Keystrokes Reveal Passwords to Researchers

If spyware and key-logging software weren't a big enough threat to privacy, researchers have figured out a way to eavesdrop on your computer simply by listening to the clicks and clacks of the keyboard.

Those seemingly random noises, when processed by a computer, were translated with up to 96 percent accuracy, according to researchers at the University of California, Berkeley.

"It's a form of acoustical spying that should raise red flags among computer security and privacy experts," said Doug Tygar, a Berkeley computer science professor and the study's principal investigator.

Researchers used several 10-minute audio recordings of people typing away at their keyboards. They fed the recordings into a computer that used an algorithm to detect subtle differences in the sound as each letter is struck.

On the first run, the computer had an accuracy of about 60 percent for characters and 20 percent for words, said Li Zhuang, a Berkeley graduate student and lead author of the study. After spelling and grammar checks were deployed, the accuracy for individual letters jumped to 70 percent and words to 50 percent.

The software learned to improve as researchers repeatedly fed back the same recordings, using results of spelling and grammar checks as a gauge on correctness. In the end, it could accurately detect 96 percent of characters and 88 percent of words.

"If we were able to figure this out, it's likely that people with less honorable intentions can -- and have -- as well," Tygar said.

Researchers said there is some limitation to their technique. For one, their work did not take into account the use of a computer mouse or the "shift," "control," "backspace" or "caps lock" keys. They did, however, describe approaches for taking those into account.

The use of a computer mouse is another challenge, the researchers said.

The Berkeley research builds on the findings of an International Business Machines Corp. study in which 80 percent of text was recovered from the sound of keyboard clicks.

The IBM team, however, relied on controlled conditions such as using the same keyboard and training the software with known text and corresponding sound samples.

Bruce Schneier, chief technology officer of Counterpane Internet Security Inc., called the study "a great piece of research." He said audio eavesdropping is just one of many possible techniques to spy on PC users.

"If the bad guys can get access to your physical space, they can eavesdrop on your stuff," he said. "They can install a camera or a keyboard logger on the wire. They can install a microphone."

The Berkeley researchers built their system using off-the-shelf equipment.

"We didn't need high-quality audio to accomplish this," said Feng Zhou, another Berkley graduate student and study author. "We just used a $10 microphone that can be easily purchased in almost any computer supply store."

The Berkeley researchers, part of the Team for Research in Ubiquitous Secure Technology, will present their results Nov. 10 at a computer and communications security conference in Alexandria, Va.

Copyright 2005 The Associated Press.

NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at

formatting link
. Hundreds of new articles daily.

To listen to AP News Radio and/or read Associated Press stories, go to

formatting link

Reply to
Associated Press News Wire
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.