It is common practice for some security-conscious users to look around and make sure nobody is looking at their fingers when they enter their password into a computer. Things are changing now, with UC Berkeley researchers claiming that a password can be guessed by recording and analysing the clicking sound of keyboard when a sequence of keys are pressed.

The researchers were able to take several 10-minute sound recordings of
users typing at a keyboard, feed the audio into a computer, and use an
algorithm to recover up to 96 percent of the characters entered.

Apparently this technique is successful because each key makes a distinct sound when
hit (does it really? they all sound the same to me,) and users, who typically type about 300 characters a minute, leave
enough time between keystrokes for a computer to isolate the individual
sounds.

So what is the solution? Sweep your office from "password bugs" listening to your key entries? Playing loud music when entereing sensitive information into the computer? Using a mouse to "click-enter" sensitive information - however difficult that might be? The bad news is that "quiet" keyboards are not immune to this and that no special technology was needed - a $10 microphone was sufficient.


What is the good news then? Well, the system is not all that accurate, at least initially, but that is likely to change. The first pass is right about 60 percent of the time for characters and
20 percent of the time for entire words. The transcript is then run
through spelling and grammar checks, which increased character accuracy
to 70 percent and the word accuracy to 50 percent. The results are then fed back through the computer to refine
future results. After three feedback cycles, the accuracy rate rose to
88 percent for words and 96 percent for characters.


Enter a new computer crime - "click-hacking."

[Via News.com]