuracy would probably be rejected by the vast majority of users, as this means hundreds of errors to be corrected per page.

    OTOH if all you want is a 6-character password, and it's typed a couple of times a day, then listening with 80% accuracy for a day may well be enough.

    • Even if the password is recorded once, this will reduce the keyspace by 80%. Which is not bad if you want to do a brute force attack.

      Also, if the software provide with the estimated value for the accuracy of each keystroke (and which other key stroke may be likely for the produced sound) then you can direct your keyspace search to the most likely key first.

      One of the problem I have with this technique is that the guy had to record the sound of each key 30 times before starting to try to recognize keystrok
      • Even if the password is recorded once, this will reduce the keyspace by 80%.

        Actually, it will reduce the key space by much more than that. Assume a 10 char password, with each char picked among 96 (Ascii without ctrl chars).

        Without any help, you'd have 96**10 = 66483263599150104576 possibilities to try out.

        By having the output from the algorithm, and assuming only two of its guess are false, you'd only have to try 10*9/2*96*96 = 414720 combinations.

        Well, of course, you don't know that exactly two chara

    • Not to be a math nazi... but to just squeeze out the minimal qualification of "hundreds" of errors per page, assuming you're speaking at the granularity of single words (since that's the granularity spell checks work at), you'd have to have 1000 words per page. I doubt most professional documents would have that many words per page (and you'd have to do it at an 8 point font to make it happen anyway), so it may be of some use after all, especially where accuracy is less important, or the documents are small

  • LED clock (Score:3, Funny)

    by donnyspi (701349) <junk5&donnyspi,com> on Thursday May 13 2004, @07:46AM (#9138066) Homepage
    I can't even tell what freakin time it is on my LED clock from ThinkGeek, much less deciper keyboard clicks and modem blinks :-)

  • This is easy to overcome (Score:5, Funny)

    by JosKarith (757063) on Thursday May 13 2004, @07:46AM (#9138070)
    Al you have to do is install voice-recognition software, then train it to only understand you when you speak in a broad Glaswegian accent.
    Thereby ensuring NOBODY's going to be able to decipher a word you're saying.

  • ATM sounds (Score:3, Interesting)

    by monkeyserver.com (311067) on Thursday May 13 2004, @07:46AM (#9138075) Homepage Journal
    Maybe I am remembering wrong, but I think old ATMs used to have slightly different tones for the different buttons, which is dumb, but sounds like something some engineer would do without thinking.

    This also got me thinking, I used to have an old MAC IIe, when you selected menu items (from that top mac tool bar) different pitches were emitted from the pc, they were quiet and possible actually created from the guns in the tube itself, but this type of thing could be used to figure out what ppl are doing... idontevenknow....

  • New Technique for Wireless Keyboard (Score:3, Interesting)

    by kelseyj (398409) on Thursday May 13 2004, @07:46AM (#9138079)
    This seems like this could be a new method of supporting wireless keyboards. No battery required!

    Place clever sig here

  • More reason than ever... (Score:4, Informative)

    by Simon Carr (1788) <slashdot.org@simoncarr.com> on Thursday May 13 2004, @07:48AM (#9138086) Homepage
    To pick up one of these babies [thinkgeek.com]... C'mon, it's like $400, I need to grab at any justification I can find!

  • Obligatory Heinlien Reference.... (Score:3, Interesting)

    by Clinoti (696723) * on Thursday May 13 2004, @07:48AM (#9138090)
    Sadly I can't quote the exact book nor passage from it, but the story is set with a group of people in a cave at a time of war/experiment.

    Anyhow, the coordinator of the group would report the status of the group to the outside via computer. However there was only one computer and she typed on the keyboard by setting her hands under a shelf that masked the users typing. There was no screen. She simply made her notes, requests, etc by typing blindly on that keyboard.

    At an old networking facility I worked at we had a similar system in place to enter the server room, there was a keypad set into the wall next to the door and in order to enter your code for entry you had to place your hand inside the little 4X4 box that masked/overlayed the keypad. Add in the background noise from the HVAC systems outside the room and we pretty much had/have a secured system.

  • Huh (Score:5, Funny)

    by finkployd (12902) on Thursday May 13 2004, @07:49AM (#9138101) Homepage
    Wait, there is a theory that with $200 of equipment, you can get 80% accuracy on this. Is there any reason why this is still just a theory? Can anyone scrap together the $200 to test this theory?

    If only science weren't so expensive. Imagine how many other theories we could test if we could somehow get our hands on $500!

    Finkployd

  • will never break my password (Score:4, Funny)

    by GarbanzoBean (695162) on Thursday May 13 2004, @07:52AM (#9138120)
    I don't type my passwords. I use voice recognition software and just say them. No clicks to overhear baby!!!

