Keyboard Acoustic Emanations Revisited, CCS, 05
The authors apply algorithms from machine learning and speech recognition to recognize typed password from sounds of key presses on keyboards. Being bootstrapped with 10-minutes of unlabeled data, the algorithms correctly recognized 90% of 5-character random passwords in fewer than 20 attempts and 80% of 10-character passwords in fewer than 75 attempts. The algorithms did not need labeled training data, but accuracy degraded in the presence of noise. The authors found, cepstrum features performed better than FFT ones and as the classifier, linear classifier was better than Gaussian mixtures and neural network did worst.
20 and 75 attempts are not feasible online, but this can be a formidable offline attack. The authors do not specify the noise level of their "noisy environment" experiments. Although they tried with three different keyboards, it is not clear if they experimented with multiple users. Their algorithms needed some human fiddling to correct keystroke recognition, which in turn was found to affect recognition rates.
Citation (ACM Ref): Li Zhuang, Feng Zhou, and J. D. Tygar. 2009. Keyboard acoustic emanations revisited. ACM Trans. Inf. Syst. Secur. 13, 1, Article 3 (November 2009), 26 pages. DOI=10.1145/1609956.1609959 http://doi.acm.org/10.1145/1609956.1609959
20 and 75 attempts are not feasible online, but this can be a formidable offline attack. The authors do not specify the noise level of their "noisy environment" experiments. Although they tried with three different keyboards, it is not clear if they experimented with multiple users. Their algorithms needed some human fiddling to correct keystroke recognition, which in turn was found to affect recognition rates.
Citation (ACM Ref): Li Zhuang, Feng Zhou, and J. D. Tygar. 2009. Keyboard acoustic emanations revisited. ACM Trans. Inf. Syst. Secur. 13, 1, Article 3 (November 2009), 26 pages. DOI=10.1145/1609956.1609959 http://doi.acm.org/10.1145/1609956.1609959
ClearShot: Eavesdropping on Keyboard Input from Video, SSP, 08
The authors apply algorithms from computer vision and spell correction to extract the typed data from video of typing in a semi-automated unsupervised fashion. They use inexpensive webcams for recording. The algorithms suggest a short list of likely words for each actually typed word.
It takes almost as long as humans and its extensive use of dictionary words for spell correction casts doubt on its applicability in stealing of passwords.
Citation(ACM Ref): Davide Balzarotti, Marco Cova, and Giovanni Vigna. 2008. ClearShot: Eavesdropping on Keyboard Input from Video. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP '08). IEEE Computer Society, Washington, DC, USA, 170-183. DOI=10.1109/SP.2008.28 http://dx.doi.org/10.1109/SP.2008.28
It takes almost as long as humans and its extensive use of dictionary words for spell correction casts doubt on its applicability in stealing of passwords.
Citation(ACM Ref): Davide Balzarotti, Marco Cova, and Giovanni Vigna. 2008. ClearShot: Eavesdropping on Keyboard Input from Video. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP '08). IEEE Computer Society, Washington, DC, USA, 170-183. DOI=10.1109/SP.2008.28 http://dx.doi.org/10.1109/SP.2008.28