Hacker News new | ask | show | jobs
by lstamour 4801 days ago
Very pleased to see such a detailed post. I'm also perturbed by how quickly I went from "Sweet, I can't wait to get glass and compile my own stuff," to "Wait, right, security holes in a 24/7 camera. Umm..." I mean, there have been studies that show you can identify passwords from audio recordings of known keyboard keys clicking. Then again, we did already have such as cellphones. (For quite some time I preferred iOS /because/ it was so hard to jailbreak...)
2 comments
kanzure 4801 days ago
> from audio recordings of known keyboard keys clicking

Neat.

http://dl.acm.org/citation.cfm?id=1102169

"We present a novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard, and then recovering up to 96% of typed characters. There is no need for a labeled training recording. Moreover the recognizer bootstrapped this way can even recognize random text such as passwords."

I think this also works on dvorak, but it might be stumped by plover + custom dictionaries. Especially for short typing sessions. Although short sessions might be mitigated by recording from multiple locations... hm.

link
lstamour 4800 days ago
Thanks for sourcing my statement. I was worried for a minute that I'd misremembered it. (I'm also glad that's a word!)
link
kanzure 4798 days ago
Also, this is worth mentioning as a related attack:

http://static.usenix.org/events/sec06/tech/shah/shah_html/jb...

"In particular, we show a practical Keyboard JitterBug that solves the data exfiltration problem for keystroke loggers by leaking captured passwords through small variations in the precise times at which keyboard events are delivered to the host. Whenever an interactive communication application (such as SSH, Telnet, instant messaging, etc) is running, a receiver monitoring the host's network traffic can recover the leaked data, even when the session or link is encrypted."

link
joshschreuder 4801 days ago
Not sure if you meant 'was' so hard to jailbreak there. I'm pretty sure jailbreaking the iPhone is the hardest it's ever been.
link
lstamour 4800 days ago
I meant 'was' because I'm currently testing a Nokia 920 and a Nexus 4. And yes, I'm planning on switching back to iOS as soon as it gets NFC or curved front-glass for easier swiping, as both phones have those two features and feel quite modern as a result. A new dashboard for icons wouldn't go amiss either. But I do miss my always-on encryption in sleep and lack of jailbreak, indeed...
link