Monday, September 19, 2005

Sounds of Typing Give Messages Away

Sounds of Typing Give Messages Away

Doug Tygar of the University of California, Berkeley and his colleagues used a standard microphone to record 10 minutes of noise generated by computer typists. Because the sound generated by each keystroke is slightly different, the researchers were able to generate a computer program to decode what was written. "Using statistical learning theory, the computer can categorize the sound of each key as it's struck and develop a good first guess with an accuracy of 60 percent for characters, and 20 percent for words," explains team member Li Zuang also of U.C. Berkeley. "We then use spelling and grammar check to refine the result, which increased the accuracy to 70 percent and the word accuracy to 50 percent."

By putting the playback on a loop, they further increased the accuracy to 96 percent for characters and 80 percent for words.

"It's a form of acoustical spying that should raise red flags among computer security and privacy experts," Tygar says. "If we were able to figure this out, it's likely that people with less honorable intentions can, or have, as well."

I would think that the best way to protect your passwords against this would be to use non-word passwords that do not fit into the statistical profile of charcters in the English language. However, if you type a lot of typical stuff for long enough before your password, it probably would be able to make a pretty good guess at your password.

No comments: