Careful or they'll hear your password

[poppy4]

Careful or they'll hear your password

[fink]

Call me highly skeptical on this one. I have no doubt that each key on a keyboard would have a slightly different sound from the others but I don't believe that a software program could listen to a previously untested keyboard and successfully determine which key was pressed.

Way too many variables. Brands, models, persons typing habits, environment (desktop surface, background noise).

I'm sure their test keyboard(s) work well with the software but I do not believe it would work in a blind test with other random keyboards, at least not without many days of testing and confirming the results.

[liam858]

I agree, there are way too many keyboard around, and the speed at which some people type could even be a negative factor.

You could always use a VKB/XP On-Screen Keyboard if you were worried.

VKB:



Which are pretty cool devices.

Liam

[poppy4]

I sure hope you guys are right, but I have to believe that 'evil' folks would take the time needed to perfect this, if they thought they could 'profit' from it's usage.

Of course a user could build a 'sound-proof' room to compute in....

I guess there is no telling where 'technology' is going to take us?....and from my view it is all rather mind boggling.

[liam858]

Sound proofing wouldn't be a bad idea, and it could be done cheaply:



Put them allover the walls and there you go.

I guess there is no telling where 'technology' is going to take us?....and from my view it is all rather mind boggling.

True, but i think these 'evil' people find out quicker than most of us just to make sure they can mess it up for us when we do get the more advanced equipment/software.


Liam

[lgbpop]

I sure hope you guys are right, but I have to believe that 'evil' folks would take the time needed to perfect this, if they thought they could 'profit' from it's usage.

...or if it was feasible. Since it hasn't been seen yet, I doubt it's doable.

Secondly, consider the source--known to be a hotbed of pranksters, hoaxers, and practical jokers. When I was in college I was so jealous......

Thirdly, consider the source of the source--The Old Gray Lady of Beacon Street (or the Glob, to western Mass. people like me) hasn't gotten anything right in ages. They had cold fusion on the front page for months, way back when--even after it had been proven a hoax. If they're reporting it, don't worry about it.

[poppy4]

Thirdly, consider the source of the source--The Old Gray Lady of Beacon Street (or the Glob, to western Mass. people like me) hasn't gotten anything right in ages.

oh, allright!....as Jim Rome would say, "there goes those 'chowds' again!

[Tuttle]

Call me highly skeptical on this one. I have no doubt that each key on a keyboard would have a slightly different sound from the others but I don't believe that a software program could listen to a previously untested keyboard and successfully determine which key was pressed.

Way too many variables. Brands, models, persons typing habits, environment (desktop surface, background noise).

I'm sure their test keyboard(s) work well with the software but I do not believe it would work in a blind test with other random keyboards, at least not without many days of testing and confirming the results.

I think the theory is sound. From a cryptographic point of view, it's no different to trying to decipher this sort of code:

Code:

plaintext   A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
ciphertext  Q W E R T Y U I O P L K J H G F D S A Z X C V B N M

With enough raw data, you can do statistical analysis on the encoded text (knowing things like E is the most common letter in English) and break the code.

What these researchers are doing is exactly that, but with the plaintext encoded into sounds rather than other letters. With enough raw data that matches your assumptions (ie English text), the statistical analysis just works. The tough bit, and the reason they're not getting perfect results, is that the sounds aren't as easy to distinguish as letters on a page. That part can only improve as you throw more money at the equipment and time at the algorithm. They're never going to get a pre-built decoder that can instantly get keystrokes from sounds on a random keyboard because there's too much variation from those things you mentioned. Let it listen to you type for long enough though, and it can do the analysis to "learn" your keyboard, then go back and decode everything you were typing since it started listening.

[greengoose1]

And at this current moment their are other proven ways to compromise your computer more easily. Alot of time would be required to perfect this I believe. And more steps to gain a desired result.

[fink]

knowing things like E is the most common letter in English

That's true but that doesn't mean the E key would be the most used in this case. I expect the space bar would be or if someone is a bad typist perhaps the backspace key. It's just adding more variables that would make this task very difficult.

And what if there were more than one typist using the keyboard? If the "listeners" didn't know that then it could render all of the data moot because I'd assume that different people typing on the same keyboard would cause it to sound different.

I do agree that with enough time and it could eventually be decoded but you'd need the patience of a saint to wait that long and if the target was so important to devote that much of an effort to the project I expect that available time would be at a minimum as well... a bit of a paradox I think.

[nlday]

and then there's the problem of the silent/'quiet' keyboard....
that dell has.....it is super quiet.only the space bar makes a noise.
what will 'they' do with that.