|
|
|
Whispering keyboards' could be next attack trend
By Niall McKay, Contributing Writer
11 May 2004 | SearchSecurity.com
OAKLAND -- Listen to this: Eavesdroppers can decipher what is typed by simply listening to the sound of a keystroke, according to a scientist at this week's IEEE Symposium of Security and Privacy in Oakland, Calif.
Each key on computer keyboards, telephones and even ATM machines makes a unique sound as each key is depressed and released, according to a paper entitled "Keyboard Acoustic Emanations" presented Monday by IBM research scientist Dmitri Asonov.
All that is needed is about $200 worth of microphones and sound processing and PC neural networking software.
Today's keyboard, telephone keypads, ATM machines and even door locks have a rubber membrane underneath the keys.
"This membrane acts like a drum, and each key hits the drum in a different location and produces a unique frequency or sound that the neural networking software can decipher," said Asonov.
Asonov found that by recording the same sound of a keystroke about 30 times and feeding it into a PC running standard neural networking software, he could decipher the keys with an 80% accuracy rate. He was also able to train the software on one keyboard to decipher the keystrokes on any other keyboard of the same make and model.
Good sound quality is not required to recognize the acoustic signature or frequency of the key. In fact, Asonov was able to extract the audio captured by a cellular phone and still decipher the signal.
"But don't panic," Asonov cautioned. "There are some easy ways to fix the problem." First, close the door in the room where you're working. Second, buy a rubber keyboard coffee guard that will dampen the sound enough to make eavesdropping difficult.
However, Asonov said that he believed it was possible to use acoustical analysis algorithms to decipher key sounds based simply on gathering the data from just a couple of keys and extrapolating what other keys should sound like.
Asonov warned that his work was almost entirely based on the evidence from his experiments and that he has little or no theoretical information to back up his theories. For example, he discovered that it was the membrane that was providing the unique signature simply by cutting a keyboard in two and finding that the neural networking software no longer worked. |
|
Security Products:
HIPAA
Step by Step Training
April
20th and 22nd classes are closed out Additional class May
20th
PestPatrol
is a powerful security and personal privacy tool that
detects and eliminates destructive pests like trojans, spyware,
adware and hacker tools. It complements your anti-virus and
firewall software, extending your protection against
non-viral malicious software that can evade your existing
security and invade your personal privacy. These pests often
lurk silently on your computer until something – or
someone – sets them off. When that happens, you could lose
passwords, personal data, credit card numbers, and - if you
telecommute and connect to your office via a VPN - open up a
back door for the hacker into your entire company network. Click
here for Pest Patrol
Intrusion
Detection Systems
Vulnerability
Scanners
Firewalls
 | Netscreen |
| Checkpoint |
Management
Virus
Control
| Mail Marshall |
Services
| Security audit |
| Perimeter Vulnerability Scan |
| Router/ switch optimization for
security |
| Firewall checking and configuration |
| VPN Design and Implementation |
| Network design |
| network based application analysis |
| Network Baselining |
| Security baselining |
|
|
  
This mailing has been performed by Aavex Technology
Corporation
42w588 Still Meadows Lane, Elburn IL 60119 USA, 630-365-0025 in compliance
with the "CAN-SPAM Act of 2003", approved and signed by
the president of The United States of America on Dec. 16, 2003. For this
reason, this email cannot be considered SPAM This newsletter contains
commercial advertisement.
|
|
