The Security Risk of Keyboard Clicks 361
Gudlyf writes "First the blinking LED security issue, now this: listening to tell-tale keyboard clicks to decipher from afar what a person is typing. This isn't limited to just computer keyboards -- ATM's, telephone keypads, security doors, etc. Apparently with $200 worth of sound equipment and software, these keyboard clicks can be translated to within 80% accuracy. Of course, a whole lot of this is just theory."
low~ (Score:5, Informative)
Yeah, I put a surprise in there too
More reason than ever... (Score:4, Informative)
Sneakers (Score:3, Informative)
Re:80% accuracy can be useless... or not (Score:3, Informative)
Actually, it will reduce the key space by much more than that. Assume a 10 char password, with each char picked among 96 (Ascii without ctrl chars).
Without any help, you'd have 96**10 = 66483263599150104576 possibilities to try out.
By having the output from the algorithm, and assuming only two of its guess are false, you'd only have to try 10*9/2*96*96 = 414720 combinations.
Well, of course, you don't know that exactly two characters are wrong. So it may indeed be three, or it may be just one. But, by using a smart algorithm, you'd still have to try out only 414720 passwords on average (first try out exact match, then passwords with 1 wrong char, then with 2, then with 3, etc).
So, it's a much bigger reduction of keyspace than 80%.
Of course, if the program can give you "hints" about which exact character(s) it things might be wrong, the keyspace will be reduced even further.
Re:Great... (Score:5, Informative)
Of course, it took about 5 times longer to get in than with a key or swipe card (since the code was 8 numbers), but there's always a trade-off.
here's a picutre [semcorp.com] of one.
Re:Yeah ... RIGHT (Score:1, Informative)
Blinking lights on a modem can be decoded to yield the byte values sent and received? DUH ... also obvious ... that's why they are labelled "TD" and "RD"! Also easily defeated by simple piece of black tape.
These LEDs are only supposed to signal the fact that a byte is received or send. They should not also give the bit patterns.
Passwords, how cute (Score:3, Informative)
I stopped typing passwords a long time ago, because I use Factotum [dotgeek.org]
Re:Switch Lights (Score:3, Informative)
Just Theory ... ? (Score:2, Informative)
Just because you can't do something doesn't mean someone else can or can't
Re:Great... (Score:3, Informative)