Suramya's Blog : Welcome to my crazy life…

According to Bruce Schneier’s blog a group of researcher’s from Berkeley have developed a process that lets them identify the keys being typed by analyzing an audio recording of someone typing at the computer for about 15 mins.

There was some research done on this earlier but their method required specific training tapes where the system knew what keys were pressed and when to configure the listener before it was able to accurately deciper the input. In this case the training tape is an actual recording of a target.

This brings an interesting possibility for hackers/crackers to steal passwords/information by setting up hidden mic’s etc.

Saw a technique somewhat like this being used in a TV show called ‘MI-6″ (Or was it MI-5? It was 3 am… ) In it one of the spies gives a special cufflink to the target and gets him to type her resume out. As the spies knew what was on the resume they were able to get a readout of each key (They didn’t explain what readout’s they were taking in too much detail) and once they got that they were able to see what ever the target typed on the computer in realtime as long as he was wearing his cufflink. Neat eh?

But before you start panicking, remember the bad guy’s still have to either get physical access to your system and/or the area around your system in order to bug it and you know the law: “Physical access is root access”.

So to lower the risk of this attack all you have to do is follow the same basic rules you have been following about not granting unknown people access to your workplace and keep an eye out for people carying video camera’s and mic’s.

To make the risk go away completely play loud music to drown out the typing sound when working on sensitive data.

Original Source:
Schneier on Security: Snooping on Text by Listening to the Keyboard

Link to the Paper: Snooping on Text by Listening to the Keyboard (PDF File)

– Suramya