• United States



by Paul Kerstein

Researchers Turn Keyboard Clicks into Text

Sep 14, 20054 mins
CSO and CISOData and Information Security

Researchers at the University of California, Berkeley, have found a wayto turn the clicks and clacks of typing on a computer keyboard into astartlingly accurate transcript of what exactly is being typed.

In a paper released last week, the researchers explained how theydeveloped software that could analyze the sound of someone typing on akeyboard for just 10 minutes and then piece together as much as 96percent of what had been typed.

The technique works because of the simple fact that the sound ofsomeone striking an “a” key is different from the sound of striking the”t,” according to Doug Tygar, a professor of computer science atBerkeley. “Think of a Congo drum. If you hit a Congo drum on differentparts of the skin, it makes a different tone,” he said. “That’s ananalogy for what’s happening here, because there’s a plate underneaththe keyboard [that is] being struck in different locations.”

Once the different tones had been identified, Tygar and his team usedtechniques from a field of research called statistical learning theoryto map them into similar categories and arrive at some early guesses atwhat the text might be. They then applied a number of spelling andgrammar correction tools to this text to refine those guesses. Thisprocess ultimately converts the keyboard sounds into readable text.

Statistical learning, also called machine learning, provides a way forcomputers to make sense out of complex pieces of data. It has been ahot area for computer science research over the last 10 years, formingthe basis for products such as spam detectors and speech recognitionsystems, Tygar said.

Because the Berkeley researcher’s technique is based on the sound ofthe key and not the timing of the keystrokes, both touch andhunt-and-peck typists can have their keystrokes decoded using thistechnique, he said.

The idea of snooping in on keyboards has been around since thebeginning of the Cold War, when Soviet spies bugged IBM Selectrictypewriters in the American embassy in Moscow, but the Berkeleyresearchers are breaking new ground in using these techniques withcomputer keyboards, said Bruce Schneier, chief technology officer atCounterpane Internet Security Inc. and the author of AppliedCryptography.

“In security, the devil is in the details, and these guys did the details,” he said.

Some details remain unsolved, however. The researchers did not usecertain commonly used keys such as “shift” and “backspace” in theirstudy, and they only looked at text that was typed in English. Still,neither Schneier nor Tygar believe that these details will prevent thetechniques from ultimately working in uncontrolled environments.

In fact, Schneier believes it is only a matter of time before criminalsbegin using similar techniques. “Somebody else will use it,” he said.”And if you believe the NSA (National Security Agency) hasn’t done thisalready, you’re naive.”

Tygar agrees that the techniques described in his paper are relativelyeasy to use (his team used open source spell checkers and a US$10 PCmicrophone, for example). And for that reason, the Berkeley team hasdecided not to release the source code they used in their study. “Idon’t think it’s very hard for people to put this together, but I don’twant to make it easy for people, either.”

So what should computer users make of this new security threat?

Tygar says that one lesson to be drawn is that even randomly generatedpasswords are not secure. His researchers were able to guess 90 percentof all randomly generated five-character passwords within 20 triesusing these techniques, he said. “We probably don’t want to be relyingon passwords as we do,” he said.

There is, however, one easy step that users can do take to mitigate this type of attack: Turn up the background noise.

“In more noisy environments with different kinds of sounds, like musicand human voices, all mixed up together, it could be pretty difficultto separate the keyboard sounds from other sounds,” said Li Zhuang, oneof the Berkeley computer science students who co-authored the paper.

So people looking to rock out at work now have an excuse, Zhuang said.”I think playing music will make this attack much, much harder to do,”she said. “Now you have a good reason to do this.”

A “preprint” edition of the Berkeley paper, which will be presented inNovember at the Association for Computing Machinery Conference onComputer and Communications Security, in Alexandria, Virginia, can befound here:

By Robert McMillan – IDG News Service (San Francisco Bureau)