    Doh

  • Yeah ... RIGHT (Score:4, Insightful)

    by ninewands (105734) on Thursday May 13 2004, @07:53AM (#9138131)
    So, each key on a membrane keyboard makes a unique sound? I HOPE they try to patent this technology ... that is just SO obvious ... but is it practical in application?

    Eighty percent accuracy after "voiceprinting" each key thirty times and using neural nets to arrive at an abstract sound signature for each key? Of course, the simple expedient of changing keyboards will defeat that. Or by the other obvious antidote ... background noise! Better be some damned high-value information you're after bucko!

    Blinking lights on a modem can be decoded to yield the byte values sent and received? DUH ... also obvious ... that's why they are labelled "TD" and "RD"! Also easily defeated by simple piece of black tape.

    Sleep well tonight, your AFDB Brigade is on duty and alert!
    • So, had this actually occured to you before the article was posted? If so, nicely done -- you're more creative than I am. But for the vast majority of people, this is non-obvious until it's been pointed out. Defeating it probably isn't hard, just like with the modems. However, in areas where security is that important, it still has to be defeated, which requires action. These articles are important simply because they point out security risks that most people would have thought impossible.

    • Background noise would not help (Score:4, Interesting)

      by lxt (724570) on Thursday May 13 2004, @09:17AM (#9139064) Journal
      I'm afraid you're incorrect to say playing background noise would help. General background noise - even completely randomised white noise - won't be a problem for an incredibly sensitive microphone. Decent (OK, incredibly expensive) rifle mics are exceedingly directional, eliminating any noise from the sides.

      If you were to train a rifle mic direct at a keyboard from say, 20 metres away in a very busy work environment you could easily pick it up. You can also use a basic 32 band EQ to remove most noise outside of the keyboard clicking frequency.

      Background noise isn't really a problem - it's truly amazing what you can do with the correct equipment. For example, the USSR bugged a US embassy by donating an wall mounted American seal. It was sweeped for bugs, and nothing found. This was because there wasn't actually a bug in there - just a simple thin wire, that would vibrate with speech. The USSR then used a highly directional microphone across the street trained at the seal. They were then able to take the vibrations of the wire, and enhance them into speech.

      And that was around 20 years ago, long before the sound digital enhancement techniques of today.

      So I'll sleep well, but in the knowledge that background noise ain't going to help me that much. To stop keyboard noises the noise would have to be so loud you probably wouldn't be able to work anyway.

  • Can be done by ear as well (Score:5, Interesting)

    by shamir_k (222154) on Thursday May 13 2004, @07:54AM (#9138142) Homepage
    I had this teacher who also did some network consulting. He told us of a case where he knew somebody was logging on at a client's site using his password, but he couldn't figure out how his password was being hacked. He noticed that whenever he was logging in, a particular secretary used to hang around. He confronted her and she confessed to using his account. She was an experienced typist and claimed that she could figure out what he was typing by listening to the keystrokes a few times.

  • IT professionals: don't ignore this (Score:5, Interesting)

    by jrm228 (677242) on Thursday May 13 2004, @07:55AM (#9138149)
    It's easy to dismiss this right out, but for people who follow the intelligence industry this isn't new. Spooks can already listen to conversations through windows with lasers that measure vibration, and use filter technology to eliminate relatively constant background noise (e.g. a shower running). Combine that with some keyboard listening technology that's been in development for a long time: (see BBC 2001 reference) [bbc.co.uk] and suddenly IT security becomes a lot more interesting.

    As IT pros, this should have a significant impact on how you think about your IT security policies. Strong password policies are still important, but this further exaggerates the need for strong physical security for all your terminals and surrounding areas.

  • Future - Speech Recognition (Score:3, Funny)

    by jabex (320163) on Thursday May 13 2004, @07:55AM (#9138150) Homepage
    Good thing the whole future of "speech recognition" didn't pan out. Oh those silly Star Trek episodes, everyone can hear when Picard announces his secret password to everyone!

  • This technology was bound to emerge (Score:5, Interesting)

    by Handover Slashdot (255651) on Thursday May 13 2004, @07:56AM (#9138154)
    For many years, navy submarines have been able to identify surface ships by the sounds of their props. Not just the type, but the exact ship. Why couldn't this be applied to keyboards, especially if you monitor the particular typist for a while?

  • In other news: (Score:5, Funny)

    by Big Nothing (229456) <big.nothing@bigger.com> on Thursday May 13 2004, @07:57AM (#9138163)
    In other news: hackers can connect to the internet by whistling into the phone.

  • Sneakers (Score:3, Informative)

    by ultrasonik (775562) on Thursday May 13 2004, @07:57AM (#9138169) Homepage
    This is old news. Ever see the movie Sneakers from 1992?

