Turn Off Ads?
Results 1 to 6 of 6

Thread: Be careful typing next to a speaker phone

  1. #1
    Be the ball Roy Tucker's Avatar
    Join Date
    May 2001
    Mason, OH

    Be careful typing next to a speaker phone

    Sometimes when I'm on a con-call, I'll be on a IM session with some participants. We'll make pithy comments about the call and about how boring it is. We better be careful.


    Consortium »Acoustic Snooping on Typed Information
    Friday September 9, 2005 by Edward W. Felten

    Li Zhuang, Feng Zhou, and Doug Tygar have an interesting new paper showing that if you have an audio recording of somebody typing on an ordinary computer keyboard for fifteen minutes or so, you can figure out everything they typed. The idea is that different keys tend to make slightly different sounds, and although you don’t know in advance which keys make which sounds, you can use machine learning to figure that out, assuming that the person is mostly typing English text. (Presumably it would work for other languages too.)

    Asonov and Agrawal had a similar result previously, but they had to assume (unrealistically) that you started out with a recording of the person typing a known training text on the target keyboard. The new method eliminates that requirement, and so appears to be viable in practice.

    The algorithm works in three basic stages. First, it isolates the sound of each individual keystroke. Second, it takes all of the recorded keystrokes and puts them into about fifty categories, where the keystrokes within each category sound very similar. Third, it uses fancy machine learning methods to recover the sequence of characters typed, under the assumption that the sequence has the statistical characteristics of English text.

    The third stage is the hardest one. You start out with the keystrokes put into categories, so that the sequence of keystrokes has been reduced a sequence of category-identifiers — something like this:

    35, 12, 8, 14, 17, 35, 6, 44, …

    (This means that the first keystroke is in category 35, the second is in category 12, and so on. Remember that keystrokes in the same category sound alike.) At this point you assume that each key on the keyboard usually (but not always) generates a particular category, but you don’t know which key generates which category. Sometimes two keys will tend to generate the same category, so that you can’t tell them apart except by context. And some keystrokes generate a category that doesn’t seem to match the character in the original text, because the key happened to sound different that time, or because the categorization algorithm isn’t perfect, or because the typist made a mistake and typed a garbbge charaacter.

    The only advantage you have is that English text has persistent regularities. For example, the two-letter sequence “th” is much more common that “rq”, and the word “the” is much more common than “xprld”. This turns out to be enough for modern machine learning methods to do the job, despite the difficulties I described in the previous paragraph. The recovered text gets about 95% of the characters right, and about 90% of the words. It’s quite readable.

    [Exercise for geeky readers: Assume that there is a one-to-one mapping between characters and categories, and that each character in the (unknown) input text is translated infallibly into the corresponding category. Assume also that the input is typical English text. Given the output category-sequence, how would you recover the input text? About how long would the input have to be to make this feasible?]

    If the user typed a password, that can be recovered too. Although passwords don’t have the same statistical properties as ordinary text (unless they’re chosen badly), this doesn’t pose a problem as long as the password-typing is accompanied by enough English-typing. The algorithm doesn’t always recover the exact password, but it can come up with a short list of possible passwords, and the real password is almost always on this list.

    This is yet another reminder of how much computer security depends on controlling physical access to the computer. We’ve always known that anybody who can open up a computer and work on it with tools can control what it does. Results like this new one show that getting close to a machine with sensors (such as microphones, cameras, power monitors) may compromise the machine’s secrecy.

    There are even some preliminary results showing that computers make slightly different noises depending on what computations they are doing, and that it might be possible to recover encryption keys if you have an audio recording of the computer doing decryption operations.

    I think I’ll go shut my office door now.

    * This entry was posted on Friday September 9, 2005 at 11:11 am and is filed under Security, Recommended Reading. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    Teach tolerance.

  2. Turn Off Ads?
  3. #2
    Churlish Johnny Footstool's Avatar
    Join Date
    Sep 2001
    Olathe, KS

    Re: Be careful typing next to a speaker phone

    I'll reply to this message in semiphore and smoke signals.
    "I prefer books and movies where the conflict isn't of the extreme cannibal apocalypse variety I guess." Redsfaithful

  4. #3
    The Lineups stink. KronoRed's Avatar
    Join Date
    Jun 2003
    West N. Carolina

    Re: Be careful typing next to a speaker phone

    I shall now use that onscreen keyboard and use the mouse to type
    Go Gators!

  5. #4
    RZ Chamber of Commerce Unassisted's Avatar
    Join Date
    Jul 2003
    San Antonio

    Re: Be careful typing next to a speaker phone

    We should start typing all passwords and secret documents with our elbows. That'll fool those eavesdroppers.

  6. #5
    Please come again pedro's Avatar
    Join Date
    Mar 2002
    portland, oregon

    Re: Be careful typing next to a speaker phone

    This reminds me of the Soviet listening devices that would measure the vibrations of windows or in one case of a steel bar in a wooden eagle in the american embassy to determine what people were saying.
    Get your nunchucks and the keys to your dad's car. I know where we can get a gun

  7. #6
    Member ochre's Avatar
    Join Date
    May 2002

    Re: Be careful typing next to a speaker phone

    The electro-magnetic radiation put off by a computer monitor can be picked up and reassembled some distance away as well.

Turn Off Ads?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Board Moderators may, at their discretion and judgment, delete and/or edit any messages that violate any of the following guidelines: 1. Explicit references to alleged illegal or unlawful acts. 2. Graphic sexual descriptions. 3. Racial or ethnic slurs. 4. Use of edgy language (including masked profanity). 5. Direct personal attacks, flames, fights, trolling, baiting, name-calling, general nuisance, excessive player criticism or anything along those lines. 6. Posting spam. 7. Each person may have only one user account. It is fine to be critical here - that's what this board is for. But let's not beat a subject or a player to death, please.

Thank you, and most importantly, enjoy yourselves!

RedsZone.com is a privately owned website and is not affiliated with the Cincinnati Reds or Major League Baseball

Contact us: Boss | GIK | cumberlandreds | dabvu2498 | Gallen5862 | Plus Plus | RedlegJake | RedsfaninMT | redsfan1995 | The Operator | Tommyjohn25