Sunday, October 16, 2011

Acoustic Cryptanalysis - Keylogging through keystroke sounds

When it comes to keystroke logging (keylogging), a lot of people think of software and hardware that secretly records all of this input.  But what about recording and interpreting the sound of the keystrokes themselves?  It's called acoustic cryptanalysis and with the right equipment, one can literally record and interpret audible keystrokes - particularly with computer keyboards.

The Silent Keyboard EX
One obvious reason for each key having a unique sound is their location on the keyboard and most computer keyboards are relatively universal (especially with their letters and numbers).  Of course, an attacker would still have to know the keyboard's region settings and the language being typed.  Basically, the decryption process requires a fine tuned algorithm that can intelligently differentiate & identify keys in the sound of typing.  A study by the University of California, Berkeley even confirmed this security threat with 96% accuracy on the recovered keystrokes.

Acustic Cryptanalysis can also decipher other machine noises


So how could someone prevent this kind of attack?  There are many simple methods of covering up or preventing the sound monitoring in the first place.  One humorous but effective method is to have prerecorded audio of scrambled keystrokes from the same keyboard play while you type (as long as the speaker quality isn't terrible).  Another is to blast loud white noise or music that distorts the same frequencies of sound produced by the keys. Then there are the opposite methods of typing information with no discernible keystroke sound, such as typing on a touch-pad or writing on a piece of paper.  If anything, it's good to at-least be aware of this potential surveillance - especially with an increasingly number of electronics such as laptops including built-in microphones near the keyboard.  It's also wise to first consider how much of a target you really are to this threat before worrying about it.

No comments:

Post a Comment