  • No worries. (Score:3, Funny)

    by Chess_the_cat (653159) on Thursday May 13 2004, @08:02AM (#9138205) Homepage
    Today's keyboard, telephone keypads, ATM machines and even door locks have a rubber membrane underneath the keys.

    My Model M doesn't have a rubber membrane so I'm not worried. Then again you don't need a microphone to hear me typing on it. My neighbours can hear me typing. If someone were to stick a microphone up to it I'd be interested to know how much of their hearing they'd retain.

  • Fear and Paranoia Abound (Score:5, Insightful)

    by List of FAILURES (769395) on Thursday May 13 2004, @08:12AM (#9138319) Journal
    The ability to decipher what someone types based on the key clicks is quite interesting, but merely conceptual. Certainly, there are plenty of security holes in any technology. This implies that nothing is secure. However, you cannot sit awake at night worrying that someone wants to spy on your personal data. If you do, the you must have a mental condition. Just take a step back for a few minutes and look at the world around you. Think about your life and the things that have happened to you. Just from your own perspective, how many times have you been burgled? Car(s) stolen? Been questioned or interviewed by the authorities? Had important data intercepted and used against you (I'm not talking about homework assignments in grade school)? Actually had identity theft perpetrated against you regardless of using fairly normal measures against discovery? Actually had a system compromised? I think that most of us can attest to the fact that, in reality, this kind of thing happens less frequently than the fear mongers want you to believe. Of course, it does happen, and when it happens to you, it makes you feel like you're just one of many. But this is not the truth. The real truth is that you must use common sense regarding your personal data. Assuming that someone is standing behind you looking over your shoulder to snag your ATM PIN is a sickness. However, being cautious and trying to obscure your keystrokes is reasonable.

    If you need to dispose of something with a credit card or bank account number printed on it, you could reasonably buy a paper shredder. This s warranted. However, I prefer the much simpler "temporal/spatial displacement" approach. It's about the highest level of paranoia I, peronally, indulge in. You simply tear off about two thirds of the printed account number and throw away the original document. It only has a few digits of the account number. Likely, not enough to be of use to a dumpster diver. Then you take the two thirds of the number that you tore off of the original document and tear it in half. Take it to work, or to a store or some other location and only dispose of one half of that remaining two thirds. Finally, after a wait of as long a period of time as you wish, dispose of the last bit at another remote location. (A friend's house, your parent's place, a bar, etc...) Only the most meticulous of identity thieves will bother tracking your actions in that way. If you have that level of snoop on your tail, I think you've got bigger problems than simple identity theft. You're either delusional, or you have really upset someone VERY HIGH UP.

    So people, put down the crack pipes and get to realizing that there are VERY few people who care about you or your data. Fight the fear. Pound paranoia into the ground. There is little to be afraid of.

  • I should have saved my Atari 400 (Score:3, Funny)

    by zymurgy_cat (627260) on Thursday May 13 2004, @08:16AM (#9138361) Homepage
    Now I know that I should have saved my Atari 400. With that flat quiet keyboard, no one would be able to snoop on my typing. Of course, I'd have carpal tunnel so bad I couldn't pick up a spoon...

  • Nueral Network... (Score:3, Insightful)

    by s88 (255181) on Thursday May 13 2004, @08:24AM (#9138467) Homepage
    Ummm... so the "attacker" has to have access to your machine for a significant amount of time to train it on each key. I'm not too concerned. To have this kind of access they must also have uninterrupted physical access for a long enough to make a hidden software attack.
  • "Apparently with $200 worth of sound equipment and software, these keyboard clicks can be translated to within 80% accuracy. Of course, a whole lot of this is just theory."

    Anybody who saw the episode of the CBS evening buddy-cop-drama "Due South: A Hawk and a Handsaw" [realduesouth.com] knows that you don't need any special equipment. Just get a Canadian Mountie, have him listen to a nurse while she types in her password, and after several tries, the Mountie will be able to reproduce the password based solely on the sound of the clicks... Results are even better if the password is typed in to the tune of "I've been working on the railroad.".

  • In theory... (Score:3, Funny)

    by pbryan (83482) <email@pbryan.net> on Thursday May 13 2004, @08:47AM (#9138712) Homepage
    Of course, a whole lot of this is just theory.

    Of course, in theory:

    - the earth is spherical in shape
    - the earth revolves around the sun
    - we evolved from lower species
    - energy equals mass times the speed of light squared

  • easy fix. (Score:5, Funny)

    by dj245 (732906) on Thursday May 13 2004, @08:50AM (#9138751) Homepage
    what, you guys don't use a binary keyboard? 99 less keys to break.

    • It's only a matter of time before they interpret the crinkling noises made by our protective hats and are able to read our very thoughts!

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.