[ISN] Can Spies Decipher Keyboard Clicks?

InfoSec News isn at c4i.org
Thu Sep 15 00:49:01 EDT 2005


Robert McMillan
IDG News Service
September 14, 2005

Researchers at the University of California, Berkeley, have found a
way to turn the clicks and clacks of typing on a computer keyboard
into a startlingly accurate transcript of what exactly is being typed.

In a paper released last week, the researchers explained how they
developed software that could analyze the sound of someone typing on a
keyboard for just ten minutes and then piece together as much as 96
percent of what had been typed.

The technique works because of the simple fact that the sound of
someone striking an "a" key is different from the sound of striking
the "t," according to Doug Tygar, a professor of computer science at
Berkeley. "Think of a conga drum. If you hit a conga drum on different
parts of the skin, it makes a different tone," he said. "That's an
analogy for what's happening here, because there's a plate underneath
the keyboard [that is] being struck in different locations."

The Tones Tell

Once the different tones were identified, Tygar and his team used
techniques from a field of research called statistical learning theory
to map them into similar categories and arrive at some early guesses
at what the text might be. They then applied a number of spelling and
grammar correction tools to this text to refine those guesses. This
process ultimately converts the keyboard sounds into readable text.

Statistical learning, also called machine learning, provides a way for
computers to make sense out of complex pieces of data. It has been a
hot area for computer science research over the last ten years,
forming the basis for products such as spam detectors and speech
recognition systems, Tygar said.

Because the Berkeley researchers' technique is based on the sound of
the key and not the timing of the keystrokes, typing by both touch and
hunt-and-peck typists can be decoded using this technique.

The idea of snooping via keyboards has been around since the beginning
of the Cold War, when Soviet spies bugged IBM Selectric typewriters in
the American embassy in Moscow. Keystroke-logging devices have also
been around for some time. But the Berkeley researchers are breaking
new ground in using these techniques with computer keyboards, said
Bruce Schneier, chief technology officer at Counterpane Internet
Security and the author of Applied Cryptography.

"In security, the devil is in the details, and these guys did the
details," he said.

Too Simple to be Safe

Some details remain unsolved, however. The researchers did not use
certain commonly used keys such as "shift" and "backspace" in their
study, and they only looked at text that was typed in English. Still,
neither Schneier nor Tygar believe that these details will prevent the
techniques from ultimately working in uncontrolled environments.

In fact, Schneier believes it is only a matter of time before
criminals begin using similar techniques. "Somebody else will use it,"  
he said. "And if you believe the [National Security Agency] hasn't
done this already, you're naive."

Tygar agrees that the techniques described in his paper are relatively
easy; his team used open-source spell-checkers and a $10 PC
microphone, for example. And for that reason, the Berkeley team has
decided not to release the source code used in the study.

"I don't think it's very hard for people to put this together, but I
don't want to make it easy for people, either," Tygar says.

Rock on for Security

So, what should computer users make of this new security threat?

Tygar says that one lesson to be drawn is that even randomly generated
passwords are not secure. His researchers were able to guess 90
percent of all randomly generated five-character passwords within 20
tries using these techniques, he said. "We probably don't want to be
relying on passwords as we do," he said.

There is, however, one easy step that users can do take to mitigate
this type of attack: Turn up the background noise.

"In more noisy environments with different kinds of sounds, like music
and human voices, all mixed up together, it could be pretty difficult
to separate the keyboard sounds from other sounds," said Li Zhuang,
one of the Berkeley computer science students who coauthored the

So people looking to rock out at work now have an excuse, Zhuang said.  
"I think playing music will make this attack much, much harder to do,"  
she said. "Now you have a good reason to do this."

The team has posted a "preprint" abstract of its paper, which will be
presented in November at the Association for Computing Machinery
Conference on Computer and Communications Security, in Alexandria,

More information about the ISN mailing list