Keyboard Sound Aids Password Cracking 389
stinerman writes "Three students at UC-Berkley used a 10 minute recording of a keyboard to recover 96% of the characters typed during the session. The article details that their methods did not require a 'training text' in order to calibrate the conversion algorithm as has been used previously. The research paper [PDF] notes that '90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.'"
Redbox for keyboards now? (Score:5, Interesting)
Use ASCII numerics, or pound the keyboard at login (Score:5, Interesting)
Or, don't worry. I mean, realistically, what are the odds of this crack actually happening in the non-ultra-spooky world? And once you're in that playground, it's biometrics, smartcards, etc., anyway, right?
Re:applicability? (Score:3, Interesting)
a) get a standalone mic; and
b) stop coding while he's talking to me...
Re:Keyboard specific? (Score:3, Interesting)
Re:Hunt and peck for safety? (Score:2, Interesting)
Re:75 attempts? (Score:1, Interesting)
Re:applicability? (Score:3, Interesting)
Now, using the mic in a laptop to sniff sounds made by *other* computers would be pretty slick.
Re:applicability? (Score:2, Interesting)
Now if you want something that actually WORKS, try a laser microphone or an array of mic's in tubes of varied lengths with each tube resonating at a likely component of the targeted frequency range. (Still not directional, but has a lot of gain.)
Been there, done that (Score:5, Interesting)
It wasn't anything fancy, just familiarity with the sound that keyboard made and the usual pauses as fingers move to various keys.
I also used to be able to tell you what number was dialed from the touchtones.
P.S. a college friend said that he would occasionally talk to others in morse code after a long duty shift when he was in the military. Forget the nonsense in the introductory material - anyone who really knows morse code and knows it fast hears it as words. It's not hard to take the final step and speak it like you hear it.
Re:Keyboard specific? (Score:3, Interesting)
For people like me who never learned to type the "correct way" and use a mish-mash of styles and methods, or someone with fat fingers who makes a lot of mistakes, or the typing dyslexic, the system might be flawed. Also I'd imagine a twisted Keyboard would sound very different from a rectangular straight keyboard.
Its not a catch-all system but it would probably work on most people...
Having a recording of short known sequence could probably narrow the error margin a lot though....
Re:Redbox for keyboards now? (Score:5, Interesting)
So, theoretically, yes; malware could listen to microphone input of you typing and work it backwards into key logging. If spyware's already on your system though, it'd be easier just to log the keys in the system. But you could figure out what someone else is typing just by recording it.
-Jesse
I think so (Score:5, Interesting)
This technique must be usable on most keyboards, because judging from this [textfiles.com] the FBI sometimes uses (or has used in the past) this technique. From the page:
Oh and by the way, that page was written in 1998, so these UC-Berkley students (and the /. editors) are about 7 years slow.
Windows On Screen Keyboard (Score:5, Interesting)
Re:Redbox for keyboards now? (Score:5, Interesting)
Don't panic (Score:5, Interesting)
While it is an interesting topic, controlled conditions are required for this to work correctly.
They use a deterministic method to find the next probable character for a given sequence. Deterministic in that if I type 't' and then type 'h' and there are only so many combinations available after that (this is the Markov chain part). Er basically a sort of decision coverage. That is used with the spell check dictionaries they mention for English text recognition. It is interesting too that they are using a neural network (though appropriate) to recognize the patterns. But because they did not make their own, the details are a bit brief.
The problem I see is that the password detection is not flushed out enough and based upon what they state, it is not as powerful as it sounds. The deterministic method won't work for all passwords (as they typically are not English). Their "analysis" is basically a speed up on a dictionary hack (it helps to know the size of the password from the keystrokes), eliminating possibilities by way of possible patterns. But what about special characters, does a shift+key sound that different? Mixed cases, etc? And the deterministic approach does not work if the password is random AND the network has to be trained for THAT persons typing style and keyboard. Is that likely?
I would be more worried about Van Eck Phreaking [wikipedia.org].
Re:Redbox for keyboards now? (Score:3, Interesting)
However, this is a little harder, I have to hit each and every key so that it makes exactly the same sound. This is extremely difficult because even if I use exactly the same pressure and exactly the same stroke on every key, then the spring might be different, or the switch might be slightly different on a few keys and still give hints.
I think that the best defense is to learn to type at about 1200 words per minutes (100 characters per second) so that the sound is just one constant stream and they would be incapable of breaking it down. Like the German "zip gun" from WWII, the MG-42 which fired around 1200-1300 rounds per minute and sounded like a zipper to the Allied soldiers. The constant short zip sounds also made it difficult to locate the gun when in cover.
Re:Keyboard specific? (Score:3, Interesting)
The algorithm in the description doesn't have/need a baseline recording of any particular keyboard, it learns as it goes along, using pattern, and dictionary-style decoding. It just listens for all sorts of different sounding keystrokes, then starts to assume things as it goes along. If you type the same three different sounding characters in a row a whole bunch of times, it's probably the word "the" rather than "zoe". It can use common words and lengths of words to figure it out, even if you're typing on a homemade, metal keyboard that sounds 100% unique from any other board.
-Jesse
Re:75 attempts? (Score:5, Interesting)
Re:I think so (Score:3, Interesting)
do you think they would divulge their secrets if no one else knew? by 1998, just about every "security" and "intelligence" agency had already surpassed it.
Re:Redbox for keyboards now? (Score:3, Interesting)
A virus infects one computer in an office installs spyware, listens to typing in the office, generate a dictionary of likely passwords and then attempts to attack nearby computers (just scan the subnet/workgroup) by using overheard passwords.