News
[PSUs]| Tuesday 13th September 2005 |
Scientists at the University of California, Berkeley, have developed a method to detect the text typed on a keyboard with 96 per cent accuracy, just by listening to the sound of keys being hit.
Li Zhuang, Feng Zhou, and J D Tygar have released a paper identifying a method of categorising the different sounds made when the typist hits each key, and then using a variety of factors, such as the probability of clusters of letters appearing together and grammatical constraints, to work out what was typed.
Previous attempts to do this had needed a sample text and audio for the computer to swot up on before it was ready to attempt any new audio feeds. This new method needs no training. The software needs about 10 minutes of audio before it can begin unscrambling the sounds, which takes about
|
|
|
ADVERTISEMENT |
|
And it works even with audible background noise such as fans and mobile phones going off.
The software not only correctly identified 96 per cent of the text typed, but was worryingly accurate with more difficult constructs such as passwords. It took only 20 attempts for the software to guess 90 per cent of five-character passwords accurately. And in 75 attempts it could figure out 80 per cent of 10-character passwords.
Currently the method has only been tried out on English text, but there is no reason why the software couldn't be optimised for other languages.
Indeed the researchers suggest that the technique could be refined to the point where other types of 'emanation' could be recognised 'such as power consumption or electromagnetic radiation'.
'One only need adapt the methods of extracting features and modeling constraints. Our work implies that emanation attacks are far more challenging, serious, and realistic than previously realised. Emanation attacks deserve greater attention in the computer security community,' they write.
Their paper on the experiments is published as a PDF here.
Submit to: Digg | Slashdot | Del.icio.us | Technorati
